Solved Possible multiple infections dllhost.exe *32 Com Surrogate in sysWOW64 dir, Powelik etc

CuriosGeorge

New Member
Thread author
Nov 12, 2014
8
+++++First FRST64 run.........
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Anonymouse7 (administrator) on ANONYMOUSE7-PC on 15-11-2014 14:51:01
Running from C:\Users\Anonymouse7\Desktop
Loaded Profile: Anonymouse7 (Available profiles: Anonymouse7 & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {0a95aa89-b2f0-11e2-a410-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {3eb9274b-b2f1-11e2-8dd2-0019d181a116} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E02FB285247CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
Tcpip\..\Interfaces\{7D43E0F8-0AAB-4165-8A34-8E2E0038F894}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default
FF Homepage: hxxp://www.google.com/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\searchplugins\safeguard-secure-search.xml
FF Extension: UIGlobalNotify Class - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{F8D60573-0129-130E-B0BA-F9FB6449775B} [2014-11-09]
FF Extension: Greasemonkey - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-12-25]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (UIGlobalNotify Class) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-11-09]
CHR Extension: (Google Docs) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-17]
CHR Extension: (Google Drive) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]
CHR Extension: (YouTube) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-17]
CHR Extension: (Google Search) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-17]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2013-11-12]
CHR Extension: (CnC TA Script Collection) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-05-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-05-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 EBIOS32; C:\Windows\SysWOW64\Drivers\EBIOS32.SYS [13922 2010-10-28] (Intel Corporation) [File not signed]
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-02-11] (Paragon Software Group)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [45312 2009-02-11] (Windows (R) 2000 DDK provider)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 14:51 - 2014-11-15 14:51 - 00015280 _____ () C:\Users\Anonymouse7\Desktop\FRST.txt
2014-11-15 14:50 - 2014-11-15 14:51 - 00000000 ____D () C:\FRST
2014-11-15 14:48 - 2014-11-15 14:37 - 00001401 _____ () C:\Users\Anonymouse7\Desktop\iExplore - Shortcut.lnk
2014-11-15 14:48 - 2014-11-15 11:04 - 00415232 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FSS.exe
2014-11-15 14:48 - 2014-11-15 11:03 - 00401920 _____ (Farbar) C:\Users\Anonymouse7\Desktop\MiniToolBox.exe
2014-11-15 14:48 - 2014-11-15 11:01 - 05598504 _____ (Swearware) C:\Users\Anonymouse7\Desktop\ComboFix.exe
2014-11-15 14:48 - 2014-11-15 11:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anonymouse7\Desktop\WiNlOgOn.exe
2014-11-15 14:48 - 2014-11-15 11:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anonymouse7\Desktop\rkill.exe
2014-11-15 14:48 - 2014-11-15 10:57 - 02140160 _____ () C:\Users\Anonymouse7\Desktop\AdwCleaner.exe
2014-11-15 14:48 - 2014-11-15 10:54 - 02116608 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST64.exe
2014-11-15 14:48 - 2014-11-15 10:54 - 01108480 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST.exe
2014-11-15 14:48 - 2014-10-27 19:20 - 03060320 _____ (Symantec Corporation) C:\Users\Anonymouse7\Desktop\NortonPE.exe
2014-11-15 14:48 - 2014-10-26 16:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Anonymouse7\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-15 14:48 - 2014-08-31 09:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Anonymouse7\Desktop\spybot-2.4.exe
2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\YTPack
2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\Ehbtion
2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\ZertAkbem
2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\VeraPayvi
2014-11-08 18:13 - 2014-11-08 18:25 - 122046712 _____ (Microsoft Corporation) C:\Users\Anonymouse7\Downloads\msert.exe
2014-11-08 17:51 - 2014-11-08 18:05 - 115614832 _____ (Symantec Corporation) C:\Users\Anonymouse7\Downloads\NS-TW-22.0.0-EN-US.exe
2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\YezeJyed
2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\TeziTvir
2014-11-08 17:43 - 2014-11-08 17:43 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-08 17:42 - 2014-11-08 17:42 - 00000448 ____H () C:\Users\Anonymouse7\AppData\Roaming\麽鎒駓覜
2014-11-08 17:42 - 2014-11-08 17:42 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-08 17:41 - 2014-11-09 19:03 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\FrameworkUpdate7
2014-11-08 17:25 - 2014-11-08 17:26 - 00779704 _____ (Symantec) C:\Users\Anonymouse7\Downloads\Setup.exe
2014-11-08 16:45 - 2014-11-08 16:48 - 00032291 _____ () C:\Users\Anonymouse7\AppData\Roaming\893686b8
2014-11-08 16:45 - 2014-11-08 16:48 - 00024065 _____ () C:\Users\Anonymouse7\AppData\Local\893686b8
2014-11-08 16:45 - 2014-11-08 16:48 - 00021087 _____ () C:\ProgramData\893686b8
2014-11-08 16:25 - 2014-11-09 18:34 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-08 14:20 - 2014-11-09 18:37 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\CrashDumps
2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-29 11:54 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-29 11:54 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-29 11:54 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-29 10:21 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-29 10:21 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-27 14:28 - 2014-11-09 18:53 - 00000000 ____D () C:\NPE
2014-10-27 14:21 - 2014-11-09 18:57 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\NPE
2014-10-27 14:21 - 2014-10-27 14:22 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 13:55 - 2014-11-08 19:11 - 00000000 ____D () C:\CleanUpVirus

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 14:49 - 2013-05-02 21:42 - 00000000 ____D () C:\Users\Anonymouse7\Documents\Outlook Files
2014-11-15 14:48 - 2009-07-13 21:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 14:46 - 2009-07-13 20:51 - 00003638 _____ () C:\Windows\setupact.log
2014-11-15 14:29 - 2013-08-18 21:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 14:26 - 2013-06-17 18:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 14:19 - 2013-10-19 20:03 - 00000310 _____ () C:\Windows\Tasks\DigitalSite.job
2014-11-15 13:59 - 2013-05-01 22:25 - 02053732 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 20:25 - 2013-06-17 18:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 14:03 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 14:03 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 13:56 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-13 13:55 - 2013-05-02 15:56 - 00202476 _____ () C:\Windows\PFRO.log
2014-11-09 19:17 - 2013-11-08 19:55 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-11-09 19:10 - 2014-10-15 09:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 03:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA
2014-11-08 17:36 - 2013-08-18 21:22 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\Dropbox
2014-11-08 17:03 - 2009-07-13 20:45 - 00439992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-05 17:42 - 2013-07-23 16:18 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-11-03 13:07 - 2014-07-03 14:29 - 00000000 ____D () C:\Users\Anonymouse7\Desktop\AP CAP Folder
2014-10-29 13:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-29 11:47 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-29 11:46 - 2014-06-17 21:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-29 11:46 - 2009-07-13 23:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-29 10:41 - 2013-05-02 19:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-29 10:26 - 2013-05-02 15:58 - 00776448 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-29 10:21 - 2013-11-24 07:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-28 10:26 - 2013-06-17 18:28 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 05:34 - 2013-05-01 22:45 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 19:20 - 2013-06-17 18:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-27 19:20 - 2013-06-17 18:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 13:48 - 2013-09-29 06:48 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

Some content of TEMP:
====================
C:\Users\Anonymouse7\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 00:37

==================== End Of Log ============================

++++Second FRST64 run .....

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Anonymouse7 (administrator) on ANONYMOUSE7-PC on 15-11-2014 16:06:50
Running from C:\Users\Anonymouse7\Desktop
Loaded Profile: Anonymouse7 (Available profiles: Anonymouse7 & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Nikon Corporation) C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {0a95aa89-b2f0-11e2-a410-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-1790508116-3232562679-3642955932-1001\...\MountPoints2: {3eb9274b-b2f1-11e2-8dd2-0019d181a116} - J:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E02FB285247CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-1790508116-3232562679-3642955932-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
Tcpip\..\Interfaces\{7D43E0F8-0AAB-4165-8A34-8E2E0038F894}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default
FF Homepage: hxxp://www.google.com/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\searchplugins\safeguard-secure-search.xml
FF Extension: UIGlobalNotify Class - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{F8D60573-0129-130E-B0BA-F9FB6449775B} [2014-11-09]
FF Extension: Greasemonkey - C:\Users\Anonymouse7\AppData\Roaming\Mozilla\Firefox\Profiles\zzv82noz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-12-25]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (UIGlobalNotify Class) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-11-09]
CHR Extension: (Google Docs) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-17]
CHR Extension: (Google Drive) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]
CHR Extension: (YouTube) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-17]
CHR Extension: (Google Search) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-17]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2013-11-12]
CHR Extension: (CnC TA Script Collection) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Anonymouse7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-05-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-05-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 EBIOS32; C:\Windows\SysWOW64\Drivers\EBIOS32.SYS [13922 2010-10-28] (Intel Corporation) [File not signed]
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-02-11] (Paragon Software Group)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [45312 2009-02-11] (Windows (R) 2000 DDK provider)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1e6232e.sys 099E01A94167CA8BDA2CF72037AD0E28
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\SysWOW64\Drivers\EBIOS32.SYS 81BEE29F3D4A810350312D8B29CB8AFA
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hotcore3.sys C12374FE946EBE42B13234770249C387
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys AE0C5DF7E7DA3E7AC29B64CFA8C4F044
C:\Windows\System32\DRIVERS\iaStorF.sys 711241EA1BA9DB44F34D03D2AD00ED08
C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\ksaud.sys 64801398A9EA492548703CC5F0109F87
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 8E6247F418B4C8AE9EEB0B532CABCC21
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\uimx64.sys F86E3A8AC9BFFC8B6E64C40C7156B706
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 15:39 - 2014-11-15 15:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-15 15:38 - 2014-11-15 15:49 - 00000000 ____D () C:\Users\Anonymouse7\Desktop\mbar
2014-11-15 15:36 - 2014-11-15 15:37 - 00616586 _____ () C:\Users\Anonymouse7\Desktop\ESETPoweliksCleaner.exe_20141115.153650.204.log
2014-11-15 15:36 - 2014-11-15 15:33 - 00186568 _____ (ESET) C:\Users\Anonymouse7\Desktop\ESETPoweliksCleaner.exe
2014-11-15 15:36 - 2014-11-15 15:26 - 02737592 _____ (Malwarebytes ) C:\Users\Anonymouse7\Desktop\mbae-setup-1.04.1.1012.exe
2014-11-15 15:36 - 2014-11-15 15:24 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Anonymouse7\Desktop\mbar-1.08.1.1001.exe
2014-11-15 15:36 - 2014-11-15 15:00 - 00031111 _____ () C:\Users\Anonymouse7\Desktop\Addition111520141500.txt
2014-11-15 15:01 - 2014-11-15 15:01 - 00025342 _____ () C:\Users\Anonymouse7\Desktop\FRST111520141500.txt
2014-11-15 14:51 - 2014-11-15 16:07 - 00030566 _____ () C:\Users\Anonymouse7\Desktop\FRST.txt
2014-11-15 14:51 - 2014-11-15 14:51 - 00031111 _____ () C:\Users\Anonymouse7\Desktop\Addition.txt
2014-11-15 14:50 - 2014-11-15 16:06 - 00000000 ____D () C:\FRST
2014-11-15 14:48 - 2014-11-15 14:37 - 00001401 _____ () C:\Users\Anonymouse7\Desktop\iExplore - Shortcut.lnk
2014-11-15 14:48 - 2014-11-15 11:04 - 00415232 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FSS.exe
2014-11-15 14:48 - 2014-11-15 11:03 - 00401920 _____ (Farbar) C:\Users\Anonymouse7\Desktop\MiniToolBox.exe
2014-11-15 14:48 - 2014-11-15 11:01 - 05598504 _____ (Swearware) C:\Users\Anonymouse7\Desktop\ComboFix.exe
2014-11-15 14:48 - 2014-11-15 11:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anonymouse7\Desktop\rkill.exe
2014-11-15 14:48 - 2014-11-15 10:57 - 02140160 _____ () C:\Users\Anonymouse7\Desktop\AdwCleaner.exe
2014-11-15 14:48 - 2014-11-15 10:54 - 02116608 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST64.exe
2014-11-15 14:48 - 2014-11-15 10:54 - 01108480 _____ (Farbar) C:\Users\Anonymouse7\Desktop\FRST.exe
2014-11-15 14:48 - 2014-10-27 19:20 - 03060320 _____ (Symantec Corporation) C:\Users\Anonymouse7\Desktop\NortonPE.exe
2014-11-15 14:48 - 2014-10-26 16:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Anonymouse7\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-15 14:48 - 2014-08-31 09:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Anonymouse7\Desktop\spybot-2.4.exe
2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\YTPack
2014-11-09 18:36 - 2014-11-09 18:36 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\Ehbtion
2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\ZertAkbem
2014-11-09 18:35 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\VeraPayvi
2014-11-08 18:13 - 2014-11-08 18:25 - 122046712 _____ (Microsoft Corporation) C:\Users\Anonymouse7\Downloads\msert.exe
2014-11-08 17:51 - 2014-11-08 18:05 - 115614832 _____ (Symantec Corporation) C:\Users\Anonymouse7\Downloads\NS-TW-22.0.0-EN-US.exe
2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\YezeJyed
2014-11-08 17:46 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\TeziTvir
2014-11-08 17:43 - 2014-11-08 17:43 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-08 17:42 - 2014-11-08 17:42 - 00000448 ____H () C:\Users\Anonymouse7\AppData\Roaming\麽鎒駓覜
2014-11-08 17:42 - 2014-11-08 17:42 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-08 17:41 - 2014-11-09 19:03 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\FrameworkUpdate7
2014-11-08 17:25 - 2014-11-08 17:26 - 00779704 _____ (Symantec) C:\Users\Anonymouse7\Downloads\Setup.exe
2014-11-08 16:45 - 2014-11-08 16:48 - 00032291 _____ () C:\Users\Anonymouse7\AppData\Roaming\893686b8
2014-11-08 16:45 - 2014-11-08 16:48 - 00024065 _____ () C:\Users\Anonymouse7\AppData\Local\893686b8
2014-11-08 16:45 - 2014-11-08 16:48 - 00021087 _____ () C:\ProgramData\893686b8
2014-11-08 16:25 - 2014-11-09 18:34 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-08 14:20 - 2014-11-09 18:37 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\CrashDumps
2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-29 11:54 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-29 11:54 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-29 11:54 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-29 11:54 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-29 11:54 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-29 11:54 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-29 10:21 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-29 10:21 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-27 14:28 - 2014-11-09 18:53 - 00000000 ____D () C:\NPE
2014-10-27 14:21 - 2014-11-09 18:57 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Local\NPE
2014-10-27 14:21 - 2014-10-27 14:22 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 13:55 - 2014-11-15 15:35 - 00000000 ____D () C:\CleanUpVirus

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 16:06 - 2013-05-01 22:25 - 01279515 _____ () C:\Windows\WindowsUpdate.log
2014-11-15 16:03 - 2013-06-17 18:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 16:03 - 2013-05-02 15:56 - 00202802 _____ () C:\Windows\PFRO.log
2014-11-15 16:03 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-15 16:03 - 2009-07-13 20:51 - 00003750 _____ () C:\Windows\setupact.log
2014-11-15 16:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Globalization
2014-11-15 15:52 - 2014-10-15 09:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-15 15:44 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 15:44 - 2009-07-13 20:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 15:38 - 2014-10-15 09:58 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-15 15:29 - 2013-08-18 21:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 15:25 - 2013-06-17 18:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 15:19 - 2013-10-19 20:03 - 00000310 _____ () C:\Windows\Tasks\DigitalSite.job
2014-11-15 14:49 - 2013-05-02 21:42 - 00000000 ____D () C:\Users\Anonymouse7\Documents\Outlook Files
2014-11-15 14:48 - 2009-07-13 21:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 19:17 - 2013-11-08 19:55 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-11-09 03:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA
2014-11-08 17:36 - 2013-08-18 21:22 - 00000000 ____D () C:\Users\Anonymouse7\AppData\Roaming\Dropbox
2014-11-08 17:03 - 2009-07-13 20:45 - 00439992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-05 17:42 - 2013-07-23 16:18 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-11-03 13:07 - 2014-07-03 14:29 - 00000000 ____D () C:\Users\Anonymouse7\Desktop\AP CAP Folder
2014-10-29 13:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-29 11:47 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-29 11:46 - 2014-06-17 21:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-29 11:46 - 2009-07-13 23:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-29 11:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-29 10:41 - 2013-05-02 19:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-29 10:26 - 2013-05-02 15:58 - 00776448 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-29 10:21 - 2013-11-24 07:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-28 10:26 - 2013-06-17 18:28 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 05:34 - 2013-05-01 22:45 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 19:20 - 2013-06-17 18:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-27 19:20 - 2013-06-17 18:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-20 13:48 - 2014-10-15 09:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 13:48 - 2013-09-29 06:48 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

Some content of TEMP:
====================
C:\Users\Anonymouse7\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {54bcc701-b2f8-11e2-89f3-c08fd3efab3e}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 15

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {54bcc703-b2f8-11e2-89f3-c08fd3efab3e}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {54bcc701-b2f8-11e2-89f3-c08fd3efab3e}
nx OptIn
bootlog No

Windows Boot Loader
-------------------
identifier {54bcc703-b2f8-11e2-89f3-c08fd3efab3e}
device ramdisk=[C:]\Recovery\54bcc703-b2f8-11e2-89f3-c08fd3efab3e\Winre.wim,{54bcc704-b2f8-11e2-89f3-c08fd3efab3e}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\54bcc703-b2f8-11e2-89f3-c08fd3efab3e\Winre.wim,{54bcc704-b2f8-11e2-89f3-c08fd3efab3e}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {54bcc701-b2f8-11e2-89f3-c08fd3efab3e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {54bcc704-b2f8-11e2-89f3-c08fd3efab3e}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\54bcc703-b2f8-11e2-89f3-c08fd3efab3e\boot.sdi



LastRegBack: 2014-11-15 00:37

==================== End Of Log ============================

Files would not attach.
 

CuriosGeorge

New Member
Thread author
Nov 12, 2014
8
Bump - adding Eset and Combo results files.
 

Attachments

  • ESETPoweliksCleaner.exe_20141115.153650.204.log
    602.1 KB · Views: 42
  • ComboFix11162014-1327.txt
    23.6 KB · Views: 64

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"




FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 

CuriosGeorge

New Member
Thread author
Nov 12, 2014
8
Just ran these scans.
 

Attachments

  • mbar-log-2014-11-18 (14-39-25).txt
    2 KB · Views: 42
  • system-log.txt
    67.9 KB · Views: 45
  • FRST11182014-1431-A7.txt
    27.5 KB · Views: 51

CuriosGeorge

New Member
Thread author
Nov 12, 2014
8
Also noticing multiple DLLHOST.EXE-xxxxxxxx.pf files of different dates in the C:\Windows\Prefetch folder. I did not see those before when I ran a search for dllhost.exe on this machine. They seem to be matching the date/time that I have plugged in the Network to the machine. First one is on 10/20/2014 which seems to be when I first saw the Malware symptoms.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
We will clean all of it now:


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    4.5 KB · Views: 51

CuriosGeorge

New Member
Thread author
Nov 12, 2014
8
I noticed a change after the Fix, before, the Win Explorer list of drives would not drop the USB drive after eject, but this time it did.
 

Attachments

  • Fixlog11192014-0730-A7.txt
    4.4 KB · Views: 53

CuriosGeorge

New Member
Thread author
Nov 12, 2014
8
Immediately after sending the last, Java updater wanted to up date so I pulled up Task Manager and there were 2 dllhost.exe (no 832) com surrogate in the list that dropped after 1 second. Should I be alarmed?
 

CuriosGeorge

New Member
Thread author
Nov 12, 2014
8
I shutdown and again have installing updates 1 of 14, though I should have the updates installed on verification only.
 

CuriosGeorge

New Member
Thread author
Nov 12, 2014
8
I think that computer is good. Thank you. My FF on my laptop keeps blocking a redirection, so I will try to clean that.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is
very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.




Recommended additional software:
icon_arrow.gif
TFC - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
FiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top