Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Need help removing potential malware
Message
<blockquote data-quote="jeighjeigh" data-source="post: 392993" data-attributes="member: 36781"><p>Here are my results from my scans:</p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.09.1.1004</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Database version:</p><p> main: v2015.06.02.01</p><p> rootkit: v2015.05.31.01</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 11.0.9600.17801</p><p>otherrrrrr :: OWNER-HP [administrator]</p><p></p><p>6/2/2015 2:32:35 AM</p><p>mbar-log-2015-06-02 (02-32-35).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled: </p><p>Objects scanned: 401633</p><p>Time elapsed: 39 minute(s), 40 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.09.1.1004</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 11.0.9600.17801</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 2.095000 GHz</p><p>Memory total: 4240293888, free: 1460170752</p><p></p><p>Downloaded database version: v2015.06.02.01</p><p>Downloaded database version: v2015.05.31.01</p><p>Downloaded database version: v2015.05.13.01</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 06/02/2015 02:31:57</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\drivers\compbatt.sys</p><p>\SystemRoot\system32\drivers\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\DRIVERS\iaStor.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\msahci.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\DRIVERS\tmcomm.sys</p><p>\SystemRoot\system32\drivers\wd.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\system32\DRIVERS\hpdskflt.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\system32\DRIVERS\epp64.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\tmevtmgr.sys</p><p>\SystemRoot\system32\DRIVERS\tmactmon.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\System32\Drivers\SCDEmu.SYS</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\drivers\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\igdkmd64.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\HECIx64.sys</p><p>\SystemRoot\system32\drivers\usbehci.sys</p><p>\SystemRoot\system32\drivers\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\NETwNs64.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\DRIVERS\L1C62x64.sys</p><p>\SystemRoot\system32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\Apfiltr.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\Accelerometer.sys</p><p>\SystemRoot\system32\drivers\CmBatt.sys</p><p>\SystemRoot\system32\drivers\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\clwvd.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\WDKMD.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\DRIVERS\stwrt64.sys</p><p>\SystemRoot\system32\DRIVERS\portcls.sys</p><p>\SystemRoot\system32\DRIVERS\drmk.sys</p><p>\SystemRoot\system32\DRIVERS\IntcDAud.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\System32\Drivers\fastfat.SYS</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_iaStor.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\??\C:\Windows\system32\drivers\mbam.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\DRIVERS\WinUSB.sys</p><p>\SystemRoot\system32\DRIVERS\WUDFRd.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\system32\DRIVERS\tmusa.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\DRIVERS\vwifimp.sys</p><p>\SystemRoot\system32\drivers\spsys.sys</p><p>\SystemRoot\system32\DRIVERS\tmnciesc.sys</p><p>\SystemRoot\system32\DRIVERS\tmeevw.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>----------- End -----------</p><p>Done!</p><p></p><p>Scan started</p><p>Database versions:</p><p> main: v2015.06.02.01</p><p> rootkit: v2015.05.31.01</p><p></p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa80069a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa80069a9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa80069a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8006839b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\</p><p>DevicePointer: 0xfffffa8004e63050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.</p><p>Drivers scan is aborted.</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: E668E4D2</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 1251022</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1253070 Numsec = 1429977780</p><p></p><p> Partition 2 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1431230850 Numsec = 33704370</p><p></p><p> Partition 3 type is Other (0xe)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1464935220 Numsec = 213948</p><p></p><p>Disk Size: 750156374016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...</p><p>Removal finished</p><p></p><p></p><p></p><p></p><p></p><p>----------------------------------------------------------------</p><p></p><p>Zoek.exe v5.0.0.0 Updated 04-May-2015</p><p>Tool run by otherrrrrr on Tue 06/02/2015 at 3:15:43.14.</p><p>Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64</p><p>Running in: Normal Mode No Internet Access Detected</p><p>Launched: C:\Users\otherrrrrr\Desktop\zoek.exe [Scan all users] [Script inserted] </p><p></p><p>==== System Restore Info ======================</p><p></p><p>6/2/2015 3:18:35 AM Zoek.exe System Restore Point Created Successfully.</p><p></p><p>==== Empty Folders Check ======================</p><p></p><p>C:\PROGRA~2\DSPRobotics deleted successfully</p><p>C:\PROGRA~2\Trend Micro deleted successfully</p><p>C:\PROGRA~3\IDM deleted successfully</p><p>C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully</p><p>C:\PROGRA~3\Oracle deleted successfully</p><p>C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully</p><p>C:\PROGRA~3\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} deleted successfully</p><p>C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully</p><p>C:\Users\Guest\AppData\Roaming\hpqLog deleted successfully</p><p>C:\Users\otherrrrrr\AppData\Roaming\DMCache deleted successfully</p><p>C:\Users\otherrrrrr\AppData\Roaming\hpqLog deleted successfully</p><p>C:\Users\Guest\AppData\Local\VirtualStore deleted successfully</p><p>C:\Users\otherrrrrr\AppData\Local\Downloaded Installations deleted successfully</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-1852792263-1943724817-2778886419-1003\Software\Microsoft\Internet Explorer\SearchScopes\{44159DE0-8C9E-4DDB-963F-2BFBA9563559} deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{44159DE0-8C9E-4DDB-963F-2BFBA9563559} deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44159DE0-8C9E-4DDB-963F-2BFBA9563559} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\PROGRA~2\DSPRobotics not found</p><p>C:\PROGRA~2\Trend Micro not found</p><p>C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found</p><p>C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found</p><p>C:\PROGRA~3\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} not found</p><p>C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found</p><p>C:\PROGRA~3\DivX deleted</p><p>C:\DPInst.exe deleted</p><p>C:\found.000 deleted</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Roaming\NitroTmp.tmp deleted</p><p>C:\PROGRA~3\InstallMate deleted</p><p>C:\PROGRA~3\SummerSoft deleted</p><p>C:\Windows\Wininit.INI deleted</p><p>C:\Windows\SysNative\config\systemprofile\Searches deleted</p><p>C:\windows\SysNative\GroupPolicy\Machine deleted</p><p>C:\windows\SysNative\GroupPolicy\User deleted</p><p>C:\windows\SysNative\GroupPolicy\gpt.ini deleted</p><p>C:\Users\OTHERR~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default\jetpack deleted</p><p>"C:\Windows\Installer\9f79.msi" deleted</p><p></p><p>==== Firefox Start and Search pages ======================</p><p></p><p>ProfilePath: C:\Users\OTHERR~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default</p><p>user_pref("browser.startup.homepage", "Google.com");</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:tmbepff@trendmicro.com">tmbepff@trendmicro.com</a>"="C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1081\9.0.1081\firefoxextension" [05/07/2015 09:35 PM]</p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}"="C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension" [05/07/2015 09:03 PM]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>ProfilePath: C:\Users\OTHERR~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default</p><p>- Undetermined - C:\Users\otherrrrrr\AppData\Roaming\IDM\idmmzcc5</p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\otherrrrrr\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default</p><p>F736D27974C8CB984774754D4D41205B - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll - Trend Micro Titanium</p><p>855B79451ECF62602F20EB4D5C71F99B - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director</p><p></p><p></p><p>==== Fake Chromium Profiles Check ======================</p><p></p><p>Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted</p><p></p><p>==== Chromium Look ======================</p><p></p><p>Google Chrome Version: 43.0.2357.81</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>aepeildmfnnehghlknddebgjghlompfe - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[02/11/2011 05:37 AM]</p><p>dflinnddekagfkncpgojoppgnppfkbkj - No path found[]</p><p>ohhcpmplhhiiaoiddkfboafbhiknefdf - No path found[]</p><p></p><p>Website Logon - otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe</p><p>Bookmark Manager - otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik</p><p>Chrome Hotword Shared Module - otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"</p><p>{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="<a href="http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}" target="_blank">http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}</a>"</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\538C0727BD5163242B53DDB6E2BB4DAB deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EDE59AC-D97C-4DA0-AF4B-915EC53D7B5A} deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E046DA65-7C5C-4F7A-AD91-347E3BA5F893} deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7270C835-15DB-4236-B235-DD6B2EBBD4BA} deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\538C0727BD5163242B53DDB6E2BB4DAB deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\otherrrrrr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\otherrrrrr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\6v81qh3m.default\cache2 emptied successfully</p><p>C:\Users\otherrrrrr\AppData\Local\Mozilla\Firefox\Profiles\gwatwpr8.default\cache2 emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>No Flash Cache Found</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=26 folders=14 4233093 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\Guest\AppData\Local\Temp emptied successfully</p><p>C:\Users\otherrrrrr\AppData\Local\Temp will be emptied at reboot</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\OTHERR~1\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== EOF on Tue 06/02/2015 at 4:53:15.58 ======================</p><p></p><p></p><p></p><p></p><p></p><p>and quick question do i still leave off my antispyware after these scans and reboot??</p></blockquote><p></p>
[QUOTE="jeighjeigh, post: 392993, member: 36781"] Here are my results from my scans: Malwarebytes Anti-Rootkit BETA 1.09.1.1004 [URL="http://www.malwarebytes.org"]www.malwarebytes.org[/URL] Database version: main: v2015.06.02.01 rootkit: v2015.05.31.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17801 otherrrrrr :: OWNER-HP [administrator] 6/2/2015 2:32:35 AM mbar-log-2015-06-02 (02-32-35).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 401633 Time elapsed: 39 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.1.1004 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17801 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.095000 GHz Memory total: 4240293888, free: 1460170752 Downloaded database version: v2015.06.02.01 Downloaded database version: v2015.05.31.01 Downloaded database version: v2015.05.13.01 ======================================= Initializing... ------------ Kernel report ------------ 06/02/2015 02:31:57 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\tmcomm.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\epp64.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\tmevtmgr.sys \SystemRoot\system32\DRIVERS\tmactmon.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\System32\Drivers\SCDEmu.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETwNs64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\Apfiltr.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\WDKMD.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\tmusa.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\tmnciesc.sys \SystemRoot\system32\DRIVERS\tmeevw.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! Scan started Database versions: main: v2015.06.02.01 rootkit: v2015.05.31.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80069a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80069a9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80069a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006839b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8004e63050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted. Drivers scan is aborted. Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: E668E4D2 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 1251022 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1253070 Numsec = 1429977780 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1431230850 Numsec = 33704370 Partition 3 type is Other (0xe) Partition is NOT ACTIVE. Partition starts at LBA: 1464935220 Numsec = 213948 Disk Size: 750156374016 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished ---------------------------------------------------------------- Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by otherrrrrr on Tue 06/02/2015 at 3:15:43.14. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\otherrrrrr\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 6/2/2015 3:18:35 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\DSPRobotics deleted successfully C:\PROGRA~2\Trend Micro deleted successfully C:\PROGRA~3\IDM deleted successfully C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\PROGRA~3\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} deleted successfully C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully C:\Users\Guest\AppData\Roaming\hpqLog deleted successfully C:\Users\otherrrrrr\AppData\Roaming\DMCache deleted successfully C:\Users\otherrrrrr\AppData\Roaming\hpqLog deleted successfully C:\Users\Guest\AppData\Local\VirtualStore deleted successfully C:\Users\otherrrrrr\AppData\Local\Downloaded Installations deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1852792263-1943724817-2778886419-1003\Software\Microsoft\Internet Explorer\SearchScopes\{44159DE0-8C9E-4DDB-963F-2BFBA9563559} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{44159DE0-8C9E-4DDB-963F-2BFBA9563559} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44159DE0-8C9E-4DDB-963F-2BFBA9563559} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\DSPRobotics not found C:\PROGRA~2\Trend Micro not found C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\PROGRA~3\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} not found C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found C:\PROGRA~3\DivX deleted C:\DPInst.exe deleted C:\found.000 deleted C:\Windows\SysNative\config\systemprofile\AppData\Roaming\NitroTmp.tmp deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\SummerSoft deleted C:\Windows\Wininit.INI deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Users\OTHERR~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default\jetpack deleted "C:\Windows\Installer\9f79.msi" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\OTHERR~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default user_pref("browser.startup.homepage", "Google.com"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "[email]tmbepff@trendmicro.com[/email]"="C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1081\9.0.1081\firefoxextension" [05/07/2015 09:35 PM] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}"="C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension" [05/07/2015 09:03 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\OTHERR~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default - Undetermined - C:\Users\otherrrrrr\AppData\Roaming\IDM\idmmzcc5 AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\otherrrrrr\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default F736D27974C8CB984774754D4D41205B - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll - Trend Micro Titanium 855B79451ECF62602F20EB4D5C71F99B - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.81 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aepeildmfnnehghlknddebgjghlompfe - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[02/11/2011 05:37 AM] dflinnddekagfkncpgojoppgnppfkbkj - No path found[] ohhcpmplhhiiaoiddkfboafbhiknefdf - No path found[] Website Logon - otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe Bookmark Manager - otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Chrome Hotword Shared Module - otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[URL]http://www.google.com/search?q={searchTerms}[/URL]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[URL]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/URL]" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="[URL]http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}[/URL]" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\538C0727BD5163242B53DDB6E2BB4DAB deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EDE59AC-D97C-4DA0-AF4B-915EC53D7B5A} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E046DA65-7C5C-4F7A-AD91-347E3BA5F893} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7270C835-15DB-4236-B235-DD6B2EBBD4BA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\538C0727BD5163242B53DDB6E2BB4DAB deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\otherrrrrr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\otherrrrrr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\6v81qh3m.default\cache2 emptied successfully C:\Users\otherrrrrr\AppData\Local\Mozilla\Firefox\Profiles\gwatwpr8.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=26 folders=14 4233093 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Guest\AppData\Local\Temp emptied successfully C:\Users\otherrrrrr\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\OTHERR~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Tue 06/02/2015 at 4:53:15.58 ====================== and quick question do i still leave off my antispyware after these scans and reboot?? [/QUOTE]
Insert quotes…
Verification
Post reply
Top