Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pum.dns with possible rootkit


  • This topic is locked This topic is locked
38 replies to this topic

#1 stormraider

stormraider

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 06 March 2016 - 08:36 AM

ran rogue killer and its states i have the pum.dns and then it showed green list items under root tab. please advise. 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:21 AM

Posted 06 March 2016 - 10:08 AM

Greetings stormraider and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Is there a reason why you ran RogueKiller?

Please do this.

Please post the RogueKiller log

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 stormraider

stormraider
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 06 March 2016 - 12:23 PM

Rogue Killer Log
 RogueKiller V10.3.0.0 [Feb 16 2015] by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Stormraider[Administrator]
Mode : Scan -- Date : 03/06/2016  12:18:24
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 75.114.81.1 75.114.81.2  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 75.114.81.1 75.114.81.2  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 75.114.81.1 75.114.81.2  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{410BB5E1-D683-4D6E-A41B-B6ED56B1EEA1} | DhcpNameServer : 75.114.81.1 75.114.81.2  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{410BB5E1-D683-4D6E-A41B-B6ED56B1EEA1} | DhcpNameServer : 75.114.81.1 75.114.81.2  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{410BB5E1-D683-4D6E-A41B-B6ED56B1EEA1} | DhcpNameServer : 75.114.81.1 75.114.81.2  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST980813AS ATA Device +++++
--- User ---
[MBR] fcc4e6ab42deb966f7c64d3088f27dc4
[BSP] cf42810ed9eb59b389d280cc8e4491c9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Huawei Mass storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: LEXAR JD FIREFLY USB Device +++++
--- User ---
[MBR] dfa8df005e67af48b24751c59eeb9618
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 3823 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: SMI USB DISK USB Device +++++
--- User ---
[MBR] 56f21c1b054d16c24c1dd7a337de6e7f
[BSP] f32ee2ed09ad6a4b72425390fa610e57 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Edited by stormraider, 06 March 2016 - 01:24 PM.


#4 stormraider

stormraider
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 06 March 2016 - 01:23 PM

farbar recovery scan
--frst.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Stormraider (administrator) on Stormraider-PC (06-03-2016 12:37:24)
Running from C:\Users\Stormraider\Downloads
Loaded Profiles: Stormraider (Available Profiles: Stormraider & Guest)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Users\Stormraider\Downloads\virus-removal\RogueKiller.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2683493244-3034785046-540655556-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2683493244-3034785046-540655556-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-02-29] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-22] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{410BB5E1-D683-4D6E-A41B-B6ED56B1EEA1}: [DhcpNameServer] 75.114.81.1 75.114.81.2
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2683493244-3034785046-540655556-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2683493244-3034785046-540655556-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Stormraider\AppData\Roaming\Mozilla\Firefox\Profiles\xpwfwmm9.default-1457211487058
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2014-04-11] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll [2013-11-19] (Simon Bünzli)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin HKU\S-1-5-21-2683493244-3034785046-540655556-1000: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll [2013-11-19] (Simon Bünzli)
FF Plugin HKU\S-1-5-21-2683493244-3034785046-540655556-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Stormraider\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2683493244-3034785046-540655556-1000: @talk.google.com/O1DPlugin -> C:\Users\Stormraider\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2683493244-3034785046-540655556-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Stormraider\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2683493244-3034785046-540655556-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Stormraider\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Stormraider\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Stormraider\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-02-24] [not signed]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-02-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-10-28] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M9B3CD298-9FDA-4EB1-AE69-FAE6136AC45B&SearchSource=55&CUI=&UM=6&UP=SPBE7C3380-1567-42FE-A968-D45C53437781&SSPV=",""
CHR DefaultSearchURL: Profile 1 -> hxxp://www.smarter.yt
CHR DefaultSearchKeyword: Profile 1 -> hma
CHR Profile: C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Gmail) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-10]
CHR Profile: C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-29]
CHR Extension: (Google Drive) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-29]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2016-03-01]
CHR Extension: (Slick RSS) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ealjoljnibpdkocmldliaoojpgdkcdob [2016-03-02]
CHR Extension: (Bookmark Buttons Startpage) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\genmiebglliamphdcfeakonfebajldkj [2016-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-03-01]
CHR Extension: (Google Voice (by Google)) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-03-01]
CHR Extension: (Ashish Mishra) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2016-03-01]
CHR Extension: (Slick RSS : Feed Finder) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mpajmofiejfjgeaakelmjklenjaekppa [2016-03-02]
CHR Extension: (YSlow) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ninejjcohidippngpapiilnmkgllmakh [2016-03-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-29]
CHR Extension: (Gmail) - C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-29]
CHR HKU\S-1-5-21-2683493244-3034785046-540655556-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CHRIST~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-27]
CHR HKU\S-1-5-21-2683493244-3034785046-540655556-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athrusb; C:\Windows\System32\DRIVERS\athrusb.sys [904192 2008-07-29] (Atheros Communications, Inc.) [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-03-05] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2013-08-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [589144 2013-08-04] (Kaspersky Lab)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-03-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [28752 2011-06-13] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2016-03-06] ()
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [98704 2016-01-19] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [163576 2016-01-19] (Oracle Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455704 2013-06-13] (Check Point Software Technologies LTD)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75608 2013-08-04] (Kaspersky Lab)
S3 MFE_RR; \??\C:\Users\CHRIST~1\AppData\Local\Temp\mfe_rr.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-06 12:37 - 2016-03-06 12:37 - 00015026 _____ C:\Users\Stormraider\Downloads\FRST.txt
2016-03-06 12:36 - 2016-03-06 12:36 - 01725440 _____ (Farbar) C:\Users\Stormraider\Downloads\FRST.exe
2016-03-06 11:56 - 2016-03-06 11:56 - 00154720 _____ C:\Windows\Minidump\030616-20030-01.dmp
2016-03-05 22:03 - 2016-03-05 22:03 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-05 22:03 - 2016-03-05 22:03 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-05 22:00 - 2016-03-06 12:05 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-05 22:00 - 2016-03-06 11:57 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-05 21:55 - 2016-03-05 21:55 - 00001114 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-05 21:26 - 2016-03-05 21:26 - 00000000 ____D C:\Users\Stormraider\Downloads\avenger
2016-03-05 17:39 - 2016-03-06 09:39 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d2c720fd-a205-41a3-9931-7f5f00ba117b.job
2016-03-05 17:39 - 2016-03-06 02:00 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b0c1f684-2a6b-407d-af78-024556995d9e.job
2016-03-05 17:39 - 2016-03-05 17:39 - 00000000 ____D C:\Users\Stormraider\AppData\Roaming\SUPERAntiSpyware.com
2016-03-05 17:38 - 2016-03-05 17:38 - 00001970 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-03-05 17:38 - 2016-03-05 17:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-03-05 17:38 - 2016-03-05 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-03-05 15:44 - 2016-03-05 15:44 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-03-05 15:34 - 2016-03-05 15:34 - 00064856 _____ C:\Users\Stormraider\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-05 10:54 - 2016-03-05 10:54 - 00724952 _____ C:\Users\Stormraider\Downloads\avenger.zip
2016-03-05 10:33 - 2016-03-05 10:33 - 00020214 _____ C:\ComboFix.txt
2016-03-05 09:55 - 2016-03-05 09:56 - 03837488 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-04 16:03 - 2016-03-04 16:03 - 00047800 _____ C:\Users\Stormraider\Downloads\getsuperherbs-FB.html
2016-02-25 11:00 - 2016-02-25 11:00 - 00000000 ____D C:\Users\Stormraider\VirtualBox VMs
2016-02-25 10:53 - 2016-02-25 10:53 - 00000000 ____D C:\Users\Stormraider\AppData\LocalLow\uTorrent
2016-02-24 21:07 - 2016-02-25 10:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-23 14:02 - 2016-02-23 14:02 - 00000000 ____D C:\Users\Stormraider\AppData\Local\Bluestacks
2016-02-22 21:03 - 2016-02-22 21:03 - 00001085 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-02-22 21:03 - 2016-02-22 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-02-22 21:03 - 2016-01-19 18:02 - 00784696 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-02-22 21:03 - 2016-01-19 18:02 - 00112112 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-02-22 21:02 - 2016-02-22 21:02 - 00000000 ____D C:\Program Files\Oracle
2016-02-21 20:51 - 2016-02-21 20:51 - 00000000 ____D C:\Users\Stormraider\AppData\Roaming\Hermetic Systems
2016-02-21 09:49 - 2016-02-21 09:49 - 00002669 _____ C:\Users\Stormraider\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-02-15 16:19 - 2016-02-15 19:03 - 00000000 ____D C:\Users\Stormraider\AppData\Roaming\tox
2016-02-15 16:19 - 2016-02-15 16:19 - 00001000 _____ C:\Users\Public\Desktop\qTox.lnk
2016-02-15 16:18 - 2016-02-15 16:21 - 00000000 ____D C:\Program Files\qTox
2016-02-15 16:18 - 2016-02-15 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qTox
2016-02-12 16:59 - 2016-02-12 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIT App Inventor Tools
2016-02-10 20:03 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 14:36 - 2016-02-10 14:37 - 00000000 ____D C:\Windows\rescache
2016-02-09 20:30 - 2016-01-16 13:42 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 20:30 - 2016-01-16 13:34 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 20:30 - 2016-01-11 09:07 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 20:30 - 2016-01-11 09:07 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 20:30 - 2016-01-11 09:07 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 20:30 - 2016-01-11 09:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 20:30 - 2016-01-11 09:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 20:29 - 2016-01-22 01:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 20:29 - 2016-01-22 01:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 20:29 - 2016-01-22 00:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 20:29 - 2016-01-22 00:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 20:29 - 2016-01-07 12:47 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 20:29 - 2016-01-07 12:35 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 20:29 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 20:29 - 2016-01-06 12:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-09 20:29 - 2015-12-20 13:45 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-09 20:29 - 2015-12-20 13:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 20:29 - 2015-12-20 11:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-09 20:28 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 20:28 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-09 20:28 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 20:28 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-09 20:28 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 20:28 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 20:28 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-09 20:28 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 20:28 - 2016-01-22 01:13 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 20:28 - 2016-01-22 01:13 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 20:28 - 2016-01-22 01:09 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 20:28 - 2016-01-22 01:06 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 20:28 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 20:28 - 2016-01-22 01:06 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 20:28 - 2016-01-22 01:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 20:28 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 20:28 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 20:28 - 2016-01-22 01:05 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 20:28 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 20:28 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 20:28 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 20:28 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 20:28 - 2016-01-22 01:02 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 20:28 - 2016-01-22 01:02 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 20:28 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 20:28 - 2016-01-22 01:02 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 20:28 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 20:28 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 20:28 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-02-09 20:28 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 20:28 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 20:28 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 20:28 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 20:28 - 2016-01-22 00:01 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 20:28 - 2016-01-22 00:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 20:28 - 2016-01-21 23:53 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 20:28 - 2016-01-21 23:53 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 20:28 - 2016-01-21 23:53 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 20:28 - 2016-01-21 23:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 20:28 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 20:28 - 2016-01-21 23:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 20:28 - 2016-01-21 23:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 20:28 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 20:28 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 20:28 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 20:28 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 20:27 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 20:27 - 2016-01-22 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-09 20:27 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 20:27 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-09 20:27 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-09 20:27 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-09 20:27 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-09 20:27 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-09 20:27 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-09 20:27 - 2016-01-22 00:52 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-09 20:27 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 20:27 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-09 20:27 - 2016-01-22 00:51 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-09 20:27 - 2016-01-22 00:46 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-09 20:27 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-09 20:27 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-09 20:27 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-09 20:27 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-09 20:27 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 20:27 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-09 20:27 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-09 20:27 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-09 20:27 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 20:27 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 20:27 - 2016-01-22 00:25 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 20:27 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 20:27 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-09 20:27 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 20:27 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 20:26 - 2016-01-11 13:47 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 20:26 - 2016-01-11 13:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 20:26 - 2016-01-11 13:35 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 20:26 - 2016-01-11 13:17 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 20:26 - 2016-01-11 13:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 20:26 - 2016-01-11 13:14 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 20:26 - 2016-01-11 13:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 20:26 - 2016-01-11 13:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 20:26 - 2016-01-11 13:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 20:26 - 2016-01-11 13:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 20:26 - 2016-01-11 13:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-08 10:04 - 2016-02-22 17:24 - 00000000 ____D C:\Users\Stormraider\AppData\Local\SkypePlugin
2016-02-07 13:53 - 2016-02-07 13:53 - 00000000 ____D C:\Users\Stormraider\AppData\LocalLow\Google
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-06 12:37 - 2013-10-16 12:42 - 00000000 ____D C:\FRST
2016-03-06 12:13 - 2009-07-13 23:34 - 00037456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-06 12:13 - 2009-07-13 23:34 - 00037456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-06 12:03 - 2013-09-23 01:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-06 12:01 - 2014-06-01 10:40 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-06 11:57 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-06 11:56 - 2013-09-27 12:10 - 00000000 ____D C:\Windows\Minidump
2016-03-05 23:50 - 2014-01-29 07:08 - 00000000 ____D C:\Users\Stormraider\AppData\Local\CrashDumps
2016-03-05 22:03 - 2013-09-20 19:29 - 00000000 ____D C:\Program Files\Google
2016-03-05 21:59 - 2013-09-20 19:27 - 00000000 ____D C:\Users\Stormraider\AppData\Local\Deployment
2016-03-05 21:59 - 2013-09-20 19:27 - 00000000 ____D C:\Users\Stormraider\AppData\Local\Apps\2.0
2016-03-05 19:52 - 2015-11-28 18:00 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-05 19:48 - 2013-03-26 14:43 - 00000000 ____D C:\Users\Stormraider\Downloads\virus-removal
2016-03-05 18:35 - 2013-09-24 17:39 - 00000000 ____D C:\AdwCleaner
2016-03-05 17:38 - 2013-09-24 17:37 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-03-05 15:47 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-03-05 14:08 - 2014-09-05 13:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-05 11:01 - 2015-11-28 18:00 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-05 10:33 - 2013-08-02 17:58 - 00000000 ____D C:\Qoobox
2016-03-05 10:29 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2016-03-04 23:43 - 2013-04-03 23:57 - 00000000 ____D C:\EFSTMPWP
2016-03-04 17:56 - 2013-12-19 21:30 - 00000000 ____D C:\Users\Stormraider\AppData\Roaming\Skype
2016-03-03 11:28 - 2015-06-04 16:01 - 00000000 ____D C:\Users\Stormraider\Downloads\adrians-funeral-flowers
2016-03-01 17:31 - 2014-01-15 12:05 - 00000000 ____D C:\Users\Stormraider\.VirtualBox
2016-02-29 19:25 - 2014-02-11 12:47 - 00000000 ___RD C:\Users\Stormraider\Dropbox
2016-02-29 19:25 - 2014-02-11 12:41 - 00000000 ____D C:\Users\Stormraider\AppData\Roaming\Dropbox
2016-02-26 23:46 - 2013-09-19 13:41 - 00000000 ____D C:\Users\Stormraider\AppData\Roaming\uTorrent
2016-02-26 03:01 - 2015-04-04 02:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-25 15:53 - 2013-09-22 19:49 - 00000000 ____D C:\Windows\pss
2016-02-25 11:00 - 2013-09-18 23:37 - 00000000 ____D C:\Users\Stormraider
2016-02-25 10:48 - 2013-09-23 18:27 - 00000000 ____D C:\Users\Stormraider\AppData\Local\TSVNCache
2016-02-25 10:35 - 2013-10-15 09:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-25 10:29 - 2014-04-11 20:32 - 00000000 ____D C:\Users\Stormraider\Downloads\marketing-craigslist
2016-02-24 18:35 - 2013-09-22 17:56 - 00000000 ___RD C:\Users\Stormraider\Google Drive
2016-02-23 14:02 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-23 13:54 - 2013-09-18 23:41 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-23 13:46 - 2014-01-13 20:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-02-23 10:43 - 2014-08-01 09:35 - 00000000 ____D C:\Program Files\Yahoo!
2016-02-23 10:35 - 2013-09-19 14:41 - 00000000 ____D C:\Program Files\Adobe
2016-02-23 10:34 - 2013-09-19 14:38 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-23 10:25 - 2013-09-19 14:45 - 00000000 ____D C:\ProgramData\Adobe
2016-02-23 01:14 - 2013-09-23 17:18 - 00000000 ____D C:\Users\Stormraider\AppData\Roaming\FileZilla
2016-02-22 19:11 - 2013-09-19 14:40 - 00000000 ____D C:\Users\Stormraider\AppData\Roaming\Adobe
2016-02-22 18:50 - 2013-09-19 14:47 - 00000000 ____D C:\Program Files\QuickTime
2016-02-22 18:47 - 2013-09-20 19:37 - 00000000 ____D C:\Users\Stormraider\AppData\Local\Adobe
2016-02-22 17:25 - 2014-02-11 11:10 - 00000000 ___RD C:\Program Files\Skype
2016-02-21 20:52 - 2013-09-18 23:37 - 00000000 ____D C:\Users\Stormraider\AppData\Local\VirtualStore
2016-02-20 14:08 - 2015-09-23 16:20 - 00000000 ____D C:\Users\Stormraider\Downloads\ezsummit2015
2016-02-12 17:10 - 2014-03-03 14:53 - 00000000 ____D C:\Users\Stormraider\.appinventor
2016-02-12 16:58 - 2014-03-26 21:16 - 00000000 ____D C:\Program Files\AppInventor
2016-02-10 03:47 - 2014-12-10 03:30 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 03:47 - 2014-05-06 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 03:47 - 2009-07-14 02:49 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 03:26 - 2013-09-20 21:10 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 03:10 - 2013-09-20 21:10 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-09 18:03 - 2013-12-11 10:03 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-09 18:03 - 2013-09-23 01:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-07 13:37 - 2014-04-14 11:47 - 00000000 ____D C:\Users\Guest\AppData\Local\TSVNCache
 
==================== Files in the root of some directories =======
 
2014-04-11 12:25 - 2014-04-11 12:25 - 11184128 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-02-27 15:23 - 2015-04-13 11:34 - 0000132 _____ () C:\Users\Stormraider\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-07-08 10:09 - 2015-07-08 10:10 - 0000000 _____ () C:\Users\Stormraider\AppData\Local\{13579719-E232-488D-AB04-ECA670E3A7A0}
2015-07-09 22:39 - 2015-07-09 22:39 - 0000000 _____ () C:\Users\Stormraider\AppData\Local\{3CC8AE53-575B-41C0-8273-E597A44B1EC4}
 
Some files in TEMP:
====================
C:\Users\Stormraider\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-01 19:31
 
==================== End of FRST.txt ============================
 
addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Stormraider (2016-03-06 12:38:26)
Running from C:\Users\Stormraider\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2013-09-19 04:37:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2683493244-3034785046-540655556-500 - Administrator - Disabled)
Stormraider (S-1-5-21-2683493244-3034785046-540655556-1000 - Administrator - Enabled) => C:\Users\Stormraider
Guest (S-1-5-21-2683493244-3034785046-540655556-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2683493244-3034785046-540655556-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2683493244-3034785046-540655556-1000\...\uTorrent) (Version: 3.4.5.41821 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM\...\{D8D2B468-8342-411A-8760-BCC362C3408F}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version:  - )
Dropbox (HKU\S-1-5-21-2683493244-3034785046-540655556-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.14.1 (HKLM\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Gmail Notifier (HKLM\...\Gmail Notifier) (Version:  - )
G-Mapper (HKLM\...\{08D2435E-DC4E-464D-8C2F-606B9BC0A465}) (Version: 3.1.60 - db net solutions)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.75 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jing (HKLM\...\{8CC9F4D8-D938-412B-B67D-A28FA7BDB8AA}) (Version: 2.7.12205.4 - TechSmith Corporation)
LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MIT App Inventor Tools 2.3.0 (HKLM\...\MIT App Inventor Tools) (Version: 2.3.0 - Massachusetts Institute of Technology)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Mobile Emulator (HKLM\...\{1826D0CA-F479-4430-9EFE-86E8E783505B}_is1) (Version:  - Opera Software ASA)
Oracle VM VirtualBox 5.0.14 (HKLM\...\{8F6D5610-B5D2-4CF3-90ED-584ABC8B946A}) (Version: 5.0.14 - Oracle Corporation)
PdaNet+ for Android 4.12 (HKLM\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFlite 0.11.2.0 (HKLM\...\PDFlite) (Version: 0.11.2.0 - Amnis Technology Ltd)
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
qTox (HKLM\...\qTox) (Version: 1.0 - The qTox Project)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
SWF to AVI (HKLM\...\{3315B802-84C6-47BC-907A-9B77A4646197}_is1) (Version:  - www.swftoavi.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
ZoneAlarm Antivirus (Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM\...\ZoneAlarm Free Antivirus + Firewall) (Version: 11.0.780.000 - Check Point)
ZoneAlarm Security (Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Stormraider\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Stormraider\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Stormraider\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Stormraider\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Stormraider\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{3D3B1846-CC43-42ae-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\PDFlite\PdfPreview.dll (Simon Bünzli)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Stormraider\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\PDFlite\PdfFilter.dll (Simon Bünzli)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Stormraider\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Stormraider\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Stormraider\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Stormraider\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Stormraider\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Stormraider\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Stormraider\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Stormraider\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Stormraider\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Stormraider\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Stormraider\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2683493244-3034785046-540655556-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Stormraider\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08240C98-BEE4-4DA9-B143-CDE83AAE02FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {2A506C48-31C2-4B35-B915-43B071567139} - System32\Tasks\SUPERAntiSpyware Scheduled Task b0c1f684-2a6b-407d-af78-024556995d9e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {93FD9386-0FD0-4FC7-8CDF-8DAFB43C6E1D} - System32\Tasks\{2A0FCE3A-DDDF-41E1-A0D1-C2F6D8F8D85A} => pcalua.exe -a C:\Users\Stormraider\Downloads\6d2b2af8-68f0-478a-ba1d-2684f0462b50.exe -d C:\Users\Stormraider\Downloads
Task: {B85835D6-0864-49D1-BE1E-AD724DCFEF5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {B8F9C334-AC2C-48E1-B625-A034E382FB67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BF447C78-456B-4091-B604-F2BA3FA1CC15} - System32\Tasks\{A32BE20E-DCC4-4413-B2F8-7D512DB6388B} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {C652A26B-9391-45F0-B370-90D64CEB6444} - System32\Tasks\AdobeAAMUpdater-1.0-Stormraider-PC-Stormraider => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {E8DBA514-4246-4454-AC06-F2EA62342506} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-05] (Google Inc.)
Task: {FD13D1E1-5318-48C5-8C62-812FE6C01B56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-05] (Google Inc.)
Task: {FE2104F4-C3CF-43EB-B5F2-66FDD9AEE00B} - System32\Tasks\SUPERAntiSpyware Scheduled Task d2c720fd-a205-41a3-9931-7f5f00ba117b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b0c1f684-2a6b-407d-af78-024556995d9e.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d2c720fd-a205-41a3-9931-7f5f00ba117b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-23 17:02 - 2013-08-26 07:12 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2015-02-18 12:30 - 2015-02-18 12:31 - 15494232 _____ () C:\Users\Stormraider\Downloads\virus-removal\RogueKiller.exe
2015-09-10 11:43 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-09-10 11:43 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Stormraider\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2016-03-05 21:17 - 00000747 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2683493244-3034785046-540655556-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^aiStarter.lnk => C:\Windows\pss\aiStarter.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Stormraider^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Stormraider^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Google Update => "C:\Users\Stormraider\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Jing => C:\Program Files\TechSmith\Jing\Jing.exe
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Stormraider\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0E447D3C-1E70-437B-8B6D-86B97123E8B8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E5281D1E-C20A-423B-AF56-FB0BCDC7962A}] => (Allow) C:\Users\Stormraider\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{F9046586-1FB6-4C59-ADC0-B1DA9BEA9B4D}] => (Allow) C:\Users\Stormraider\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{93321E8D-2BC2-47E7-B6F4-256559A3EFF0}] => (Allow) C:\Users\Stormraider\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{5C8C8EA8-4F29-425C-89D1-DB1C58E417EF}] => (Allow) C:\Users\Stormraider\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2D51B1D2-F17B-424B-B9FB-4DFCF7336E1B}] => (Allow) LPort=3703
FirewallRules: [{6DC78B32-0BD1-40D0-BD77-3F12B3140D9F}] => (Allow) LPort=3704
FirewallRules: [{2F85C935-F328-45B9-BE84-8285C7E5795C}] => (Allow) LPort=50900
FirewallRules: [{FA13273C-2EB3-45AE-B90A-0375F45D7E51}] => (Allow) LPort=50901
FirewallRules: [{258EE853-367B-491E-ACD7-045AB72B4686}] => (Allow) C:\Program Files\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{76EB5C95-C415-4D0B-A4AB-B36A83914848}] => (Allow) C:\Program Files\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{39A45F3C-8F42-4348-AE72-EABF5B62E87B}] => (Allow) LPort=7935
FirewallRules: [{5C8F0283-CC14-4B37-95E7-F4790C34E8C8}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{EE146F7E-8A87-4331-9C68-AADEB39C4803}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{6BB28047-24F1-46DE-AA59-6E284A9320CD}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B7365221-E9F0-4CE3-9E7A-FA110C46E974}] => (Allow) C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C517D2BE-D889-4E93-BE4C-AF510B6C21AB}] => (Allow) C:\Users\Stormraider\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{159E8264-496C-4897-80CC-39E14B4696C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BDF66CE4-B47E-4FFF-B55B-F16E89F87D0D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8D0C99C6-7B1A-4B26-ABB4-1C81A9A7C118}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4C92C245-A275-426C-8586-BA45ECB117B9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{821E341B-D547-4A4B-935F-425570E629D5}] => (Allow) C:\Users\Stormraider\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0B1D914B-FB13-462A-B8F5-30777999BACB}] => (Allow) C:\Users\Stormraider\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D117E4C7-F55D-4962-9523-55F7F45510E0}] => (Allow) C:\Users\Stormraider\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C15C44F8-FF73-4E9A-B8ED-7C220CAE7751}] => (Allow) C:\Users\Stormraider\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E38913EF-72B0-402B-89B6-B727A8EDC86C}] => (Allow) C:\Users\Stormraider\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6ECBAF5-45B4-44CF-8BDC-E0F2EC566293}] => (Allow) C:\Users\Stormraider\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{900BD9EE-C2B0-4F56-A511-573FBC2C5570}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
05-03-2016 10:12:03 ComboFix created restore point
05-03-2016 11:06:25 Removed Google Drive
 
==================== Faulty Device Manager Devices =============
 
Name: BACKUP
Description: JD FIREFLY      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: LEXAR   
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: H:\
Description: USB DISK        
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SMI     
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: G:\
Description: Mass storage    
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Huawei  
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2016 11:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417
Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e
Exception code: 0x80000003
Fault offset: 0x0000ed3b
Faulting process id: 0x11ec
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (03/05/2016 10:03:37 AM) (Source: ZAPrivacyService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (03/05/2016 09:57:24 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/05/2016 09:57:24 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/05/2016 09:57:24 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/05/2016 09:57:24 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/05/2016 09:57:22 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/05/2016 09:57:22 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/05/2016 09:57:22 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/05/2016 09:57:22 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (03/06/2016 11:56:43 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xce4f0014, 0x00000000, 0xba7cb41b, 0x00000000)C:\Windows\MEMORY.DMP030616-20030-01
 
Error: (03/06/2016 11:56:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:39:49 AM on ‎3/‎6/‎2016 was unexpected.
 
Error: (03/05/2016 10:33:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Telephony service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: 
%%1068
 
Error: (03/05/2016 10:33:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: 
%%1062
 
Error: (03/05/2016 10:33:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error: 
%%1053
 
Error: (03/05/2016 10:33:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DNS Client service to connect.
 
Error: (03/05/2016 10:33:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: 
%%1068
 
Error: (03/05/2016 10:33:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: 
%%1062
 
Error: (03/05/2016 10:32:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WLAN AutoConfig service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: 
%%1068
 
Error: (03/05/2016 10:32:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: 
%%1062
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU T5600 @ 1.83GHz
Percentage of memory in use: 66%
Total physical RAM: 2038.44 MB
Available physical RAM: 673.75 MB
Total Virtual: 4076.88 MB
Available Virtual: 2574.54 MB
 
==================== Drives ================================
 
Drive c: (Stormraider) (Fixed) (Total:74.43 GB) (Free:10.45 GB) NTFS
Drive e: (HUAWEI M920) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: (BACKUP) (Removable) (Total:3.73 GB) (Free:1.32 GB) FAT32
Drive h: () (Removable) (Total:14.99 GB) (Free:13.34 GB) FAT32
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================


#5 stormraider

stormraider
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 06 March 2016 - 01:46 PM

nfo summary zip attached Attached File  summary - Copy.zip   52.79KB   1 downloads



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:21 AM

Posted 06 March 2016 - 06:12 PM

Greetings,

Is there a reason why you ran RogueKiller?


-----

Does this look familiar to you?

Brandon Bright House Networks

-----

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Toolbar: HKU\S-1-5-21-2683493244-3034785046-540655556-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M9B3CD298-9FDA-4EB1-AE69-FAE6136AC45B&SearchSource=55&CUI=&UM=6&UP=SPBE7C3380-1567-42FE-A968-D45C53437781&SSPV=",""
CHR DefaultSearchKeyword: Profile 1 -> hma
S3 MFE_RR; \??\C:\Users\CHRIST~1\AppData\Local\Temp\mfe_rr.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
2015-07-08 10:09 - 2015-07-08 10:10 - 0000000 _____ () C:\Users\Stormraider\AppData\Local\{13579719-E232-488D-AB04-ECA670E3A7A0}
2015-07-09 22:39 - 2015-07-09 22:39 - 0000000 _____ () C:\Users\Stormraider\AppData\Local\{3CC8AE53-575B-41C0-8273-E597A44B1EC4}
Task: {BF447C78-456B-4091-B604-F2BA3FA1CC15} - System32\Tasks\{A32BE20E-DCC4-4413-B2F8-7D512DB6388B} => pcalua.exe -a D:\Setup.exe -d D:\
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
zip: C:\Windows\Minidump\030616-20030-01.dmp
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create a zipped folder on the desktop called Upload. Please attach the file to your reply.
===================================================

Troubleshooting Corrupt Content Index Catalog in Windows 7

--------------------
  • Click Start, Control Panel, then Troubleshooting
  • On the left hand side click View All
  • Click Search and Indexing
  • Click Advanced then place a checkmark in Apply repairs automatically (should be checked by default)
  • Click Next
  • Click My problem isn't listed (Please provide a description on the next page)
  • Click Next
  • Type content index catalog is corrupt, then click Next
  • Please report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reason why you ran RogueKiller?
  • AdwCleaner log
  • JUnkware log
  • Fixlog
  • Attached Upload file
  • Did the Context Index Catalog process run?
  • Please describe any current issues

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 stormraider

stormraider
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 06 March 2016 - 06:53 PM

ok ok...
i ran rogue because desktop slugish, internet hit or misses of just drops connection.
uninstalled utorrent - used for archlinux.iso download
adware has no logs

 

jrt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x86 
Ran by Stormraider(Administrator) on Sun 03/06/2016 at 18:29:35.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 8 
 
Successfully deleted: C:\Users\Stormraider\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7M8B12J5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Stormraider\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKYRO1HI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Stormraider\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROVOWNS1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Stormraider\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYND1KY6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7M8B12J5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKYRO1HI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROVOWNS1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYND1KY6 (Temporary Internet Files Folder) 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/06/2016 at 18:42:40.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by stormraider, 06 March 2016 - 06:53 PM.


#8 stormraider

stormraider
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 06 March 2016 - 06:59 PM

fixlog.zip Attached File  Fixlog.zip   6.36KB   1 downloads

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Stormraider (2016-03-06 18:57:00) Run:4
Running from C:\Users\Stormraider\Downloads
Loaded Profiles: Stormraider (Available Profiles: Stormraider & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Toolbar: HKU\S-1-5-21-2683493244-3034785046-540655556-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M9B3CD298-9FDA-4EB1-AE69-FAE6136AC45B&SearchSource=55&CUI=&UM=6&UP=SPBE7C3380-1567-42FE-A968-D45C53437781&SSPV=",""
CHR DefaultSearchKeyword: Profile 1 -> hma
S3 MFE_RR; \??\C:\Users\CHRIST~1\AppData\Local\Temp\mfe_rr.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
2015-07-08 10:09 - 2015-07-08 10:10 - 0000000 _____ () C:\Users\Stormraider\AppData\Local\{13579719-E232-488D-AB04-ECA670E3A7A0}
2015-07-09 22:39 - 2015-07-09 22:39 - 0000000 _____ () C:\Users\Stormraider\AppData\Local\{3CC8AE53-575B-41C0-8273-E597A44B1EC4}
Task: {BF447C78-456B-4091-B604-F2BA3FA1CC15} - System32\Tasks\{A32BE20E-DCC4-4413-B2F8-7D512DB6388B} => pcalua.exe -a D:\Setup.exe -d D:\
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
zip: C:\Windows\Minidump\030616-20030-01.dmp
*****************

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully.
HKU\S-1-5-21-2683493244-3034785046-540655556-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
Chrome StartupUrls => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
MFE_RR => service removed successfully.
VBoxNetFlt => service removed successfully.
C:\Users\Stormraider\AppData\Local\{13579719-E232-488D-AB04-ECA670E3A7A0} => moved successfully
C:\Users\Stormraider\AppData\Local\{3CC8AE53-575B-41C0-8273-E597A44B1EC4} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF447C78-456B-4091-B604-F2BA3FA1CC15}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF447C78-456B-4091-B604-F2BA3FA1CC15}" => key removed successfully.
C:\Windows\System32\Tasks\{A32BE20E-DCC4-4413-B2F8-7D512DB6388B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A32BE20E-DCC4-4413-B2F8-7D512DB6388B}" => key removed successfully.

========= type "C:\ComboFix.txt" =========

ComboFix 16-02-29.01 - Stormraider 03/05/2016 10:14:11.90.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1113 [GMT -5:00]
Running from: c:\users\Stormraider\Downloads\virus-removal\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2016-02-05 to 2016-03-05 )))))))))))))))))))))))))))))))
.
.
2016-03-05 15:29 . 2016-03-05 15:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-03-05 15:29 . 2016-03-05 15:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2016-03-05 15:29 . 2016-03-05 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-04 08:36 . 2016-02-19 01:31 9067696 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C50DA68-CC36-4A3C-B70D-E98BBFC6D09A}\mpengine.dll
2016-02-25 16:00 . 2016-02-25 16:00 -------- d-----w- c:\users\Stormraider\VirtualBox VMs
2016-02-23 19:02 . 2016-02-23 19:02 -------- d-----w- c:\users\Stormraider\AppData\Local\Bluestacks
2016-02-23 02:03 . 2016-01-19 23:02 784696 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2016-02-23 02:03 . 2016-01-19 23:02 112112 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2016-02-23 02:02 . 2016-02-23 02:02 -------- d-----w- c:\program files\Oracle
2016-02-22 01:51 . 2016-02-22 01:51 -------- d-----w- c:\users\Stormraider\AppData\Roaming\Hermetic Systems
2016-02-15 21:19 . 2016-02-16 00:03 -------- d-----w- c:\users\Stormraider\AppData\Roaming\tox
2016-02-15 21:18 . 2016-02-15 21:21 -------- d-----w- c:\program files\qTox
2016-02-11 01:03 . 2016-01-16 18:36 1413632 ----a-w- c:\windows\system32\ole32.dll
2016-02-10 19:36 . 2016-02-10 19:37 -------- d-----w- c:\windows\rescache
2016-02-10 01:30 . 2016-01-16 18:42 22464 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-02-10 01:30 . 2016-01-16 18:34 949760 ----a-w- c:\windows\system32\aeinv.dll
2016-02-10 01:30 . 2016-01-11 14:07 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-02-10 01:30 . 2016-01-11 14:07 591360 ----a-w- c:\windows\system32\invagent.dll
2016-02-10 01:30 . 2016-01-11 14:07 544768 ----a-w- c:\windows\system32\generaltel.dll
2016-02-10 01:30 . 2016-01-11 14:07 424960 ----a-w- c:\windows\system32\devinv.dll
2016-02-10 01:30 . 2016-01-11 14:07 1198080 ----a-w- c:\windows\system32\appraiser.dll
2016-02-10 01:28 . 2016-01-22 06:13 3993536 ----a-w- c:\windows\system32\ntkrnlpa.exe
2016-02-10 01:27 . 2016-01-22 06:07 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2016-02-10 01:26 . 2016-01-11 18:17 2062848 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-10 01:26 . 2016-01-11 18:14 573440 ----a-w- c:\windows\system32\wuapi.dll
2016-02-10 01:26 . 2016-01-11 18:47 174080 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-10 01:26 . 2016-01-11 18:47 2956288 ----a-w- c:\windows\system32\wucltux.dll
2016-02-10 01:26 . 2016-01-11 18:35 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-10 01:26 . 2016-01-11 18:14 93696 ----a-w- c:\windows\system32\wudriver.dll
2016-02-10 01:26 . 2016-01-11 18:14 30208 ----a-w- c:\windows\system32\wups.dll
2016-02-10 01:26 . 2016-01-11 18:14 35840 ----a-w- c:\windows\system32\wups2.dll
2016-02-10 01:26 . 2016-01-11 18:14 136192 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-10 01:26 . 2016-01-11 18:14 35328 ----a-w- c:\windows\system32\wuapp.exe
2016-02-10 01:26 . 2016-01-11 18:14 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-08 15:04 . 2016-02-22 22:24 -------- d-----w- c:\users\Stormraider\AppData\Local\SkypePlugin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-27 20:34 . 2014-06-01 15:40 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-23 16:59 . 2015-11-28 23:00 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-09 23:03 . 2013-12-11 15:03 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-02-09 23:03 . 2013-09-23 06:15 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-19 23:02 . 2016-01-19 23:02 98704 ----a-w- c:\windows\system32\drivers\VBoxNetAdp6.sys
2016-01-19 23:02 . 2016-01-19 23:02 163576 ----a-w- c:\windows\system32\drivers\VBoxNetLwf.sys
2015-12-08 21:54 . 2016-01-13 11:41 902144 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-13 11:41 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-13 11:41 739328 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-13 11:41 815616 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-13 11:41 740352 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 21:54 . 2016-01-13 11:41 541184 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-13 11:41 1568768 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-13 11:41 665088 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-13 11:41 358400 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-13 11:41 1202688 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-08 21:54 . 2016-01-13 11:41 1325056 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-13 11:41 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-13 11:41 154112 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-13 11:41 338944 ----a-w- c:\windows\system32\SysFxUI.dll
2015-12-08 21:53 . 2016-01-13 11:41 206848 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-13 11:50 509952 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 21:53 . 2016-01-13 11:41 1329664 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 21:53 . 2016-01-13 11:41 519680 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 21:53 . 2016-01-13 11:41 206848 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 21:53 . 2016-01-13 11:41 970240 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-13 11:41 829952 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-13 11:41 241152 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-13 11:41 241152 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-13 11:41 79872 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-13 11:41 415744 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-13 11:41 3209728 ----a-w- c:\windows\system32\mf.dll
2015-12-08 21:53 . 2016-01-13 11:41 728576 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 21:53 . 2016-01-13 11:41 609280 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-13 11:41 354816 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 21:53 . 2016-01-13 11:41 53248 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 21:53 . 2016-01-13 11:41 103424 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 21:53 . 2016-01-13 11:41 4608 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 21:53 . 2016-01-13 11:50 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 21:53 . 2016-01-13 11:41 489984 ----a-w- c:\windows\system32\evr.dll
2015-12-08 21:53 . 2016-01-13 11:41 67584 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 21:53 . 2016-01-13 11:41 153600 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-13 11:41 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 21:53 . 2016-01-13 11:41 23040 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 21:53 . 2016-01-13 11:41 193536 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 21:50 . 2016-01-13 11:41 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 21:43 . 2016-01-13 11:41 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-08 21:11 . 2016-01-13 11:41 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-12-08 21:11 . 2016-01-13 11:41 5120 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2014-04-11 17:25 . 2014-04-11 17:25 11184128 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-02-25 03:38 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-02-25 03:38 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-02-25 03:38 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Stormraider\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-08-12 73832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-09-22 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^aiStarter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\aiStarter.lnk
backup=c:\windows\pss\aiStarter.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
backup=c:\windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
backup=c:\windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Stormraider^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Stormraider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Stormraider^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Stormraider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-30 12:46 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-11-21 18:41 5282584 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2015-08-27 22:36 144200 ----atw- c:\users\Stormraider\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2016-02-25 03:38 23260000 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2012-07-23 15:20 2908536 ----a-w- c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 20:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 15:20 30877280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-02-21 14:47 1927680 ----a-w- c:\users\Stormraider\AppData\Roaming\uTorrent\uTorrent.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-06-18 54160]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-01-22 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2016-02-23 170200]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tbwkern;Kensington TrackballWorks driver;c:\windows\system32\DRIVERS\tbwkern.sys [2011-06-13 28752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-19 1343400]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2016-01-19 784696]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-01-19 98704]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys [2016-01-19 163576]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2016-01-19 112112]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 13440]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-20 10:43 1088664 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-23 23:03]
.
2016-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-21 23:17]
.
2016-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-21 23:17]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 75.114.81.1 75.114.81.2
FF - ProfilePath - c:\users\Stormraider\AppData\Roaming\Mozilla\Firefox\Profiles\l2pzb56y.default-1446067122800\
.
.
------- File Associations -------
.
.txt=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,f4,bf,a4,90,eb,68,4d,bc,03,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,f4,bf,a4,90,eb,68,4d,bc,03,db,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-03-05 10:32:59
ComboFix-quarantined-files.txt 2016-03-05 15:32
ComboFix2.txt 2016-02-29 21:29
ComboFix3.txt 2016-02-29 20:34
ComboFix4.txt 2016-01-24 00:55
ComboFix5.txt 2016-03-05 15:11
.
Pre-Run: 8,292,335,616 bytes free
Post-Run: 11,707,097,088 bytes free
.
- - End Of File - - 782311EA33228423DA77C397C8202AA6
A36C5E4F47E84449FF07ED3517B43A31

========= End of CMD: =========


========================= File: C:\ComboFix.txt ========================

File not signed
MD5: 75D5FAC7AC3EFBF9DA5D07261927D1E8
Creation and modification date: 2016-03-05 - 2016-03-05
Size: 0020214
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

================== Zip: ===================
C:\Windows\Minidump\030616-20030-01.dmp -> copied successfully to C:\Users\Stormraider\Desktop\Upload.zip
=========== Zip: End ===========

==== End of Fixlog 18:57:04 ====

Edited by Oh My!, 06 March 2016 - 07:05 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:21 AM

Posted 06 March 2016 - 07:08 PM

Please carefully read my post.
 

Attached Upload file
Did the Context Index Catalog process run?
Please describe any current issues

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 stormraider

stormraider
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 06 March 2016 - 07:14 PM

I do not think it ran?

content index catalog is corrupt

Control Panel\All Control Panel Items\Troubleshooting\All Categories

{Search and Indexing}

 

 

Explore additional options led me here:

 

http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/the-content-index-catalog-is-corrupt/f519ba60-4fe2-4098-8ea0-e16d49675d1f?auth=1

 

 

View Detailed Information shown:

Potential issues that were checked 
Incorrect permissions on Windows Search directoriesIncorrect permissions on Windows Search directories
When permissions on the Windows Search data directories are set incorrectly, the search service might not be able to access or update the computer's search index. This can result in slow searches or incomplete search results. Issue not present  
Search Filter Host process failedSearch Filter Host process failed
Problems with the Search Filter Host might indicate errors in the Windows Search service, which can cause searches to fail or return incomplete search results. Issue not present  
Windows Search service shut down unexpectedlyWindows Search service shut down unexpectedly
When the Windows Search service is forcibly shut down while performing maintenance, searches might fail or return incomplete search results. Issue not present  
Windows Search service shut down unexpectedlyWindows Search service shut down unexpectedly
When the Windows Search service is forcibly shut down, searches might fail or return incomplete search results. Issue not present  
Windows Search service not runningWindows Search service not running
When the Windows Search service is not running, searches might be slower, and you might not be able to find all items. Issue not present  
Windows Search service failedWindows Search service failed
Problems with the Windows Search service can cause searches to fail or return incomplete search results. Issue not present  
Search Protocol Host process failedSearch Protocol Host process failed
Problems with the Search Protocol Host might indicate errors in the Windows Search service, which can cause searches to fail or return incomplete search results. Issue not present  
 
Potential issues that were checked Detection details 
 
 Incorrect permissions on Windows Search directories Issue not present  
 
When permissions on the Windows Search data directories are set incorrectly, the search service might not be able to access or update the computer's search index. This can result in slow searches or incomplete search results. 
 
 Search Filter Host process failed Issue not present  
 
Problems with the Search Filter Host might indicate errors in the Windows Search service, which can cause searches to fail or return incomplete search results. 
 
 Windows Search service shut down unexpectedly Issue not present  
 
When the Windows Search service is forcibly shut down while performing maintenance, searches might fail or return incomplete search results. 
 
 Windows Search service shut down unexpectedly Issue not present  
 
When the Windows Search service is forcibly shut down, searches might fail or return incomplete search results. 
 
 Windows Search service not running Issue not present  
 
When the Windows Search service is not running, searches might be slower, and you might not be able to find all items. 
 
 Windows Search service failed Issue not present  
 
Problems with the Windows Search service can cause searches to fail or return incomplete search results. 
 
 Search Protocol Host process failed Issue not present  
 
Problems with the Search Protocol Host might indicate errors in the Windows Search service, which can cause searches to fail or return incomplete search results. 
 
 
Detection details Expand 
 
InformationalDirectory 
Windows Search data directory 
Directory: C:\ProgramData\Microsoft\Search\Data\ 
 
InformationalUser-reported problems 
Problem Type: UnknownProblem 
 
InformationalUser-defined problem 
content index catalog is corrupt 
 
Collection information 
Computer Name:  Stormraider-PC 
Windows Version: 6.1 
Architecture: x86 
Time: Sunday, March 06, 2016 7:17:20 PM 
 
Publisher details Expand 
 
Search and Indexing 
Find items on your computer using Windows Search. 
Package Version: 1.0 
Publisher: Microsoft Windows 
Search and Indexing 
Find items on your computer using Windows Search. 
Package Version: 1.0 
Publisher: Microsoft Corporation 

Edited by stormraider, 06 March 2016 - 07:23 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:21 AM

Posted 06 March 2016 - 07:28 PM

Are you saying when you clicked Search and Indexing it opened the web page link you provided above? You never got to these steps?

 

  • Click Advanced then place a checkmark in Apply repairs automatically (should be checked by default)
  • Click Next
  • Click My problem isn't listed (Please provide a description on the next page)
  • Click Next
  • Type content index catalog is corrupt, then click Next

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:21 AM

Posted 06 March 2016 - 07:37 PM

I see you amended your previous post.

 

Can you please attach the Upload.zip file to your reply. It should have been placed on your Desktop after your ran the FRST fixlist.

 

Update me on the computer behavior please.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 stormraider

stormraider
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 06 March 2016 - 07:44 PM

content index catalog is corrupt

Control Panel\All Control Panel Items\Troubleshooting\All Categories

{Search and Indexing}

  I followed your steps
  • Click Advanced then place a checkmark in Apply repairs automatically (should be checked by default)
  • Click Next
  • Click My problem isn't listed (Please provide a description on the next page)
  • Click Next
  • Type content index catalog is corrupt, then click Next

follow instructions as administrator check the box. program runs and get output 

Troubleshooting could not identiofy the problem

1. explore additional options

2.close trioublshooter

3.view detailed information

 

    rebooted computer. slow to start. intial chrome https connection to amazon failed. loaded about 5 seconds later There is no Internet connection

Your computer is offline.

DNS_PROBE_FINISHED_NO_INTERNET

Attached Files



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:21 AM

Posted 06 March 2016 - 08:14 PM

For the 4th time, is there an Upload.zip folder on your Desktop? Please attach it to your reply.

For the second time:

Does this look familiar to you?
Brandon Bright House Networks


Please do this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Upload.zip
  • Does the Network information look familiar?
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 stormraider

stormraider
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 06 March 2016 - 08:23 PM

Brandon Bright House Networks possibly ISP

upload zip attachedAttached File  Upload.zip   29.51KB   1 downloads


Edited by stormraider, 06 March 2016 - 08:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users