Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Page popup, redirecting and while surfing steady ad popups. [Solved]

Dealin redirect

  • This topic is locked This topic is locked
65 replies to this topic

#16 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 December 2014 - 02:56 AM

You can do this on your return.


Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    “{91da5e8a-3318-4f8c-b67e-5964de3ab546}”=-
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • post a new OTL log
  • please post the OTL fix log.

===================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan


  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology
     

    Note: Do not check Remove found threats
     
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here
 

Logs to include with the next post:

Mbam.txt
Eset results
(if there are any)

Satchfan
 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#17 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 07 December 2014 - 02:24 AM

I'm back and here are the requested logs:

 

All processes killed

========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\“{91da5e8a-3318-4f8c-b67e-5964de3ab546}” not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: monroe county
->Temp folder emptied: 966656 bytes
->Temporary Internet Files folder emptied: 449806 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 181260374 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 197 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 174.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12072014_012053
 
Files\Folders moved on Reboot...
C:\Users\monroe county\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\etilqs_7KAsJaRclf5An4zdx8jf not found!
File\Folder C:\Windows\temp\etilqs_9VZff6GWmpEvABJNmATH not found!
File\Folder C:\Windows\temp\etilqs_iskmYY3LNo4EwrL9usu5 not found!
File\Folder C:\Windows\temp\etilqs_OKpQYzLEjOmNI78dJkoo not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
-------------------------------------------------------------------

OTL logfile created on: 12/7/2014 1:48:51 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\monroe county\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.68 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 56.52% Memory free
7.36 Gb Paging File | 5.33 Gb Available in Paging File | 72.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 151.79 Gb Free Space | 53.08% Space Free | Partition Type: NTFS
 
Computer Name: MONROECOUNTY-PC | User Name: monroe county | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/28 02:05:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\monroe county\Downloads\OTL.exe
PRC - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/04/28 03:10:31 | 000,874,144 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
PRC - [2014/03/24 13:48:31 | 001,004,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2013/10/08 13:49:20 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2013/05/27 01:09:17 | 000,323,336 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
PRC - [2013/05/27 01:09:15 | 000,077,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
PRC - [2011/03/09 10:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/11/20 04:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/04/07 20:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/07 20:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/07 20:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/25 15:02:40 | 001,541,472 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/03/17 20:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 20:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/08 15:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2010/03/08 15:55:42 | 000,252,928 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/13 09:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/23 16:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 16:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2006/04/18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/21 20:05:00 | 014,902,600 | ---- | M] () -- C:\Users\monroe county\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
MOD - [2014/10/21 20:04:57 | 008,910,664 | ---- | M] () -- C:\Users\monroe county\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/21 20:04:51 | 001,042,760 | ---- | M] () -- C:\Users\monroe county\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/21 20:04:49 | 000,211,272 | ---- | M] () -- C:\Users\monroe county\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/21 20:04:48 | 001,681,224 | ---- | M] () -- C:\Users\monroe county\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2013/06/17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
MOD - [2013/06/01 22:27:25 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll
MOD - [2013/06/01 22:27:09 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll
MOD - [2013/06/01 22:17:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/06/01 22:16:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/06/01 22:16:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/06/01 21:48:06 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013/06/01 21:47:50 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/06/01 21:47:40 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/06/01 21:47:34 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/06/01 21:47:30 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/02/10 01:05:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/02/10 01:05:18 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/02/10 01:05:17 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/02/10 01:05:10 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/02/09 23:36:48 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/02/09 23:20:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/02/09 23:20:00 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/02/09 23:19:40 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/02/09 23:19:36 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/09 23:19:30 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010/03/25 15:02:42 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010/03/25 15:02:36 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/03/25 15:02:22 | 000,632,056 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2010/03/08 16:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2010/01/13 09:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/19 22:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/08/15 16:39:08 | 000,292,736 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2011/03/09 10:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/03/17 09:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (5e9aae86)
SRV - [2014/11/26 19:03:29 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/08 13:49:20 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (avp)
SRV - [2013/05/27 01:09:17 | 000,323,336 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe -- (CyberLink PowerDVD 13 Media Server Service)
SRV - [2013/05/27 01:09:15 | 000,077,576 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe -- (CyberLink PowerDVD 13 Media Server Monitor Service)
SRV - [2011/03/09 10:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 10:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/04/07 20:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 20:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/17 20:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/08 15:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/23 16:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/10/09 18:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/04/18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/24 13:49:38 | 000,625,248 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/03/24 13:49:38 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/02/18 00:43:42 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014/01/07 00:26:49 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2014/01/07 00:26:49 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/10/08 13:49:18 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2013/10/08 13:49:18 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/05/14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/18 23:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2010/04/06 18:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/21 01:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/02/28 23:20:56 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/19 16:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/09 23:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 13:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/12/17 09:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/10 03:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 15:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 15:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2013/05/27 16:13:28 | 000,130,320 | ---- | M] (CyberLink Corp.) [2013/06/26 19:00:47] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD13\Common\NavFilter\000.fcl -- ({09F57980-3432-4AFC-957D-27AC45FAE1F5})
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...24z1m5a45i2a38p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...24z1m5a45i2a38p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...24z1m5a45i2a38p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...24z1m5a45i2a38p
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...24z1m5a45i2a38p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://yahoo.com/
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...GW_enUS408US409
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\monroe county\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\monroe county\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\monroe county\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/02 03:36:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014/07/29 14:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014/07/29 14:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014/07/29 14:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014/07/29 14:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014/07/29 14:22:12 | 000,000,000 | ---D | M]
 
[2012/09/08 21:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\monroe county\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\monroe county\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\monroe county\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\monroe county\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa\3.1.0.122_0\
CHR - Extension: Kaspersky Anti-Virus = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0\
CHR - Extension: No name found = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\gophlpodeadaoiebbeeikoaeboglkbna\2011.11.29.20871_0\
CHR - Extension: No name found = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfojcekopkaohjhpjalpglfgdladakd\1.0_0\
CHR - Extension: No name found = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Kaspersky Anti-Virus = C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0\
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PowerDVD13Agent] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [cdloader] C:\Users\monroe county\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.249.1.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C483EB2-6A6D-443B-9F3A-990602F80731}: DhcpNameServer = 10.249.1.1 8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f2473cd7-b90f-11e1-a5d3-705ab6d56fef}\Shell - "" = AutoRun
O33 - MountPoints2\{f2473cd7-b90f-11e1-a5d3-705ab6d56fef}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/30 21:33:00 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/11/30 21:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/11/30 21:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/11/29 04:45:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/11/23 20:53:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/11/23 20:17:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/22 05:41:09 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/22 02:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/14 02:40:29 | 000,292,736 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragS.exe
[2014/11/14 02:40:29 | 000,256,896 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefrag.dll
[2014/11/14 02:40:29 | 000,132,480 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragBT.exe
[2014/11/14 02:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Utilities
[2014/11/14 02:40:28 | 001,367,424 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranFD.exe
[2014/11/14 02:40:28 | 000,287,616 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDC.exe
[2014/11/14 02:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Utilities
[2014/11/10 20:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/11/10 20:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/07 01:37:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 01:37:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 01:37:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-177457807-164583720-2097069978-1000UA.job
[2014/12/07 01:31:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/07 01:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/07 01:29:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/07 01:29:44 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/06 23:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/01 08:34:19 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-177457807-164583720-2097069978-1000Core.job
[2014/11/30 21:34:49 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MONROECOUNTY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/11/30 21:32:25 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/11/28 02:11:20 | 000,000,474 | ---- | M] () -- C:\Users\monroe county\AppData\Roaming\wklnhst.dat
[2014/11/26 19:03:27 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/11/26 19:03:27 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/11/23 23:27:19 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/23 23:27:19 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/23 23:27:19 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/14 06:50:21 | 520,085,015 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/11/14 02:40:29 | 000,000,903 | ---- | M] () -- C:\Users\monroe county\Desktop\Puran Utilities.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/30 21:34:49 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MONROECOUNTY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/11/30 21:32:25 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/11/14 03:56:02 | 520,085,015 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/11/14 02:40:29 | 000,000,903 | ---- | C] () -- C:\Users\monroe county\Desktop\Puran Utilities.lnk
[2014/09/12 09:27:43 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/08/13 23:52:46 | 000,005,120 | ---- | C] () -- C:\Users\monroe county\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 18:23:14 | 000,000,474 | ---- | C] () -- C:\Users\monroe county\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 21:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 20:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
 
 


#18 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 07 December 2014 - 02:39 AM

That looks OK. I'll wait for the other two scans.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#19 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 07 December 2014 - 03:12 AM

Requested logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/7/2014
Scan Time: 2:35:11 AM
Logfile: MAM.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.07.04
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: monroe county
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316308
Time Elapsed: 21 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.ClipCNV.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\5e9aae86, Quarantined, [6a96bba584f89a9cb01aae9aac57ed13], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
PUP.Optional.LiveLyrics.A, C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [2dd35709196373c32d42175714ef12ee], 
PUP.Optional.LiveLyrics.A, C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [44bcda8607752a0c0e613539758e1ae6], 
PUP.Optional.ReMarkable.A, C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Delete-on-Reboot, [05fb7ee28eeece68c08a11b24db70af6], 
PUP.Optional.ReMarkable.A, C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Delete-on-Reboot, [98683e22641877bf272312b154b0857b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#20 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 07 December 2014 - 04:13 PM

Requested logs:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/7/2014
Scan Time: 12:05:30 PM
Logfile: MAM2-12-7-14.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.07.08
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: monroe county
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316323
Time Elapsed: 24 min, 1 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.ReMarkable.A, C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [ff0590d0512b4bebb0056c570df74cb4], 
PUP.Optional.ReMarkable.A, C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [73919ec2e19b2313ebca7053010318e8], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
--------------------------------------------------------
 
 


#21 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 07 December 2014 - 04:17 PM

Eset scan?


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#22 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 09 December 2014 - 12:01 AM

No sign of any EST logs.



#23 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 09 December 2014 - 02:37 AM

Do you mean that you ran Eset but no log was produced?


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#24 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 09 December 2014 - 08:48 PM

Ran  EST but no log notepads were produced. The only logs available thru the EST program would not

export to text files.



#25 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 10 December 2014 - 01:59 AM

Any remaining problems?


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#26 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 10 December 2014 - 08:56 PM

Yea....all of them...if anything the treatments seem to intensify the symptoms.



#27 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 11 December 2014 - 02:48 AM

I don’t understand that because we've got rid of what has shown up so we’ll run some deeper scans to see what they find.


Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport.txt in your next reply.

===================================================

Download Combofix from either of the links below, and save it to your desktop.  

Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • when finished, it will produce a report for you
  • please post the C:\ComboFix.txt for further review.

 

Logs to include:

 

RKreport.txt
ComboFix.txt

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#28 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 12 December 2014 - 04:47 AM

Requested logs:

 

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : monroe county [Administrator]
Mode : Scan -- Date : 12/11/2014  14:24:01
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] d2cd08d90944c718f32f0bad06a4b2eb
[BSP] b00015bc33ed0f9590be8a06d063b7ce : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 25173855 | Size: 101 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25382700 | Size: 292850 MB
User = LL1 ... OK
User = LL2 ... OK
_________________________________________________
 
ComboFix 14-12-10.03 - monroe county 12/12/2014   3:49.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.2222 [GMT -8:00]
Running from: c:\users\monroe county\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-12 to 2014-12-12  )))))))))))))))))))))))))))))))
.
.
2014-12-12 12:32 . 2014-12-12 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-11 22:20 . 2014-12-11 22:20 -------- d-sh--w- c:\users\monroe county\AppData\Local\EmieUserList
2014-12-11 22:20 . 2014-12-11 22:20 -------- d-sh--w- c:\users\monroe county\AppData\Local\EmieSiteList
2014-12-11 22:20 . 2014-12-11 22:20 -------- d-sh--w- c:\users\monroe county\AppData\Local\EmieBrowserModeList
2014-12-11 22:03 . 2014-12-11 22:03 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-11 22:02 . 2014-12-11 22:03 -------- d-----w- c:\programdata\RogueKiller
2014-12-09 06:42 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-12-09 06:42 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-12-09 06:38 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-09 06:38 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-09 02:57 . 2014-12-12 11:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{288BF26A-98EB-4CD7-9247-2F7D633FA4A8}\offreg.dll
2014-12-08 13:47 . 2014-12-08 13:47 -------- d-----w- c:\windows\Panther
2014-12-08 13:41 . 2014-12-08 13:41 -------- d-s---w- c:\windows\system32\CompatTel
2014-12-08 11:47 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-12-08 11:47 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-12-08 11:47 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-12-08 11:47 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-12-08 11:47 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-12-08 11:32 . 2014-12-08 11:32 -------- d-----w- c:\windows\Migration
2014-12-08 11:24 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-12-08 11:15 . 2014-12-08 11:15 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-12-08 11:11 . 2014-12-08 11:11 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-08 10:02 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{288BF26A-98EB-4CD7-9247-2F7D633FA4A8}\mpengine.dll
2014-12-08 09:10 . 2014-12-08 09:20 -------- d-----w- c:\windows\system32\MRT
2014-12-08 08:55 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-12-08 08:55 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-12-08 08:55 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-12-08 08:55 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-12-08 08:55 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-12-08 08:55 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-12-08 08:54 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-12-08 08:54 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-12-08 08:50 . 2013-08-29 02:16 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-12-08 08:49 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2014-12-08 08:49 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-12-08 08:43 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-12-08 08:43 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-12-08 08:43 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-12-08 08:43 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-12-08 08:43 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2014-12-08 08:43 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2014-12-08 08:43 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-12-08 08:43 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-12-08 08:43 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-12-08 08:43 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-12-08 08:42 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-12-08 08:42 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-12-08 08:42 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-12-08 08:42 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-12-08 08:42 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-12-08 08:42 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-12-08 08:42 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-12-08 08:42 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-12-08 08:42 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-12-08 08:25 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-12-08 08:25 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-12-08 05:23 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-12-08 05:23 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-12-08 05:23 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-12-08 05:23 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-12-08 05:21 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-12-08 05:21 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-12-08 05:21 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-12-08 05:21 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2014-12-08 05:21 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-12-08 05:21 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-12-08 05:21 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-12-08 05:19 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2014-12-08 05:19 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2014-12-08 05:17 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-12-08 05:17 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-12-08 05:13 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2014-12-08 05:13 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2014-12-08 05:13 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2014-12-08 05:13 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2014-12-08 05:13 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-08 05:12 . 2014-06-18 02:19 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-12-08 05:12 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-12-08 05:12 . 2014-06-18 02:19 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-12-08 05:12 . 2014-06-18 02:18 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-12-08 05:12 . 2014-06-18 02:19 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-12-08 05:12 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-12-08 05:12 . 2014-06-18 02:17 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-12-08 05:12 . 2014-06-18 01:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-12-08 05:12 . 2014-06-18 01:51 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-12-08 05:12 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-12-08 05:11 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2014-12-08 05:11 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2014-12-08 05:11 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2014-12-08 05:11 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2014-12-08 05:11 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2014-12-08 05:11 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2014-12-08 05:11 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2014-12-08 05:06 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-12-08 05:06 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-12-08 05:06 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-12-08 05:04 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2014-12-08 05:04 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2014-12-08 05:04 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-12-08 05:04 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-12-08 05:02 . 2013-09-08 02:27 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-12-08 05:02 . 2013-09-08 02:03 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-12-08 05:02 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-12-08 05:00 . 2013-07-03 04:40 42496 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-12-08 05:00 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-12-08 05:00 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-12-08 05:00 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-12-08 05:00 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-12-08 05:00 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-12-08 05:00 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-12-08 05:00 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-12-08 05:00 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-12-08 05:00 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-12-08 05:00 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-12-07 14:46 . 2014-12-07 14:46 -------- d-----w- c:\program files\ESET
2014-12-01 05:33 . 2014-12-01 05:33 -------- d-----w- C:\RegBackup
2014-12-01 05:32 . 2014-12-01 05:32 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-11-29 12:45 . 2014-11-29 12:45 -------- d-----w- C:\_OTL
2014-11-24 04:53 . 2014-11-24 04:53 -------- d-----w- c:\windows\ERUNT
2014-11-24 04:17 . 2014-11-24 04:21 -------- d-----w- C:\AdwCleaner
2014-11-22 13:41 . 2014-11-27 12:23 -------- d-----w- C:\FRST
2014-11-22 10:52 . 2014-11-22 10:52 -------- d-----w- c:\programdata\Malwarebytes
2014-11-14 10:40 . 2013-08-16 00:39 256896 ----a-w- c:\windows\system32\PuranDefrag.dll
2014-11-14 10:40 . 2013-08-16 00:39 132480 ----a-w- c:\windows\system32\PuranDefragBT.exe
2014-11-14 10:40 . 2013-08-16 00:39 292736 ----a-w- c:\windows\system32\PuranDefragS.exe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 04:03 . 2012-09-09 08:43 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 04:03 . 2011-07-01 08:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-24 22:04 . 2010-12-06 05:02 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-01 07:26 . 2010-12-09 19:01 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-10-15 22:40 . 2011-02-11 11:30 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-10-15 22:40 . 2011-02-11 11:30 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-10-04 09:58 . 2011-03-27 08:58 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-10-04 09:58 . 2011-03-27 08:57 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-09-25 00:33 . 2011-05-22 11:42 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-09-24 02:20 . 2011-02-11 11:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-09-23 01:43 . 2011-02-11 15:18 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-09-21 12:00 . 2011-03-27 08:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-09-18 20:38 . 2014-09-18 20:38 158968 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\monroe county\AppData\Roaming\mjusbsp\cdloader2.exe" [2013-05-06 51592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-03-08 252928]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-03-25 1541472]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"PowerDVD13Agent"="c:\program files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" [2013-05-27 513048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\users\monroe county\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe;c:\windows\SYSNATIVE\PuranDefragS.exe [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/06/26 19:00];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 04:03]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 01:25]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 01:25]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-177457807-164583720-2097069978-1000Core.job
- c:\users\monroe county\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 12:32]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-177457807-164583720-2097069978-1000UA.job
- c:\users\monroe county\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 12:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 410648]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-03-17 860704]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2014-10-01 5595336]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.249.1.1 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-12  04:37:11
ComboFix-quarantined-files.txt  2014-12-12 12:37
.
Pre-Run: 161,967,865,856 bytes free
Post-Run: 161,577,783,296 bytes free
.
- - End Of File - - 36BB2B7F6D7AF20E0435C570C0294490
 


#29 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 12 December 2014 - 09:11 AM

I’d like another ComboFix report to see what is currently installed on your computer.
 

  • push the Windows key, (between the "Ctrl" button and "Alt" Button) and press "R" once
  • copy/paste the following bolded text into the run box and then click OK:

C:\Qoobox\Add-Remove Programs.txt

Satchfan
 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#30 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 12 December 2014 - 02:41 PM

Requested info:

 

2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.09)
Adobe Shockwave Player 11.6
Advertising Center
Backup Manager Basic
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bob the Builder Can-Do-Zoo
Build-a-lot 2
ClubWPT
Compatibility Pack for the 2007 Office system
COWON J3 User's Guide
COWON Media Center - jetAudio Basic VX
CyberLink PowerDVD 13
DivX Setup
EPSON Scan
Escape Rosecliff Island
Faerie Solitaire
Full Flush Poker 8.2
Full Tilt Poker
Gateway Game Console
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hulu Downloader 2.5.0.1
Identity Card
ImagXpress
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java 7 Update 45
Java Auto Updater
Java™ 6 Update 32
Jewel Quest Solitaire 3
Junk Mail filter update
K-Lite Codec Pack 10.6.5 Basic
Kaspersky Internet Security
Kastor Free Video Converter V 1.6
Launch Manager
magicJack
MediaMonkey 3.2
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Monopoly
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Lost in Los Angeles
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Penguins!
Plants vs. Zombies
Poker Academy 2
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scrabble Plus
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
swMSM
The Price is Right
Transcoder
Tweaking.com - Registry Backup
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Video Web Camera
Virtual Families
Virtual Villagers - A New Home
Visual Studio 2008 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinPcap 4.1.2
Yahtzee
YTD Downloader version 1.5
Zuma Deluxe
 

Related Topics




Also tagged with one or more of these keywords: Dealin, redirect

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users