WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected Machine Have DDS and ESET logs ready [Solved]

Started by jeff matthews , Jan 24 2014 01:17 AM

Viruses Maleware Worm Trojan

This topic is locked

27 replies to this topic

#16 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 29 January 2014 - 06:55 PM

Maleware Bytes LOG:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.29.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ashley :: ASHLEY-PC [administrator]

1/29/2014 12:38:01 PM
mbam-log-2014-01-29 (12-38-01).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 472219
Time elapsed: 41 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
D:\Backup Ashley\Ashley\Documents\Software\DVDFab 9.0.4.2 Final\Patch\dvdfab.9.x-patch.exe (PUP.Riskware.Patcher) -> Quarantined and deleted successfully.
D:\Backup Ashley\Ashley\Downloads\SoftonicDownloader_for_microsoft-word.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
D:\Backup Ashley\Ashley\Downloads\VLCMediaPlayerSetup-4k5uJOd.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
D:\Backup Ashley\Ashley\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

(end)

ESET LOG:

C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll   a variant of Win32/Toolbar.Montiera.A application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll   probably a variant of Win32/Toolbar.Montiera.A application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe   a variant of Win32/Toolbar.Montiera.A application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll   a variant of Win32/Toolbar.Montiera.F application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll   a variant of Win32/Toolbar.Escort.A application
C:\Program Files (x86)\CheckPoint\Install\zatb.exe   multiple threats
C:\Users\Ashley\Documents\Software Programs\Java.exe   a variant of Win32/AirAdInstaller.A application
C:\Users\Ashley\Documents\Software Programs\FFSetup296\FFSetup296.exe   multiple threats
C:\Users\Ashley\Documents\Virus Utlities\disk-defrag-setup.exe   a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Ashley\Downloads\cbsidlm-cbsi145-CBR_Reader-SEO-75609749.exe   a variant of Win32/CNETInstaller.B application
C:\Users\Ashley\Downloads\cbsidlm-tr1_14-VLC_Media_Player-SEO-10267151.exe   Win32/DownloadAdmin.G application
D:\Backup Ashley\Ashley\Documents\Encoding Software\FFSetup3.0.1.1.zip   multiple threats
D:\Backup Ashley\Ashley\Documents\Encoding Software\FFSetup3.0.1.1\FFSetup3.0.1.1.exe   multiple threats
D:\Backup Ashley\Ashley\Documents\Virus Clean up Tools\disk-defrag-setup.exe   a variant of Win32/Bundled.Toolbar.Ask application
D:\Backup Ashley\Ashley\Downloads\cbsidlm-tr1_13-Media_Player_Classic_Home_Cinema_64bit-SEO-75285683.exe   Win32/DownloadAdmin.G application
D:\Backup Ashley\Ashley\Downloads\cnet2_installspeedfan446_exe (1).exe   a variant of Win32/InstallCore.D application
D:\Backup Ashley\Ashley\Downloads\cnet2_installspeedfan446_exe.exe   a variant of Win32/InstallCore.D application
D:\Backup Ashley\Ashley\Downloads\cnet2_SetupImgBurn_2_5_7_0_exe.exe   a variant of Win32/InstallCore.D application
D:\Backup Ashley\Ashley\Downloads\cpu-z_1.60-setup-en.exe   a variant of Win32/Bundled.Toolbar.Ask application
D:\Backup Ashley\Ashley\Downloads\FFSetup3.0.1.1.zip   multiple threats
D:\Backup Ashley\Ashley\Downloads\google chrome setup.exe   a variant of Win32/InstallCore.AZ application
D:\Backup Ashley\Ashley\Downloads\GraboidVideoSetup-3.21-Complete.exe   Win32/Graboid application
D:\Backup Ashley\Ashley\Downloads\KillBox_v200881exe.exe   a variant of Win32/OpenInstall application
D:\Backup Ashley\Ashley\Downloads\SetupImgBurn_2.5.7.0.exe   a variant of Win32/Bundled.Toolbar.Ask application
D:\Backup Ashley\Ashley\Downloads\speedfan-setup.exe   Win32/DownloadAdmin.G application

I just have to mention upon removal of these infections and during the boot up process aftere rebooting, i saw a small window what looked like a video or a cam that popped up and shown something moving, i think we may have a hyjacker on this machine but im not sure. That was probably what my sister was reffering to and the root to these infection files were not on the C drive, but on other internal data drive on this machine.

Edited by jeff matthews, 29 January 2014 - 09:26 PM.

Advertisements

Register to Remove

#17 Jo*

SuperMember

Malware Team
1,208 posts

Posted 30 January 2014 - 09:28 AM

Hi jeff matthews,

The ZoneAlarm Security Toolbar may be responsible for some adware, if it is not really needed, it should be uninstalled.

i saw a small window what looked like a video or a cam that popped up and shown something moving

It would help if you could show us a picture of that thing here - perhaps your phone has a camera?

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL

:Files
C:\Program Files (x86)\CheckPoint\Install\zatb.exe 
C:\Users\Ashley\Documents\Software Programs\Java.exe
C:\Users\Ashley\Documents\Software Programs\FFSetup296\FFSetup296.exe 
C:\Users\Ashley\Documents\Virus Utlities\disk-defrag-setup.exe 
C:\Users\Ashley\Downloads\cbsidlm-cbsi145-CBR_Reader-SEO-75609749.exe 
C:\Users\Ashley\Downloads\cbsidlm-tr1_14-VLC_Media_Player-SEO-10267151.exe 
D:\Backup Ashley\Ashley\Documents\Encoding Software\FFSetup3.0.1.1.zip 
D:\Backup Ashley\Ashley\Documents\Encoding Software\FFSetup3.0.1.1\FFSetup3.0.1.1.exe 
D:\Backup Ashley\Ashley\Documents\Virus Clean up Tools\disk-defrag-setup.exe 
D:\Backup Ashley\Ashley\Downloads\cbsidlm-tr1_13-Media_Player_Classic_Home_Cinema_64bit-SEO-75285683.exe 
D:\Backup Ashley\Ashley\Downloads\cnet2_installspeedfan446_exe (1).exe 
D:\Backup Ashley\Ashley\Downloads\cnet2_installspeedfan446_exe.exe 
D:\Backup Ashley\Ashley\Downloads\cnet2_SetupImgBurn_2_5_7_0_exe.exe 
D:\Backup Ashley\Ashley\Downloads\cpu-z_1.60-setup-en.exe
D:\Backup Ashley\Ashley\Downloads\FFSetup3.0.1.1.zip 
D:\Backup Ashley\Ashley\Downloads\google chrome setup.exe 
D:\Backup Ashley\Ashley\Downloads\GraboidVideoSetup-3.21-Complete.exe 
D:\Backup Ashley\Ashley\Downloads\KillBox_v200881exe.exe 
D:\Backup Ashley\Ashley\Downloads\SetupImgBurn_2.5.7.0.exe
D:\Backup Ashley\Ashley\Downloads\speedfan-setup.exe 

:Commands
[purity]
[emptytemp]

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system.

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

Graduate of the WTT Classroom
Cheers,
Jo

#18 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 30 January 2014 - 11:48 AM

All processes killed
========== OTL ==========
========== FILES ==========
C:\Program Files (x86)\CheckPoint\Install\zatb.exe moved successfully.
C:\Users\Ashley\Documents\Software Programs\Java.exe moved successfully.
C:\Users\Ashley\Documents\Software Programs\FFSetup296\FFSetup296.exe moved successfully.
C:\Users\Ashley\Documents\Virus Utlities\disk-defrag-setup.exe moved successfully.
C:\Users\Ashley\Downloads\cbsidlm-cbsi145-CBR_Reader-SEO-75609749.exe moved successfully.
C:\Users\Ashley\Downloads\cbsidlm-tr1_14-VLC_Media_Player-SEO-10267151.exe moved successfully.
D:\Backup Ashley\Ashley\Documents\Encoding Software\FFSetup3.0.1.1.zip moved successfully.
D:\Backup Ashley\Ashley\Documents\Encoding Software\FFSetup3.0.1.1\FFSetup3.0.1.1.exe moved successfully.
D:\Backup Ashley\Ashley\Documents\Virus Clean up Tools\disk-defrag-setup.exe moved successfully.
D:\Backup Ashley\Ashley\Downloads\cbsidlm-tr1_13-Media_Player_Classic_Home_Cinema_64bit-SEO-75285683.exe moved successfully.
D:\Backup Ashley\Ashley\Downloads\cnet2_installspeedfan446_exe (1).exe moved successfully.
D:\Backup Ashley\Ashley\Downloads\cnet2_installspeedfan446_exe.exe moved successfully.
D:\Backup Ashley\Ashley\Downloads\cnet2_SetupImgBurn_2_5_7_0_exe.exe moved successfully.
D:\Backup Ashley\Ashley\Downloads\cpu-z_1.60-setup-en.exe moved successfully.
D:\Backup Ashley\Ashley\Downloads\FFSetup3.0.1.1.zip moved successfully.
D:\Backup Ashley\Ashley\Downloads\google chrome setup.exe moved successfully.
D:\Backup Ashley\Ashley\Downloads\GraboidVideoSetup-3.21-Complete.exe moved successfully.
D:\Backup Ashley\Ashley\Downloads\KillBox_v200881exe.exe moved successfully.
D:\Backup Ashley\Ashley\Downloads\SetupImgBurn_2.5.7.0.exe moved successfully.
D:\Backup Ashley\Ashley\Downloads\speedfan-setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ashley
->Temp folder emptied: 467981 bytes
->Temporary Internet Files folder emptied: 113564 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18521723 bytes
->Flash cache emptied: 1005 bytes

User: Chuck
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kristi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public

User: Teri
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4459 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01302014_093743

Files\Folders moved on Reboot...
C:\Users\Ashley\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ashley\AppData\Local\Temp\~DFBDB207BA994D10EB.TMP moved successfully.
C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
C:\Windows\temp\ZLT00144.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I am not sure how to delete the Zone alarm toolbar with out having to remove the entire program.

OTL logfile created on: 1/30/2014 9:42:03 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ashley\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.94 Gb Total Physical Memory | 6.08 Gb Available Physical Memory | 76.67% Memory free
15.87 Gb Paging File | 13.60 Gb Available in Paging File | 85.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 3.51 Gb Free Space | 2.36% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 69.31 Gb Free Space | 29.76% Space Free | Partition Type: NTFS

Computer Name: ASHLEY-PC | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ashley\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CyberLink PowerDVD 13 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (CyberLink)
SRV - (CyberLink PowerDVD 13 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ZAPrivacyService) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe ()
SRV - (AsusFanControlService) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe (ASUSTeK Computer Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (ThreatTrack Security)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ndisrd) -- C:\Windows\SysNative\drivers\ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - ({09F57980-3432-4AFC-957D-27AC45FAE1F5}) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 99 EC E8 F3 9F CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {42DF1DBB-C90A-45F1-9BD9-969B899C7E37}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{42DF1DBB-C90A-45F1-9BD9-969B899C7E37}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=293224&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/26 13:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions
[2014/01/16 18:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions
[2013/12/03 23:14:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/23 12:28:07 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions\ffxtlbr@zonealarm.com
[2014/01/16 18:39:28 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/20 23:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js
[2013/08/26 13:00:35 | 000,000,915 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\searchplugins\yahoo.xml
[2013/12/03 11:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/14 02:13:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PowerDVD13Agent] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6888F6D-509E-465A-8E0B-1796B1F4FE4E}: DhcpNameServer = 192.168.0.1 205.171.2.65
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/29 17:04:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/01/28 18:11:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/28 18:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/01/28 18:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/01/28 18:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/01/28 18:10:33 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/01/28 18:10:30 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/01/28 18:10:30 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/01/28 18:10:30 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/28 18:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/28 18:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/01/27 11:53:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/27 11:53:41 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Ashley\Desktop\JRT.exe
[2014/01/26 11:42:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/25 16:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/25 16:02:21 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/25 16:02:20 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\mbar
[2014/01/25 15:29:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2014/01/25 15:29:15 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Ashley\Desktop\mbar-1.07.0.1009.exe
[2014/01/25 03:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/01/25 03:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/01/23 22:55:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\dds.com
[2014/01/15 03:57:31 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 03:57:31 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/15 03:57:30 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/14 02:43:53 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiark.sys
[2014/01/14 02:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2014/01/14 02:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2014/01/14 01:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/01/14 01:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/01/09 20:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CBR Reader
[2014/01/09 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CBR Reader
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/30 09:39:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/30 09:39:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/30 09:39:15 | 2095,321,087 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/30 09:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/30 08:49:24 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/29 17:04:45 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/29 17:04:45 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/28 18:10:20 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/28 18:10:19 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/01/28 18:10:19 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/01/28 18:10:19 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/01/27 11:53:25 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Ashley\Desktop\JRT.exe
[2014/01/26 11:41:53 | 001,236,282 | ---- | M] () -- C:\Users\Ashley\Desktop\AdwCleaner.exe
[2014/01/26 11:40:01 | 000,008,311 | ---- | M] () -- C:\Users\Ashley\Documents\A List of Buffy and Angel Series.rtf
[2014/01/26 06:18:11 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/25 16:02:21 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/25 16:00:20 | 000,002,034 | ---- | M] () -- C:\Users\Ashley\Desktop\american movies.rtf
[2014/01/25 15:29:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2014/01/25 15:29:01 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Ashley\Desktop\mbar-1.07.0.1009.exe
[2014/01/25 15:27:28 | 000,987,425 | ---- | M] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2014/01/25 03:38:43 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/01/25 03:38:43 | 000,001,931 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/01/23 22:54:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\dds.com
[2014/01/21 23:36:14 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/21 23:36:14 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/21 23:36:14 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/14 02:28:26 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/14 01:59:27 | 000,008,311 | ---- | M] () -- C:\Users\Ashley\Documents\2013 Horror Movies.rtf
[2014/01/14 01:53:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/14 01:53:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/09 20:18:02 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\CBR Reader.lnk
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/26 11:42:11 | 001,236,282 | ---- | C] () -- C:\Users\Ashley\Desktop\AdwCleaner.exe
[2014/01/25 16:00:19 | 000,002,034 | ---- | C] () -- C:\Users\Ashley\Desktop\american movies.rtf
[2014/01/25 15:54:29 | 000,008,311 | ---- | C] () -- C:\Users\Ashley\Documents\A List of Buffy and Angel Series.rtf
[2014/01/25 15:27:57 | 000,987,425 | ---- | C] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2014/01/14 01:59:27 | 000,008,311 | ---- | C] () -- C:\Users\Ashley\Documents\2013 Horror Movies.rtf
[2014/01/14 01:53:38 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/01/14 01:53:37 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/01/09 20:18:02 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\CBR Reader.lnk
[2013/09/19 23:43:19 | 006,253,340 | ---- | C] () -- C:\Program Files\madVR08611.zip
[2013/08/26 22:47:55 | 000,005,632 | ---- | C] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/23 12:32:53 | 000,022,969 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013/08/22 20:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/08/22 20:56:31 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/08/22 20:56:31 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/08/22 20:56:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/08/22 20:39:15 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013/08/22 20:39:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013/08/22 20:24:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/08/22 20:24:25 | 000,042,214 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/06/19 17:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/05/10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#19 Jo*

SuperMember

Malware Team
1,208 posts

Posted 31 January 2014 - 08:29 AM

Hi jeff matthews,

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. Vista / Windows 7/8 users right-click and select Run As Administrator
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

***

Please download Farbar Recovery Scan Tool and save it to your USB.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Then plug the USB / Flash Drive into the Ransomed / Infected computer.

Use "Computer" to find the USB / Flash drive.
Double-click to run FSRT. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Graduate of the WTT Classroom
Cheers,
Jo

#20 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 31 January 2014 - 03:08 PM

Ok here is the MBR Log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-31 13:01:18
-----------------------------
13:01:18.868    OS Version: Windows x64 6.1.7601 Service Pack 1
13:01:18.868    Number of processors: 4 586 0x3A09
13:01:18.871    ComputerName: ASHLEY-PC UserName: Ashley
13:01:20.216    Initialize success
13:02:00.176    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5
13:02:00.179    Disk 0 Vendor: WDC_WD1600AAJS-08PSA0 05.06H05 Size: 152627MB BusType: 3
13:02:00.182    Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
13:02:00.184    Disk 1 Vendor: WDC_WD2500AAKX-00ERMA0 15.01H15 Size: 238475MB BusType: 3
13:02:00.308    Disk 0 MBR read successfully
13:02:00.311    Disk 0 MBR scan
13:02:00.314    Disk 0 Windows 7 default MBR code
13:02:00.321    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:02:00.324    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152525 MB offset 206848
13:02:00.340    Disk 0 scanning C:\Windows\system32\drivers
13:02:09.673    Service scanning
13:02:17.645    Service MSICDSetup E:\CDriver64.sys **LOCKED** 21
13:02:26.797    Modules scanning
13:02:26.806    Disk 0 trace - called modules:
13:02:26.832    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:02:26.838    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077bf060]
13:02:26.843    3 CLASSPNP.SYS[fffff880020f543f] -> nt!IofCallDriver -> [0xfffffa8007567560]
13:02:26.848    5 ACPI.sys[fffff88000f837a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa80072f2680]
13:02:26.853    Scan finished successfully
13:02:36.924    Disk 0 MBR has been saved successfully to "C:\Users\Ashley\Desktop\MBR.dat"
13:02:36.928    The log file has been saved successfully to "C:\Users\Ashley\Desktop\aswMBR.txt"

Here is the FUBAR log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Ashley (administrator) on ASHLEY-PC on 31-01-2014 13:08:57
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-18] (Intel Corporation)
HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2013-08-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [PowerDVD13Agent] - C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2013-09-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2014-01-14] (SUPERAntiSpyware)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6D99ECE8F39FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {42DF1DBB-C90A-45F1-9BD9-969B899C7E37} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {42DF1DBB-C90A-45F1-9BD9-969B899C7E37} URL = http://search.yahoo....p={searchTerms}
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp...ols/pcmatic.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65

FireFox:
========
FF ProfilePath: C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: zonealarm.com - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\Extensions\ffxtlbr@zonealarm.com [2013-08-23]
FF Extension: WOT - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-03]
FF Extension: Adblock Plus - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-23]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-09-13] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-09-13] (CyberLink)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-18] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-09-13] (CyberLink Corp.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]
U3 aswMBR; \??\C:\Users\Ashley\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-31 13:08 - 2014-01-31 13:08 - 00000000 ____D C:\FRST
2014-01-31 13:04 - 2014-01-31 13:04 - 02079744 _____ (Farbar) C:\Users\Ashley\Downloads\FRST64.exe
2014-01-31 13:03 - 2014-01-31 13:03 - 00000560 _____ C:\Users\Ashley\Desktop\MbR.zip
2014-01-31 13:02 - 2014-01-31 13:02 - 00001886 _____ C:\Users\Ashley\Desktop\aswMBR.txt
2014-01-31 13:02 - 2014-01-31 13:02 - 00000512 _____ C:\Users\Ashley\Desktop\MBR.dat
2014-01-31 13:01 - 2014-01-31 13:00 - 04745728 _____ (AVAST Software) C:\Users\Ashley\Desktop\aswMBR.exe
2014-01-31 13:00 - 2014-01-31 13:00 - 04745728 _____ (AVAST Software) C:\Users\Ashley\Downloads\aswMBR.exe
2014-01-29 19:25 - 2014-01-29 19:25 - 00002840 _____ C:\Users\Ashley\Desktop\ESET.txt
2014-01-29 17:04 - 2014-01-29 17:04 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-29 17:02 - 2014-01-29 17:02 - 02347384 _____ (ESET) C:\Users\Ashley\Downloads\esetsmartinstaller_enu.exe
2014-01-28 18:11 - 2014-01-28 18:11 - 00000000 ____D C:\_OTL
2014-01-28 18:10 - 2014-01-28 18:10 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-28 18:10 - 2014-01-28 18:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-28 18:10 - 2014-01-28 18:10 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-28 18:10 - 2014-01-28 18:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-28 18:10 - 2014-01-28 18:10 - 00000000 ____D C:\ProgramData\Sun
2014-01-28 18:10 - 2014-01-28 18:10 - 00000000 ____D C:\ProgramData\Oracle
2014-01-28 18:10 - 2014-01-28 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-28 18:08 - 2014-01-28 18:09 - 00921000 _____ (Oracle Corporation) C:\Users\Ashley\Downloads\jxpiinstall.exe
2014-01-27 11:58 - 2014-01-27 11:58 - 00001491 _____ C:\Users\Ashley\Desktop\JRT.txt
2014-01-27 11:53 - 2014-01-27 11:53 - 01037068 _____ (Thisisu) C:\Users\Ashley\Downloads\JRT.exe
2014-01-27 11:53 - 2014-01-27 11:53 - 01037068 _____ (Thisisu) C:\Users\Ashley\Desktop\JRT.exe
2014-01-27 11:53 - 2014-01-27 11:53 - 00000000 ____D C:\Windows\ERUNT
2014-01-26 11:42 - 2014-01-26 11:45 - 00000000 ____D C:\AdwCleaner
2014-01-26 11:42 - 2014-01-26 11:41 - 01236282 _____ C:\Users\Ashley\Desktop\AdwCleaner.exe
2014-01-26 11:41 - 2014-01-26 11:41 - 01236282 _____ C:\Users\Ashley\Downloads\AdwCleaner.exe
2014-01-25 16:36 - 2014-01-30 09:48 - 00071756 _____ C:\Users\Ashley\Desktop\OTL.Txt
2014-01-25 16:36 - 2014-01-25 16:36 - 00054922 _____ C:\Users\Ashley\Desktop\Extras.Txt
2014-01-25 16:03 - 2014-01-25 16:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-25 16:02 - 2014-01-25 16:28 - 00000000 ____D C:\Users\Ashley\Desktop\mbar
2014-01-25 16:02 - 2014-01-25 16:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-25 15:29 - 2014-01-25 15:29 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Ashley\Desktop\mbar-1.07.0.1009.exe
2014-01-25 15:29 - 2014-01-25 15:29 - 00602112 _____ (OldTimer Tools) C:\Users\Ashley\Downloads\OTL.exe
2014-01-25 15:29 - 2014-01-25 15:29 - 00602112 _____ (OldTimer Tools) C:\Users\Ashley\Desktop\OTL.exe
2014-01-25 15:28 - 2014-01-25 15:29 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Ashley\Downloads\mbar-1.07.0.1009.exe
2014-01-25 15:27 - 2014-01-25 15:27 - 00987425 _____ C:\Users\Ashley\Downloads\SecurityCheck.exe
2014-01-25 15:27 - 2014-01-25 15:27 - 00987425 _____ C:\Users\Ashley\Desktop\SecurityCheck.exe
2014-01-25 03:38 - 2014-01-25 03:38 - 00000000 ____D C:\Program Files\McAfee Security Scan
2014-01-23 22:56 - 2014-01-23 23:07 - 00015573 _____ C:\Users\Ashley\Desktop\dds.txt
2014-01-23 22:56 - 2014-01-23 23:07 - 00008167 _____ C:\Users\Ashley\Desktop\attach.txt
2014-01-23 22:55 - 2014-01-23 22:54 - 00688992 ____R (Swearware) C:\Users\Ashley\Desktop\dds.com
2014-01-23 22:54 - 2014-01-23 22:54 - 00688992 _____ (Swearware) C:\Users\Ashley\Downloads\dds.com
2014-01-23 22:47 - 2014-01-23 22:47 - 00004412 _____ C:\Users\Ashley\Desktop\ESETreport.txt
2014-01-17 03:46 - 2014-01-17 03:46 - 00000000 ____D C:\Users\Kristi\AppData\Local\CyberLink
2014-01-17 02:49 - 2014-01-30 09:39 - 00003344 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3972269244-1675263637-520896221-1000
2014-01-17 02:49 - 2014-01-30 09:39 - 00003212 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3972269244-1675263637-520896221-1000
2014-01-15 03:57 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 03:57 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 03:57 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 03:57 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 03:57 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 03:57 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 03:57 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 03:57 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 03:57 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 02:43 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-01-14 02:26 - 2014-01-14 02:28 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashley\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 02:23 - 2014-01-28 18:16 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2014-01-14 02:23 - 2014-01-28 18:14 - 00000000 ____D C:\ProgramData\PCPitstop
2014-01-14 02:21 - 2014-01-14 02:22 - 13580568 _____ (PC Pitstop LLC                                              ) C:\Users\Ashley\Downloads\pcmatichs-setup-0020.exe
2014-01-14 02:15 - 2014-01-14 02:15 - 00180000 _____ (Kaspersky Lab) C:\Users\Ashley\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-01-14 01:53 - 2014-01-25 03:38 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-01-14 01:53 - 2014-01-14 01:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2014-01-14 01:53 - 2014-01-14 01:53 - 00000000 ____D C:\ProgramData\McAfee
2014-01-14 01:27 - 2014-01-14 01:27 - 00185800 _____ (Лаборатория Касперского) C:\Users\Ashley\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-01-09 20:18 - 2014-01-09 20:18 - 00000958 _____ C:\Users\Public\Desktop\CBR Reader.lnk
2014-01-09 20:18 - 2014-01-09 20:18 - 00000000 ____D C:\Program Files (x86)\CBR Reader

==================== One Month Modified Files and Folders =======

2014-01-31 13:08 - 2014-01-31 13:08 - 00000000 ____D C:\FRST
2014-01-31 13:04 - 2014-01-31 13:04 - 02079744 _____ (Farbar) C:\Users\Ashley\Downloads\FRST64.exe
2014-01-31 13:03 - 2014-01-31 13:03 - 00000560 _____ C:\Users\Ashley\Desktop\MbR.zip
2014-01-31 13:02 - 2014-01-31 13:02 - 00001886 _____ C:\Users\Ashley\Desktop\aswMBR.txt
2014-01-31 13:02 - 2014-01-31 13:02 - 00000512 _____ C:\Users\Ashley\Desktop\MBR.dat
2014-01-31 13:02 - 2009-07-13 21:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-31 13:00 - 2014-01-31 13:01 - 04745728 _____ (AVAST Software) C:\Users\Ashley\Desktop\aswMBR.exe
2014-01-31 13:00 - 2014-01-31 13:00 - 04745728 _____ (AVAST Software) C:\Users\Ashley\Downloads\aswMBR.exe
2014-01-31 13:00 - 2013-08-23 12:32 - 00024089 ____H C:\Windows\SysWOW64\BTImages.dat
2014-01-31 12:59 - 2009-07-13 20:51 - 00026973 _____ C:\Windows\setupact.log
2014-01-31 12:49 - 2013-08-23 11:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 12:46 - 2013-08-23 11:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 12:43 - 2013-08-22 20:16 - 01116263 _____ C:\Windows\WindowsUpdate.log
2014-01-31 12:42 - 2013-08-22 21:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 23:11 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 23:11 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 09:48 - 2014-01-25 16:36 - 00071756 _____ C:\Users\Ashley\Desktop\OTL.Txt
2014-01-30 09:39 - 2014-01-17 02:49 - 00003344 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3972269244-1675263637-520896221-1000
2014-01-30 09:39 - 2014-01-17 02:49 - 00003212 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3972269244-1675263637-520896221-1000
2014-01-30 09:39 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 09:37 - 2013-08-23 11:17 - 00000000 ____D C:\Users\Ashley\Documents\Virus Utlities
2014-01-29 19:25 - 2014-01-29 19:25 - 00002840 _____ C:\Users\Ashley\Desktop\ESET.txt
2014-01-29 17:04 - 2014-01-29 17:04 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-29 17:02 - 2014-01-29 17:02 - 02347384 _____ (ESET) C:\Users\Ashley\Downloads\esetsmartinstaller_enu.exe
2014-01-29 16:57 - 2013-08-22 20:52 - 00044588 _____ C:\Windows\PFRO.log
2014-01-28 18:16 - 2014-01-14 02:23 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2014-01-28 18:14 - 2014-01-14 02:23 - 00000000 ____D C:\ProgramData\PCPitstop
2014-01-28 18:11 - 2014-01-28 18:11 - 00000000 ____D C:\_OTL
2014-01-28 18:10 - 2014-01-28 18:10 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-28 18:10 - 2014-01-28 18:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-28 18:10 - 2014-01-28 18:10 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-28 18:10 - 2014-01-28 18:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-28 18:10 - 2014-01-28 18:10 - 00000000 ____D C:\ProgramData\Sun
2014-01-28 18:10 - 2014-01-28 18:10 - 00000000 ____D C:\ProgramData\Oracle
2014-01-28 18:10 - 2014-01-28 18:10 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-28 18:09 - 2014-01-28 18:08 - 00921000 _____ (Oracle Corporation) C:\Users\Ashley\Downloads\jxpiinstall.exe
2014-01-28 18:07 - 2013-08-26 14:39 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\vlc
2014-01-27 11:58 - 2014-01-27 11:58 - 00001491 _____ C:\Users\Ashley\Desktop\JRT.txt
2014-01-27 11:53 - 2014-01-27 11:53 - 01037068 _____ (Thisisu) C:\Users\Ashley\Downloads\JRT.exe
2014-01-27 11:53 - 2014-01-27 11:53 - 01037068 _____ (Thisisu) C:\Users\Ashley\Desktop\JRT.exe
2014-01-27 11:53 - 2014-01-27 11:53 - 00000000 ____D C:\Windows\ERUNT
2014-01-26 11:45 - 2014-01-26 11:42 - 00000000 ____D C:\AdwCleaner
2014-01-26 11:41 - 2014-01-26 11:42 - 01236282 _____ C:\Users\Ashley\Desktop\AdwCleaner.exe
2014-01-26 11:41 - 2014-01-26 11:41 - 01236282 _____ C:\Users\Ashley\Downloads\AdwCleaner.exe
2014-01-26 11:41 - 2013-10-24 13:03 - 00000000 ____D C:\Users\Ashley\AppData\Local\DoNotTrackPlus
2014-01-26 06:18 - 2009-07-13 20:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-25 16:36 - 2014-01-25 16:36 - 00054922 _____ C:\Users\Ashley\Desktop\Extras.Txt
2014-01-25 16:28 - 2014-01-25 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-25 16:28 - 2014-01-25 16:02 - 00000000 ____D C:\Users\Ashley\Desktop\mbar
2014-01-25 16:02 - 2014-01-25 16:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-25 15:29 - 2014-01-25 15:29 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Ashley\Desktop\mbar-1.07.0.1009.exe
2014-01-25 15:29 - 2014-01-25 15:29 - 00602112 _____ (OldTimer Tools) C:\Users\Ashley\Downloads\OTL.exe
2014-01-25 15:29 - 2014-01-25 15:29 - 00602112 _____ (OldTimer Tools) C:\Users\Ashley\Desktop\OTL.exe
2014-01-25 15:29 - 2014-01-25 15:28 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Ashley\Downloads\mbar-1.07.0.1009.exe
2014-01-25 15:27 - 2014-01-25 15:27 - 00987425 _____ C:\Users\Ashley\Downloads\SecurityCheck.exe
2014-01-25 15:27 - 2014-01-25 15:27 - 00987425 _____ C:\Users\Ashley\Desktop\SecurityCheck.exe
2014-01-25 15:27 - 2013-08-26 12:58 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\uTorrent
2014-01-25 03:38 - 2014-01-25 03:38 - 00000000 ____D C:\Program Files\McAfee Security Scan
2014-01-25 03:38 - 2014-01-14 01:53 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-01-23 23:07 - 2014-01-23 22:56 - 00015573 _____ C:\Users\Ashley\Desktop\dds.txt
2014-01-23 23:07 - 2014-01-23 22:56 - 00008167 _____ C:\Users\Ashley\Desktop\attach.txt
2014-01-23 22:54 - 2014-01-23 22:55 - 00688992 ____R (Swearware) C:\Users\Ashley\Desktop\dds.com
2014-01-23 22:54 - 2014-01-23 22:54 - 00688992 _____ (Swearware) C:\Users\Ashley\Downloads\dds.com
2014-01-23 22:47 - 2014-01-23 22:47 - 00004412 _____ C:\Users\Ashley\Desktop\ESETreport.txt
2014-01-23 19:22 - 2013-08-23 12:38 - 00000000 ____D C:\ProgramData\CanonIJPLM
2014-01-21 23:37 - 2013-08-23 11:08 - 00000000 ____D C:\Windows\system32\MRT
2014-01-21 23:33 - 2013-08-23 11:08 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 03:46 - 2014-01-17 03:46 - 00000000 ____D C:\Users\Kristi\AppData\Local\CyberLink
2014-01-17 03:45 - 2013-08-25 11:11 - 00001413 _____ C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-14 02:45 - 2013-08-22 20:19 - 00000000 ____D C:\Users\Ashley\AppData\Local\VirtualStore
2014-01-14 02:38 - 2013-08-22 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-14 02:28 - 2014-01-14 02:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashley\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 02:28 - 2013-08-23 11:24 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-14 02:28 - 2013-08-23 11:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 02:22 - 2014-01-14 02:21 - 13580568 _____ (PC Pitstop LLC                                              ) C:\Users\Ashley\Downloads\pcmatichs-setup-0020.exe
2014-01-14 02:15 - 2014-01-14 02:15 - 00180000 _____ (Kaspersky Lab) C:\Users\Ashley\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-01-14 02:13 - 2013-12-03 11:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-14 01:53 - 2014-01-14 01:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2014-01-14 01:53 - 2014-01-14 01:53 - 00000000 ____D C:\ProgramData\McAfee
2014-01-14 01:53 - 2013-08-22 21:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-14 01:53 - 2013-08-22 21:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-14 01:53 - 2013-08-22 21:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-14 01:51 - 2013-08-22 21:13 - 00000000 ____D C:\Users\Ashley\AppData\Local\Adobe
2014-01-14 01:27 - 2014-01-14 01:27 - 00185800 _____ (Лаборатория Касперского) C:\Users\Ashley\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-01-14 01:25 - 2013-08-23 11:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-13 12:51 - 2013-08-22 21:08 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\Adobe
2014-01-09 20:18 - 2014-01-09 20:18 - 00000958 _____ C:\Users\Public\Desktop\CBR Reader.lnk
2014-01-09 20:18 - 2014-01-09 20:18 - 00000000 ____D C:\Program Files (x86)\CBR Reader

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-29 07:58

==================== End Of Log ============================

I also have both files attached to this post.

Attached Files

MbR.zip 560bytes 289 downloads
Addition.txt 31.01KB 375 downloads

Edited by jeff matthews, 31 January 2014 - 03:11 PM.

#21 Jo*

SuperMember

Malware Team
1,208 posts

Posted 01 February 2014 - 09:25 AM

Hi jeff matthews,

I am not sure how to delete the Zone alarm toolbar with out having to remove the entire program.

post #5 > OTL Extras log shows:

========== HKEY_LOCAL_MACHINE Uninstall List ==========
...
...
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Is there a "ZoneAlarm Security Toolbar" item?

i saw a small window what looked like a video or a cam that popped up and shown something moving
It would help if you could show us a picture of that thing here - perhaps your phone has a camera?

Is it possible to get a picture?

What is this:

2014-01-14 01:27 - 2014-01-14 01:27 - 00185800 _____ (Лаборатория Касперского) C:\Users\Ashley\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe

***

Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop

***

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs

***

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!

***

How the pc is running now?

***

Graduate of the WTT Classroom
Cheers,
Jo

#22 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 01 February 2014 - 01:42 PM

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Is there a "ZoneAlarm Security Toolbar" item?

No their is not. it just says "Zone alarm free antivirus + Firewall" In the program and features, i could uninstall it but it will uninstall the entire software.

Is it possible to get a picture?

I can try but it only happened upon boot-up and it only happened once. So i don't know if its going to happen again. It may of been a video opening on the computer or something by it self. It is hard to explain.

What is this:

After carefully locating that file, that seems to be some sort of Kaspersky Security scan application that was downloaded, have no idea if this software is legitimate or fake, ive never seen the icon before so it looks fake to me.

Here is the Combo fix Log:

ComboFix 14-02-01.01 - Ashley 02/01/2014 11:52:43.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8126.5984 [GMT -8:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-01 to 2014-02-01 )))))))))))))))))))))))))))))))
.
.
2014-02-01 20:08 . 2014-02-01 20:08   --------   d-----w-   c:\users\Teri\AppData\Local\temp
2014-02-01 20:08 . 2014-02-01 20:08   --------   d-----w-   c:\users\Kristi\AppData\Local\temp
2014-02-01 20:08 . 2014-02-01 20:08   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2014-02-01 20:08 . 2014-02-01 20:08   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-01-31 21:08 . 2014-01-31 21:09   --------   d-----w-   C:\FRST
2014-01-31 20:44 . 2014-01-31 20:44   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{664A1B76-012C-4C0F-A221-5D36583026AF}\offreg.dll
2014-01-31 20:43 . 2013-12-04 03:28   10315576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{664A1B76-012C-4C0F-A221-5D36583026AF}\mpengine.dll
2014-01-30 01:04 . 2014-01-30 01:04   --------   d-----w-   c:\program files (x86)\ESET
2014-01-29 02:11 . 2014-01-29 02:11   --------   d-----w-   C:\_OTL
2014-01-29 02:10 . 2014-01-29 02:10   --------   d-----w-   c:\programdata\Oracle
2014-01-29 02:10 . 2014-01-29 02:10   --------   d-----w-   c:\program files (x86)\Common Files\Java
2014-01-29 02:10 . 2014-01-29 02:10   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-29 02:10 . 2014-01-29 02:10   --------   d-----w-   c:\program files (x86)\Java
2014-01-27 19:53 . 2014-01-27 19:53   --------   d-----w-   c:\windows\ERUNT
2014-01-26 19:42 . 2014-01-26 19:45   --------   d-----w-   C:\AdwCleaner
2014-01-26 00:03 . 2014-01-26 00:28   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-26 00:02 . 2014-01-26 00:02   91352   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-01-25 11:38 . 2014-01-25 11:38   --------   d-----w-   c:\program files\McAfee Security Scan
2014-01-17 11:46 . 2014-01-17 11:46   --------   d-----w-   c:\users\Kristi\AppData\Local\CyberLink
2014-01-15 11:57 . 2013-11-27 01:41   343040   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2014-01-15 11:57 . 2013-11-27 01:41   99840   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2014-01-15 11:57 . 2013-11-27 01:41   53248   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2014-01-15 11:57 . 2013-11-27 01:41   325120   ----a-w-   c:\windows\system32\drivers\usbport.sys
2014-01-15 11:57 . 2013-11-27 01:41   25600   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2014-01-15 11:57 . 2013-11-27 01:41   30720   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2014-01-15 11:57 . 2013-11-27 01:41   7808   ----a-w-   c:\windows\system32\drivers\usbd.sys
2014-01-15 11:57 . 2013-11-26 10:32   3156480   ----a-w-   c:\windows\system32\win32k.sys
2014-01-15 11:57 . 2013-11-26 11:40   376768   ----a-w-   c:\windows\system32\drivers\netio.sys
2014-01-14 10:43 . 2013-05-23 15:39   41032   ----a-w-   c:\windows\system32\drivers\gfiark.sys
2014-01-14 10:23 . 2014-01-29 02:16   --------   d-----w-   c:\program files (x86)\PCPitstop
2014-01-14 10:23 . 2014-01-29 02:14   --------   d-----w-   c:\programdata\PCPitstop
2014-01-14 09:53 . 2014-01-14 09:53   --------   d-----w-   c:\programdata\McAfee Security Scan
2014-01-14 09:53 . 2014-01-14 09:53   --------   d-----w-   c:\programdata\McAfee
2014-01-10 04:18 . 2014-01-10 04:18   --------   d-----w-   c:\program files (x86)\CBR Reader
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-22 07:33 . 2013-08-23 19:08   86054176   ----a-w-   c:\windows\system32\MRT.exe
2014-01-14 09:53 . 2013-08-23 05:14   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-14 09:53 . 2013-08-23 05:14   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-18 14:13 . 2013-08-23 04:50   270496   ------w-   c:\windows\system32\MpSigStub.exe
2013-12-08 14:02 . 2013-12-08 14:02   940032   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-08 14:02 . 2013-12-08 14:02   194048   ----a-w-   c:\windows\SysWow64\elshyph.dll
2013-12-08 14:02 . 2013-12-08 14:02   942592   ----a-w-   c:\windows\system32\jsIntl.dll
2013-12-08 14:02 . 2013-12-08 14:02   90112   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2013-12-08 14:02 . 2013-12-08 14:02   86016   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2013-12-08 14:02 . 2013-12-08 14:02   86016   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2013-12-08 14:02 . 2013-12-08 14:02   84992   ----a-w-   c:\windows\system32\mshtmled.dll
2013-12-08 14:02 . 2013-12-08 14:02   83968   ----a-w-   c:\windows\system32\MshtmlDac.dll
2013-12-08 14:02 . 2013-12-08 14:02   81408   ----a-w-   c:\windows\system32\icardie.dll
2013-12-08 14:02 . 2013-12-08 14:02   774144   ----a-w-   c:\windows\system32\jscript.dll
2013-12-08 14:02 . 2013-12-08 14:02   77312   ----a-w-   c:\windows\system32\tdc.ocx
2013-12-08 14:02 . 2013-12-08 14:02   74240   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-08 14:02 . 2013-12-08 14:02   71680   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-08 14:02 . 2013-12-08 14:02   645120   ----a-w-   c:\windows\SysWow64\jsIntl.dll
2013-12-08 14:02 . 2013-12-08 14:02   626176   ----a-w-   c:\windows\system32\msfeeds.dll
2013-12-08 14:02 . 2013-12-08 14:02   62464   ----a-w-   c:\windows\SysWow64\tdc.ocx
2013-12-08 14:02 . 2013-12-08 14:02   62464   ----a-w-   c:\windows\system32\pngfilt.dll
2013-12-08 14:02 . 2013-12-08 14:02   61952   ----a-w-   c:\windows\SysWow64\MshtmlDac.dll
2013-12-08 14:02 . 2013-12-08 14:02   61952   ----a-w-   c:\windows\SysWow64\iesetup.dll
2013-12-08 14:02 . 2013-12-08 14:02   616104   ----a-w-   c:\windows\system32\ieapfltr.dat
2013-12-08 14:02 . 2013-12-08 14:02   548352   ----a-w-   c:\windows\system32\vbscript.dll
2013-12-08 14:02 . 2013-12-08 14:02   52224   ----a-w-   c:\windows\system32\msfeedsbs.dll
2013-12-08 14:02 . 2013-12-08 14:02   51200   ----a-w-   c:\windows\SysWow64\ieetwproxystub.dll
2013-12-08 14:02 . 2013-12-08 14:02   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2013-12-08 14:02 . 2013-12-08 14:02   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2013-12-08 14:02 . 2013-12-08 14:02   48128   ----a-w-   c:\windows\system32\imgutil.dll
2013-12-08 14:02 . 2013-12-08 14:02   454656   ----a-w-   c:\windows\SysWow64\vbscript.dll
2013-12-08 14:02 . 2013-12-08 14:02   453120   ----a-w-   c:\windows\system32\dxtmsft.dll
2013-12-08 14:02 . 2013-12-08 14:02   413696   ----a-w-   c:\windows\system32\html.iec
2013-12-08 14:02 . 2013-12-08 14:02   40448   ----a-w-   c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-08 14:02 . 2013-12-08 14:02   36352   ----a-w-   c:\windows\SysWow64\imgutil.dll
2013-12-08 14:02 . 2013-12-08 14:02   34816   ----a-w-   c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-08 14:02 . 2013-12-08 14:02   337408   ----a-w-   c:\windows\SysWow64\html.iec
2013-12-08 14:02 . 2013-12-08 14:02   30208   ----a-w-   c:\windows\system32\licmgr10.dll
2013-12-08 14:02 . 2013-12-08 14:02   296960   ----a-w-   c:\windows\system32\dxtrans.dll
2013-12-08 14:02 . 2013-12-08 14:02   263376   ----a-w-   c:\windows\system32\iedkcs32.dll
2013-12-08 14:02 . 2013-12-08 14:02   247808   ----a-w-   c:\windows\system32\msls31.dll
2013-12-08 14:02 . 2013-12-08 14:02   24576   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2013-12-08 14:02 . 2013-12-08 14:02   243200   ----a-w-   c:\windows\system32\webcheck.dll
2013-12-08 14:02 . 2013-12-08 14:02   235520   ----a-w-   c:\windows\system32\url.dll
2013-12-08 14:02 . 2013-12-08 14:02   235008   ----a-w-   c:\windows\system32\elshyph.dll
2013-12-08 14:02 . 2013-12-08 14:02   195584   ----a-w-   c:\windows\system32\msrating.dll
2013-12-08 14:02 . 2013-12-08 14:02   182272   ----a-w-   c:\windows\SysWow64\msls31.dll
2013-12-08 14:02 . 2013-12-08 14:02   167424   ----a-w-   c:\windows\system32\iexpress.exe
2013-12-08 14:02 . 2013-12-08 14:02   151552   ----a-w-   c:\windows\SysWow64\iexpress.exe
2013-12-08 14:02 . 2013-12-08 14:02   147968   ----a-w-   c:\windows\system32\occache.dll
2013-12-08 14:02 . 2013-12-08 14:02   143872   ----a-w-   c:\windows\system32\wextract.exe
2013-12-08 14:02 . 2013-12-08 14:02   139264   ----a-w-   c:\windows\SysWow64\wextract.exe
2013-12-08 14:02 . 2013-12-08 14:02   13824   ----a-w-   c:\windows\system32\mshta.exe
2013-12-08 14:02 . 2013-12-08 14:02   135680   ----a-w-   c:\windows\system32\iepeers.dll
2013-12-08 14:02 . 2013-12-08 14:02   13312   ----a-w-   c:\windows\SysWow64\mshta.exe
2013-12-08 14:02 . 2013-12-08 14:02   13312   ----a-w-   c:\windows\system32\msfeedssync.exe
2013-12-08 14:02 . 2013-12-08 14:02   131072   ----a-w-   c:\windows\system32\IEAdvpack.dll
2013-12-08 14:02 . 2013-12-08 14:02   1228800   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2013-12-08 14:02 . 2013-12-08 14:02   112128   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2013-12-08 14:02 . 2013-12-08 14:02   111616   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2013-12-08 14:02 . 2013-12-08 14:02   105984   ----a-w-   c:\windows\system32\iesysprep.dll
2013-12-08 14:02 . 2013-12-08 14:02   1051136   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
2013-12-08 14:02 . 2013-12-08 14:02   101376   ----a-w-   c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-15 14:03   23183360   ----a-w-   c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-15 14:03   2724864   ----a-w-   c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-15 14:03   4096   ----a-w-   c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-15 14:03   66048   ----a-w-   c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-15 14:03   48640   ----a-w-   c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-15 14:03   2764288   ----a-w-   c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-15 14:03   53760   ----a-w-   c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-15 14:03   33792   ----a-w-   c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-15 14:03   2724864   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-15 14:03   574976   ----a-w-   c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-15 14:03   139264   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-15 14:03   111616   ----a-w-   c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-15 14:03   708608   ----a-w-   c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-15 14:03   218624   ----a-w-   c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-15 14:03   5769216   ----a-w-   c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-15 14:03   553472   ----a-w-   c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-15 14:03   4243968   ----a-w-   c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-15 14:03   1995264   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-15 14:03   12996608   ----a-w-   c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-15 14:03   1928192   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-15 14:03   2334208   ----a-w-   c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-15 14:03   1395200   ----a-w-   c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-15 14:03   817664   ----a-w-   c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-15 14:03   1820160   ----a-w-   c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 11:20   417792   ----a-w-   c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 11:20   465920   ----a-w-   c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-11 11:20   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 11:20   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-08-23 19:43 . 2013-08-23 19:43   4188160   ----a-w-   c:\program files (x86)\GUT8508.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-14 6563096]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-07-19 133440]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2012-08-13 547984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-08-23 296096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-20 73832]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]
"PowerDVD13Agent"="c:\program files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" [2013-09-13 517144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/11/15 04:02];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23 09:53]
.
2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 19:26]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 19:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.2.65
FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-01 15:31:44
ComboFix-quarantined-files.txt 2014-02-01 21:48
.
Pre-Run: 9,034,981,376 bytes free
Post-Run: 8,849,977,344 bytes free
.
- - End Of File - - D5D0BFA35DB5D7A49B39AC34A2D9DB10
A36C5E4F47E84449FF07ED3517B43A31

From what i can see, it seems alright, i guess some applications and files load a bit slow. I can tell the hard drive has some stress on it or something because Mycomputer takes to long to load. It might be that the drive it self has to much data or to many games installed and what not. As far as streaming, it used to freeze the machine upon entering full screen mode on youtube. That is not the case any more, that seems to work fine now.

Edited by jeff matthews, 01 February 2014 - 07:35 PM.

#23 Jo*

SuperMember

Malware Team
1,208 posts

Posted 02 February 2014 - 10:51 AM

Hi jeff matthews,

No their is not. it just says "Zone alarm free antivirus + Firewall" In the program and features, i could uninstall it but it will uninstall the entire software.

OK. Leave it there.

Finally we found the something:
It appears that the "AMD Accelerated Video Transcoding device initialization" starts with the cmd window.
http://www.tombraide...ad.php?t=194112
We remove this startup item now with OTL!

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
```
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"=-

:Commands
[purity]
[emptytemp]
```
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

***

Uninstall old versions:
Please go to Start > Control Panel > Programs and Features .

Locate the following programs:

Adobe Reader 9, 10

Uninstall them all.

Install these programs:

Install latest Adobe Reader:
Go to http://get.adobe.com.../otherversions/
Use the drop down menu's to select your operating system
Select your language > Select The current version of Adobe Reader for your language
Remove the check mark from the box "Install Chrome as standard browser and Google Toolbar for Internet explorer"
Click the Download button, and follow the onscreen directions to complete the installation.

Graduate of the WTT Classroom
Cheers,
Jo

#24 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 02 February 2014 - 01:59 PM

Finally we found the something:
It appears that the "AMD Accelerated Video Transcoding device initialization" starts with the cmd window.

Yeah that is exactly what i think it is. It was a CMD window that looked some sort of graphic image was moving, i couldn't really tell but this has been an ongoing issue with this machine only. So glad to get that fixed, finally some one found it. Its not an infection or anything, just a setting i guess with the video card, could that possibly cause any issues with video processing, like encoding, streaming, lower bitrates, etc.

Ok here is the OTL Fix log:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AMD AVT deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ashley
->Temp folder emptied: 37040 bytes
->Temporary Internet Files folder emptied: 3380267 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 396019886 bytes
->Flash cache emptied: 12412 bytes

User: Chuck
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 99179 bytes
->FireFox cache emptied: 18152228 bytes
->Flash cache emptied: 696 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kristi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Teri
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2713 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 398.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02022014_114314

Files\Folders moved on Reboot...
C:\Users\Ashley\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ashley\AppData\Local\Temp\~DFB3F8005CFDF421B9.TMP moved successfully.
C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT0013f.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Here is the Rescan OTL log:

OTL logfile created on: 2/2/2014 12:00:08 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ashley\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.94 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 75.40% Memory free
15.87 Gb Paging File | 13.47 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 8.41 Gb Free Space | 5.64% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 69.31 Gb Free Space | 29.76% Space Free | Partition Type: NTFS

Computer Name: ASHLEY-PC | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ashley\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CyberLink PowerDVD 13 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (CyberLink)
SRV - (CyberLink PowerDVD 13 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ZAPrivacyService) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe ()
SRV - (AsusFanControlService) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe (ASUSTeK Computer Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (ThreatTrack Security)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ndisrd) -- C:\Windows\SysNative\drivers\ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - ({09F57980-3432-4AFC-957D-27AC45FAE1F5}) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 99 EC E8 F3 9F CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {42DF1DBB-C90A-45F1-9BD9-969B899C7E37}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{42DF1DBB-C90A-45F1-9BD9-969B899C7E37}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=293224&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/26 13:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions
[2014/01/16 18:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions
[2013/12/03 23:14:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/23 12:28:07 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions\ffxtlbr@zonealarm.com
[2014/01/16 18:39:28 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/20 23:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js
[2013/08/26 13:00:35 | 000,000,915 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\8u0atggb.default\searchplugins\yahoo.xml
[2013/12/03 11:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/14 02:13:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PowerDVD13Agent] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6888F6D-509E-465A-8E0B-1796B1F4FE4E}: DhcpNameServer = 192.168.0.1 205.171.2.65
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/01 15:42:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/01 11:51:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/01 11:51:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/01 11:51:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/01 11:50:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/01 11:50:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/01 11:43:55 | 005,179,159 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2014/01/31 13:08:53 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/31 13:01:05 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ashley\Desktop\aswMBR.exe
[2014/01/29 17:04:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/01/28 18:11:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/28 18:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/01/28 18:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/01/28 18:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/01/28 18:10:33 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/01/28 18:10:30 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/01/28 18:10:30 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/01/28 18:10:30 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/28 18:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/28 18:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/01/27 11:53:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/27 11:53:41 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Ashley\Desktop\JRT.exe
[2014/01/26 11:42:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/25 16:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/25 16:02:21 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/25 16:02:20 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\mbar
[2014/01/25 15:29:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2014/01/25 15:29:15 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Ashley\Desktop\mbar-1.07.0.1009.exe
[2014/01/25 03:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/01/25 03:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/01/23 22:55:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\dds.com
[2014/01/15 03:57:31 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 03:57:31 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/15 03:57:30 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/14 02:43:53 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiark.sys
[2014/01/14 02:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2014/01/14 02:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2014/01/14 01:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/01/14 01:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/01/09 20:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CBR Reader
[2014/01/09 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CBR Reader
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/02 11:59:36 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/02 11:59:36 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/02 11:52:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/02 11:52:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/02 11:52:03 | 2095,321,087 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/02 11:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/02 11:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/01 11:43:35 | 005,179,159 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2014/01/31 13:03:11 | 000,000,560 | ---- | M] () -- C:\Users\Ashley\Desktop\MbR.zip
[2014/01/31 13:02:36 | 000,000,512 | ---- | M] () -- C:\Users\Ashley\Desktop\MBR.dat
[2014/01/31 13:02:22 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/31 13:02:22 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/31 13:02:22 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/31 13:00:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ashley\Desktop\aswMBR.exe
[2014/01/31 13:00:03 | 000,024,089 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2014/01/31 02:44:39 | 000,007,583 | ---- | M] () -- C:\Users\Ashley\Documents\The_Vampire_Diaries_Season 5_Forum.rtf
[2014/01/28 18:10:20 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/28 18:10:19 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/01/28 18:10:19 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/01/28 18:10:19 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/01/27 11:53:25 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Ashley\Desktop\JRT.exe
[2014/01/26 11:41:53 | 001,236,282 | ---- | M] () -- C:\Users\Ashley\Desktop\AdwCleaner.exe
[2014/01/26 11:40:01 | 000,008,311 | ---- | M] () -- C:\Users\Ashley\Documents\A List of Buffy and Angel Series.rtf
[2014/01/26 06:18:11 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/25 16:02:21 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/25 16:00:20 | 000,002,034 | ---- | M] () -- C:\Users\Ashley\Desktop\american movies.rtf
[2014/01/25 15:29:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2014/01/25 15:29:01 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Ashley\Desktop\mbar-1.07.0.1009.exe
[2014/01/25 15:27:28 | 000,987,425 | ---- | M] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2014/01/25 03:38:43 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/01/25 03:38:43 | 000,001,931 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/01/23 22:54:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\dds.com
[2014/01/14 02:28:26 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/14 01:59:27 | 000,008,311 | ---- | M] () -- C:\Users\Ashley\Documents\2013 Horror Movies.rtf
[2014/01/14 01:53:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/14 01:53:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/09 20:18:02 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\CBR Reader.lnk
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/01 11:51:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/01 11:51:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/01 11:51:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/01 11:51:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/01 11:51:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/31 13:03:08 | 000,000,560 | ---- | C] () -- C:\Users\Ashley\Desktop\MbR.zip
[2014/01/31 13:02:36 | 000,000,512 | ---- | C] () -- C:\Users\Ashley\Desktop\MBR.dat
[2014/01/31 02:43:34 | 000,007,583 | ---- | C] () -- C:\Users\Ashley\Documents\The_Vampire_Diaries_Season 5_Forum.rtf
[2014/01/26 11:42:11 | 001,236,282 | ---- | C] () -- C:\Users\Ashley\Desktop\AdwCleaner.exe
[2014/01/25 16:00:19 | 000,002,034 | ---- | C] () -- C:\Users\Ashley\Desktop\american movies.rtf
[2014/01/25 15:54:29 | 000,008,311 | ---- | C] () -- C:\Users\Ashley\Documents\A List of Buffy and Angel Series.rtf
[2014/01/25 15:27:57 | 000,987,425 | ---- | C] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2014/01/14 01:59:27 | 000,008,311 | ---- | C] () -- C:\Users\Ashley\Documents\2013 Horror Movies.rtf
[2014/01/14 01:53:38 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/01/14 01:53:37 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/01/09 20:18:02 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\CBR Reader.lnk
[2013/09/19 23:43:19 | 006,253,340 | ---- | C] () -- C:\Program Files\madVR08611.zip
[2013/08/26 22:47:55 | 000,005,632 | ---- | C] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/23 12:32:53 | 000,024,089 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013/08/22 20:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/08/22 20:56:31 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/08/22 20:56:31 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/08/22 20:56:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/08/22 20:39:15 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013/08/22 20:39:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013/08/22 20:24:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/08/22 20:24:25 | 000,042,214 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/06/19 17:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/05/10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Ok i deleted Adobe reading and installed the latest version. I hope its ok with you but i also went ahead and removed the Mcaffe software that was on here, it was a trial version and i don't see how it was helping any at all besides using up unneeded resources on the computer. Flash player is also on here, should i remove this also and install a new version? Java i think we already upgraded.

Now, Spybot search and Destroy is acting another firewall/shield on this machine along with zone alarm, but its literally blocking everything. A box pops up that says allow or disallow, but its doing it for ever single installation, browsing, should i turn that off, as to not conflict with zone alarms fire wall, or should i just get a completely different firewall all together? Zone alarm i believe, the version we are using is actually a freeware, i use Avast security on all my other machines as a payed version. I really need to tighten down security on this machine, this has been a very critical issue and my sister is absolutely notorious for catching infections and viruses. I want to give her and the rest of my family that user friendly browsing but at the same time i want something that is well secure for inexperienced computing users.

Another thing i want to bring up is the fact that my sister went online last night and visited several sites for streaming, and i am not sure if she has gotten more harmful infections on the machine or not but i think you should look them over, I am not exactly sure how to post a log of this so ill just post the links she visited, since prior to that i was using the machine so no one was on it. I apologize for this as i was not aware she was continuing to use the machine. I am thinking bout locking it for the time being until were sure every infection is removed.

Here are some of the URLS she Visited:

iamcram.buzznet.com

http://latino.foxnew...him-to-toke-up/

http://www.zergnet.c...h-different-now

http://www.etonline....Maids_Season_2/

http://www.wetpaint....-mona-exclusive

http://secretcircle....magic-powers/#7

http://prettylittlel...a-emily-130141/

http://bestreams.net/ss80gwzzkprb

http://www.tvmuse.co...n_2/episode_13/

http://www.change.or...or-a-season-4-2

Since the last time i was on the machine, those are the URLS she visited. I was thinking about going totalvirus.com and checking them out. At the time of accessing these URLS, i did have the fire walls on so that is a good thing and WOT picks all of the links up as being in the green zone.

Oh yeah, lastly this is irrelevant, but i noticed you got a promotion, congratulations as being part of the maleware team.

Edited by jeff matthews, 02 February 2014 - 02:48 PM.

#25 Jo*

SuperMember

Malware Team
1,208 posts

Posted 02 February 2014 - 02:52 PM

Hi jeff matthews,

well done.

It Appears That Your Pc Is Now Clean!

"AMD Accelerated Video Transcoding device initialization"

Its not an infection or anything, just a setting i guess with the video card, could that possibly cause any issues with video processing, like encoding, streaming, lower bitrates, etc.

Case of problems please open a new topic at our "Windows" section, thanks.

Now, Spybot search and Destroy is acting another firewall/shield on this machine along with zone alarm, but its literally blocking everything.

Spybot is an Antispyware program, no firewall.

A box pops up that says allow or disallow, but its doing it for ever single installation, browsing, should i turn that off, as to not conflict with zone alarms fire wall, or should i just get a completely different firewall all together?

Never touch a running system.

***

Clean up:
We used Combofix.
Deactivate your antivirus software once more.

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Enable your antivirus software.

***

Right-click AdwCleaner.exe and select Run As Administrator.

Click on the Uninstall button.
A window will open, press the Confirm button.
AdwCleaner will uninstall now.

***

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Files
C:\Users\Ashley\Downloads\JRT.exe
C:\Users\Ashley\Desktop\JRT.exe
C:\Users\Ashley\Desktop\mbar-1.07.0.1009.exe
C:\Users\Ashley\Downloads\mbar-1.07.0.1009.exe
C:\Users\Ashley\Desktop\mbar
C:\Users\Ashley\Downloads\SecurityCheck.exe
C:\Users\Ashley\Desktop\SecurityCheck.exe

:Commands
[emptytemp]
[clearallrestorepoints]

Close all other programs apart from OTL as this step may require a reboot
Then click the Run Fix button at the top
Let the program run unhindered.
Say Yes to the prompt and then allow the program to reboot your computer.

***

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

***

Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***

Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure

WOT - Know which websites to trust
Web of Trust - this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam.

2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Make sure you keep your Windows OS current.

Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
Windows Vista / 7 users can update via
Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).

4. Avoid P2P

If you think you're using a "safe" P2P program, only the program is safe, not the data.
You will share files from unsafe sources, and these may be infected.
Some bad guys use P2P filesharing as an important chanel to spread their wares.

5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!

Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

***

Graduate of the WTT Classroom
Cheers,
Jo

Advertisements

Register to Remove

#26 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 02 February 2014 - 08:07 PM

Alright thank you very much, i completed everything you asked their, so far looks good. I will definitely take your advice.

Something i might consider is running Erunt or something similar to make a back of the registry in case the computer gets heavily infected, i restore it. I am also going to do a defrag as it looks like this hard drive has not had one for quite a while and ill try and delete some data as to not put so much stress on the drive.

Anyways thanks alot and i think thats bout it. Took around 2 weeks or so, but i understand this takes time and I successfully removed all infections from both this machine and my own machine.

Edited by jeff matthews, 02 February 2014 - 08:09 PM.

#27 Jo*

SuperMember

Malware Team
1,208 posts

Posted 03 February 2014 - 01:19 AM

You are very welcome.

Good luck and be Well!

Graduate of the WTT Classroom
Cheers,
Jo

#28 Jo*

SuperMember

Malware Team
1,208 posts

Posted 03 February 2014 - 01:19 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Graduate of the WTT Classroom
Cheers,
Jo

Also tagged with one or more of these keywords: Viruses, Maleware, Worm, Trojan

Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 88,687 views	Noalch 11 Dec 2022
Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 80,982 views	Noalch 11 Dec 2022
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Jerky Mouse Movements Solved By Disconnecting Myself From The Internet Started by Cage , 20 Apr 2019 hacked, spyware, windows 10 and 3 more...	3 replies 40,362 views	Juliet 02 May 2019
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → please help TROJAN.MULTI.ACCESSTR detected by Kaspersky Started by chuck666 , 05 Dec 2018 Trojan	8 replies 11,914 views	Juliet 19 Dec 2018
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Help Request - Trojan:JS/Foretype.A!ml then go.microsoft.com/fwlin Started by henchard , 22 Nov 2018 Maiware Removal, trojan	10 replies 16,522 views	Juliet 25 Nov 2018

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Body Background

skin color theme

Infected Machine Have DDS and ESET logs ready [Solved]

#16 jeff matthews

Advertisements

Register to Remove

#17 Jo*

#18 jeff matthews

#19 Jo*

#20 jeff matthews

Attached Files

#21 Jo*

#22 jeff matthews

#23 Jo*

#24 jeff matthews

#25 Jo*

Advertisements

Register to Remove

#26 jeff matthews

#27 Jo*

#28 Jo*

Related Topics

Also tagged with one or more of these keywords: Viruses, Maleware, Worm, Trojan

How do i delete this Virus? (dllhost.exe)

How do i delete this Virus? (dllhost.exe)

Jerky Mouse Movements Solved By Disconnecting Myself From The Internet

please help TROJAN.MULTI.ACCESSTR detected by Kaspersky

Help Request - Trojan:JS/Foretype.A!ml then go.microsoft.com/fwlin

1 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Infected Machine Have DDS and ESET logs ready [Solved]

#16 jeff matthews

Advertisements Register to Remove

#17 Jo*

#18 jeff matthews

#19 Jo*

#20 jeff matthews

Attached Files

#21 Jo*

#22 jeff matthews

#23 Jo*

#24 jeff matthews

#25 Jo*

Advertisements Register to Remove

#26 jeff matthews

#27 Jo*

#28 Jo*

Related Topics

Also tagged with one or more of these keywords: Viruses, Maleware, Worm, Trojan

How do i delete this Virus? (dllhost.exe)

How do i delete this Virus? (dllhost.exe)

Jerky Mouse Movements Solved By Disconnecting Myself From The Internet

please help TROJAN.MULTI.ACCESSTR detected by Kaspersky

Help Request - Trojan:JS/Foretype.A!ml then go.microsoft.com/fwlin

1 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove