-
June 24th, 2014, 05:21 AM
#16
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\ajax-loader.gif, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\arrow-footer.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\arrow-header.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\attachment.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\close-bar2.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\close.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-plus.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-right.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-search.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-settings.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-theme.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\menu_v.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\menu_v_white.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\provider.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\x-button.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-apps-dark.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-apps.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-chrome.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-close.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-contents-light.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-contents.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-edit.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\icon-layout.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\arab_tile.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\batthern_@2X.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\bo_play_pattern_@2X.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\dark_wood_@2X.jpg, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\diagonal_striped_brick.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\escheresque_ste_@2X.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\gold_scale.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\purty_wood_@2X.jpg, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\readme.txt, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\starring_@2X.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\tileable_wood_texture_@2X.jpg, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\weave_@2X.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\wild_oliva_@2X.jpg, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns\woven.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\resources\groups.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\resources\list.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\resources\menu.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css\activetabs.css, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css\favorites.css, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css\layout.css, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css\modal-fav-add.css, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css\modal-fav-edit.css, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css\modal-fav-group.css, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css\readitlater.css, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css\recentlyclosed.css, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css\theme.css, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css\webapps.css, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\chrome\bookmarks.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\chrome\download.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\chrome\downloads.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\chrome\downloas.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\chrome\extensions.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\chrome\history.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\chrome\settings.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\chrome\trash.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\favorites\empty.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\favorites\error.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\favorites\shadow.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\info\contactus.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\info\facebook.ico, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\info\rateus.png, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\info\twitter.ico, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\activetabs.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\favorites.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\layout.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\modal-fav-add.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\modal-fav-edit.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\modal-fav-group.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\readitlater.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\readitlater_content.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\readitlater_menu.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\recentlyclosed.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\theme.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\webapps.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources\webapps_contextmenu.html, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\_locales\en-US\translations.dtd, , [6ad949339fdc31057e873d61738fbf41],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallerLibrary.dll, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.dll, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.InstallState, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\Newtonsoft.Json.dll, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe.config, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\SQLite.Interop.dll, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\System.Data.SQLite.dll, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\win32.reg, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\WindowsUpdater.exe.config, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\backup\InstallerLibrary.dll, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\backup\uninstall.exe, , [83c06e0ed9a2ba7c3a4fced4bc46e41c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\AUTHORS.txt, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\config.txt, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\default.action, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\default.filter, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\LICENSE.txt, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\match-all.action, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\mgwz.dll, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\privoxy.exe, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\privoxy.log, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\privoxy_uninstall.exe, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\README.txt, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\trust.txt, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.action, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.action_empty, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.filter, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.filter_old, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\p_doc.css, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\coding.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\cvs.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\documentation.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\index.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\introduction.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\newrelease.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\testing.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\webserver-update.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\configuration.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\contact.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\copyright.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\general.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\index.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\installation.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\misc.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\trouble.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\images\files-in-use.jpg, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\images\proxy_setup.jpg, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\actions-file.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\appendix.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\config.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\configuration.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\contact.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\copyright.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\files-in-use.jpg, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\filter-file.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\index.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\installation.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\introduction.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\proxy2.jpg, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\proxy_setup.jpg, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\p_doc.css, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\quickstart.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\seealso.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\startup.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\templates.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\whatsnew.html, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\cgi-style.css, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\connect-failed, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-local-help, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-support-and-service, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-title, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-unstable-warning, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\no-such-domain, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\url-info-osd.xml, , [7fc43c40eb905bdb6f1bb4eef111c53b],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx, , [55ee5626d0ab6ccab4d051524db58779],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx, , [55ee5626d0ab6ccab4d051524db58779],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx, , [55ee5626d0ab6ccab4d051524db58779],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx, , [55ee5626d0ab6ccab4d051524db58779],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx, , [55ee5626d0ab6ccab4d051524db58779],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, , [d17282fafc7fa591c73ec1e5dd25ba46],
PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx, , [4ef59fdd6c0f38fed54b376f29d923dd],
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://speedial.com/?f=1&a=spd_frg01_14_25_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzztA0DyEtCtC0FyCyBtAtAtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtD0B0B0FyByB0AtG0AyCtA0DtGtDzytBtAtGtCtDtA0EtGyE0ByCyEyE0
Fzyzz0E0Dzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzy0C0E0F0FtAtG0A0C0DyEtGyBzztAtAtGyByD0C0FtGyD0B0F0EtA0FtDtC0DzytDyB2QtN1B1L1H1Ezu1O2U1M1B&cr=105310371&ir=",), ,[d2711567c4b789adc137327f2dd722de]
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "search_url": "http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frg01_14_25_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzztA0DyEtCtC0FyCyBtAtAtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtD0B0B0FyByB0AtG0AyCtA0DtGtDzytBtAtGtCtDtA0EtGyE0ByCyEy
E0Fzyzz0E0Dzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzy0C0E0F0FtAtG0A0C0DyEtGyBzztAtAtGyByD0C0FtGyD0B0F0EtA0FtDtC0DzytDyB2QtN1B1L1H1Ezu1O2U1M1B&cr=105310371&ir=",), ,[b68d43390f6c47ef15e4882981830bf5]
PUP.Optional.Speedial.A, C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://speedial.com/?f=1&a=spd_frg01_14_25_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzztA0DyEtCtC0FyCyBtAtAtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtD0B0B0FyByB0AtG0AyCtA0DtGtDzytBtAtGtCtDtA0EtGyE0ByCyEyE0F
zyzz0E0Dzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzy0C0E0F0FtAtG0A0C0DyEtGyBzztAtAtGyByD0C0FtGyD0B0F0EtA0FtDtC0DzytDyB2QtN1B1L1H1Ezu1O2U1M1B&cr=105310371&ir="), ,[76cd7309c2b996a0ea0a1f92b054bf41]
Physical Sectors: 0
(No malicious items detected)
(end)
Last edited by Broni; June 27th, 2014 at 05:11 PM.
-
June 24th, 2014, 05:23 AM
#17
-
June 24th, 2014, 08:51 PM
#18
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/...t-all-windows/
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
-
June 27th, 2014, 03:49 AM
#19
sub step 1
RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : marc [Admin rights]
Mode : Remove -- Date : 06/27/2014 00:06:40
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 30 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1092386263-3309754485-3337812885-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1092386263-3309754485-3337812885-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118 -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118 -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118 -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118 -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118 -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118 -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1092386263-3309754485-3337812885-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118 -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1092386263-3309754485-3337812885-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118 -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118 -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8118;https=127.0.0.1:8118 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.25 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.25 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.25 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DCD47EC2-8EC1-4A22-A1A9-CDBB6C4DE6AE} | DhcpNameServer : 192.168.0.1 205.171.2.25 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DCD47EC2-8EC1-4A22-A1A9-CDBB6C4DE6AE} | DhcpNameServer : 192.168.0.1 205.171.2.25 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DCD47EC2-8EC1-4A22-A1A9-CDBB6C4DE6AE} | DhcpNameServer : 192.168.0.1 205.171.2.25 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
¤¤¤ Scheduled tasks : 3 ¤¤¤
[Suspicious.Path] Speedial.job -- C:\Users\marc\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED
[Suspicious.Path] \\Speedial -- C:\Users\marc\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED
[Suspicious.Path] \Microsoft\Windows\Maintenance\Hyper Browser Update -- "%LOCALAPPDATA%\Hyper Browser\HyperBrowser.exe" (--Update) -> DELETED
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] y8sh48xl.default : TidyNetwork [TidyNetwork@TidyNetwork] -> NOT SELECTED
[PUP][FIREFX:Addon] y8sh48xl.default : V-bates [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] -> NOT SELECTED
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 3b07759acef5122e6742186bcda8ca48
[BSP] b83c17c6108cc9b6131b27fa2c9ae14d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: IOI CF/M icroDrive Disk.. USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: IOI SM/x D-Picture Disk.. USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: IOI SD/M MC Disk ... USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: IOI MS/M sPro Disk ... USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_SCN_06272014_000407.log
-
June 27th, 2014, 04:04 AM
#20
Well I do think there's some more work to do. But already I am seeing some improvement. I was able to post the above step without rebooting into safe mode which I couldn't do before. It seems there is a lot of adware that is still capturing the focus of my browses as switching me over to them rather than the link I click on.
Why did run that Malwarebytes Anti-Rootkit twice and was able to press the clean button on my first runs through, but apparently it was thoroughly clean according to that program since the clean button was not available if to the second scan finished. What follows is the logs from that program US for.
-
June 27th, 2014, 04:05 AM
#21
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.06.27.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17126
marc :: MARC-PC [administrator]
6/27/2014 12:59:22 AM
mbar-log-2014-06-27 (00-59-22).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 280108
Time elapsed: 14 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
-
June 27th, 2014, 04:07 AM
#22
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17126
Java version: 1.6.0_21
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.493000 GHz
Memory total: 6440538112, free: 2565541888
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17126
Java version: 1.6.0_21
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.493000 GHz
Memory total: 6440538112, free: 2579832832
Downloaded database version: v2014.06.27.02
Downloaded database version: v2014.06.23.02
=======================================
Initializing...
------------ Kernel report ------------
06/27/2014 00:31:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\CSCrySec.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\Drivers\GizmoDrv.SYS
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6032e.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\hcw89.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\PLTGC.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\shell32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imm32.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\sechost.dll
\Windows\System32\ole32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\gdi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80089ee060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xfffffa80089e9b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80089e5390
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000089\
Lower Device Object: 0xfffffa80089f4060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80089cc060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xfffffa80089d6b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80089976b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa80089d1060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800635c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800618c060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800635c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800635cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800635c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006198370, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800618c060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7B1F5308
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 3906820096
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80089976b0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80089f0040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80089976b0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80089d1060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80089cc060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80089f9490, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80089cc060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80089d6b60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80089e5390, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80089eeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80089e5390, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80089f4060, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80089ee060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80089c5040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80089ee060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80089e9b60, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Program Files\002\yewimmxqbs64.exe --> [Adware.Adpeak]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\yewimmxqbs64 --> [Adware.Adpeak]
Infected: C:\Program Files\002\yewimmxqbs64.exe --> [Adware.Adpeak]
Infected: C:\Users\marc\AppData\Roaming\serv\ConsumerInput.exe --> [Adware.Linkular]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: C:\Program Files (x86)\Common Files\System\1020\hlapp.dll --> [Trojan.LSPHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\FreeSoftToday --> [Adware.EoRezo]
Infected: C:\ProgramData\374311380 --> [Rogue.Multiple]
Infected: C:\ProgramData\374311380\BIT5255.tmp --> [Rogue.Multiple]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17126
Java version: 1.6.0_21
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.493000 GHz
Memory total: 6440538112, free: 4545523712
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17126
Java version: 1.6.0_21
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.493000 GHz
Memory total: 6440538112, free: 4080971776
Downloaded database version: v2014.06.27.02
Downloaded database version: v2014.06.23.02
Initializing...
======================
------------ Kernel report ------------
06/27/2014 00:59:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\CSCrySec.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\Drivers\GizmoDrv.SYS
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6032e.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\hcw89.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\drivers\PLTGC.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shell32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\user32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\sechost.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8007d17790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa8007d1ea20
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8007d18790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa8007d1e060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007d1a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000093\
Lower Device Object: 0xfffffa8007d1f060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007d19510
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000092\
Lower Device Object: 0xfffffa8007d0c750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006379730
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8005e63060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006379730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006379180, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006379730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005dfa3f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005e63060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7B1F5308
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 3906820096
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8007d19510, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d1a040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007d19510, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d0c750, DeviceName: \Device\00000092\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8007d1a790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d18040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007d1a790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d1f060, DeviceName: \Device\00000093\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8007d18790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d17040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007d18790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d1e060, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8007d17790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d16040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007d17790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d1ea20, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
-
June 27th, 2014, 05:10 PM
#23
Good
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
-
June 30th, 2014, 10:25 PM
#24
-
July 1st, 2014, 07:41 PM
#25
Originally Posted by Broni
Still with me?
Yes am still with you perhaps I was blowing out of proportion how long your above step would leave me without my computer because presently it is about my only entertainment though I should be receiving another computer some time in the next few weeks. Consequently I was preparing an audiobook to listen on my MP3 player before I started your next step but I am about to start your next step presently.
Thanks hope this explains.
-
July 1st, 2014, 07:52 PM
#26
I'm leaving for vacations so my friend Superdave will take over.
-
July 2nd, 2014, 01:39 AM
#27
OK Superdave
still more delays in doing that ComboFix scan and posting it here. I did it hours ago however I am talking to you fire speech dictation software and also use a screen reader and both were temporarily disabled by that program, but in the case of the screen reader reinstalling it fixed it and in the case of the dictation software restarting the computer fixed it.
So below is my posting of ComboFix log hope you can help me.
And thanks
-
July 2nd, 2014, 01:41 AM
#28
ComboFix 14-06-30.01 - marc 07/01/2014 17:50:48.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6142.4170 [GMT -6:00]
Running from: c:\users\marc\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\Install.exe
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\program files (x86)\opensource
c:\program files (x86)\opensource\Simple TTS Reader\Interop.SpeechLib.dll
c:\program files (x86)\opensource\Simple TTS Reader\License.txt
c:\program files (x86)\opensource\Simple TTS Reader\SimpleTTSReader.exe
c:\program files (x86)\opensource\Simple TTS Reader\Uninstall.exe
c:\users\marc\AppData\Roaming\Gizmo
c:\users\marc\AppData\Roaming\Gizmo\mru.xml
c:\users\marc\AppData\Roaming\Gizmo\update.xml
c:\users\marc\Desktop\Adware-Removal-Tool-v3.8.exe
c:\users\marc\Desktop\Internet Explorer.lnk
c:\users\marc\Documents\~WRL0391.tmp
c:\users\marc\Documents\~WRL0626.tmp
c:\windows\MICROSOFT
c:\windows\MICROSOFT\SystemUpdatekb70007\InstallerLibrary.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\Newtonsoft.Json.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\SQLite.Interop.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\System.Data.SQLite.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\win32.reg
c:\windows\SysWow64\tmp8D3B.tmp
c:\windows\SysWow64\tmp8D3C.tmp
c:\windows\TEMP\Temporary ASP.NET Files\root\a48595ab\94ea1464\assembly\dl3\1adebf6f\009a8ecc_f8bccb01_0\DataModel.DLL
c:\windows\TEMP\Temporary ASP.NET Files\root\a48595ab\94ea1464\assembly\dl3\27de261f\00a749ff_4cbecb01_0\MultiMediaServices.DLL
c:\windows\TEMP\Temporary ASP.NET Files\root\a48595ab\94ea1464\assembly\dl3\5fabe34f\00176979_f9bccb01_0\WinTVExtender.EXE
c:\windows\TEMP\Temporary ASP.NET Files\root\a48595ab\94ea1464\assembly\dl3\f2ad5cba\005c7ad8_f8bccb01_0\NativeMMS.DLL
c:\windows\TEMP\Temporary ASP.NET Files\root\a48595ab\94ea1464\assembly\dl3\fb93c8a3\0087a1df_2abecb01_0\ExtendPlugin.DLL
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-06-02 to 2014-07-02 )))))))))))))))))))))))))))))))
.
.
2014-07-02 00:27 . 2014-07-02 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-01 18:23 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01BD7DE2-D39D-403F-B1C2-54856990042F}\mpengine.dll
2014-06-27 16:08 . 2014-06-30 19:19 -------- d-----w- c:\users\marc\AppData\Local\CrashDumps
2014-06-27 06:31 . 2014-06-29 23:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-27 06:31 . 2014-06-27 06:59 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-27 06:30 . 2014-06-27 06:58 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-27 05:54 . 2014-06-27 05:54 -------- d-----w- c:\programdata\RogueKiller
2014-06-27 05:33 . 2014-06-29 14:20 -------- d-----w- c:\users\marc\AppData\Local\Adobe
2014-06-26 19:09 . 2014-06-26 19:09 -------- d-----w- c:\programdata\Globalscape
2014-06-26 19:09 . 2014-06-26 19:09 -------- d-----w- c:\users\marc\AppData\Local\Globalscape
2014-06-26 19:06 . 2014-06-26 19:06 -------- d-----w- c:\users\marc\AppData\Roaming\Globalscape
2014-06-26 19:04 . 2001-09-05 09:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-06-26 19:04 . 2001-09-05 09:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-06-26 19:04 . 2001-09-05 09:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-06-26 19:04 . 2001-09-05 09:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-06-26 19:04 . 2002-07-25 21:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-06-26 19:04 . 2014-06-26 19:04 -------- d-----w- c:\program files (x86)\Globalscape
2014-06-26 03:57 . 2014-06-26 03:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-06-26 03:49 . 2014-06-26 03:49 -------- d-----w- c:\users\marc\AppData\Local\globalUpdate
2014-06-26 03:49 . 2014-06-26 03:49 -------- d-----w- c:\program files (x86)\globalUpdate
2014-06-26 03:48 . 2014-06-26 04:56 -------- d-----w- c:\users\marc\AppData\Local\MPCBrowser
2014-06-24 10:55 . 2014-06-24 10:55 -------- d-----w- c:\program files\SmartFTP Client
2014-06-24 10:54 . 2014-06-24 10:54 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2014-06-24 10:18 . 2014-06-24 10:18 -------- d-----w- c:\users\marc\AppData\Roaming\SmartFTP
2014-06-24 07:57 . 2014-06-24 07:59 -------- d-sh--w- c:\users\marc\wc
2014-06-24 07:56 . 2014-06-24 07:57 -------- d-sh--w- c:\users\marc\AppData\Roaming\wyUpdate AU
2014-06-24 07:36 . 2014-06-24 07:39 -------- d-----w- c:\users\marc\AppData\Roaming\GSplit
2014-06-24 07:36 . 2014-06-24 07:36 -------- d-----w- c:\program files (x86)\Common Files\GSplit
2014-06-24 07:36 . 2014-06-24 07:36 -------- d-----w- c:\program files (x86)\GSplit
2014-06-18 18:39 . 2014-06-18 18:39 -------- d-----w- c:\users\marc\AppData\Roaming\6773
2014-06-17 23:14 . 2014-06-17 23:14 -------- d-----w- c:\users\marc\AppData\Roaming\Nuance
2014-06-17 22:31 . 2014-06-17 22:31 -------- d-----w- c:\program files (x86)\Common Files\IVA
2014-06-17 22:30 . 2014-06-17 23:28 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2014-06-17 22:28 . 2014-06-17 22:28 -------- d-----w- c:\programdata\Nuance
2014-06-17 22:28 . 2014-06-17 22:28 -------- d-----w- c:\program files (x86)\Nuance
2014-06-17 20:08 . 2014-07-01 20:40 -------- d-----w- C:\from seedbox
2014-06-17 04:02 . 2014-06-26 19:01 -------- d-----w- c:\users\marc\AppData\Roaming\FileZilla
2014-06-17 04:02 . 2014-06-17 04:02 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2014-06-17 03:58 . 2014-06-24 05:49 -------- d-----w- c:\users\marc\AppData\Roaming\Speedial
2014-06-17 03:57 . 2014-06-17 03:57 -------- d-----w- c:\program files (x86)\Speedial
2014-06-16 19:43 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-06-16 19:43 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-06-16 19:43 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-16 19:43 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-16 19:43 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-06-16 19:43 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-06-16 19:43 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2014-06-16 19:43 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-06-16 18:27 . 2014-06-27 06:31 -------- d-----w- c:\programdata\Malwarebytes
2014-06-16 18:27 . 2014-06-18 14:20 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-14 20:23 . 2014-06-14 22:04 -------- d-----w- c:\users\marc\AppData\Roaming\LavasoftStatistics
2014-06-14 20:22 . 2014-06-14 22:50 -------- d-----w- c:\program files\Lavasoft
2014-06-14 20:21 . 2014-06-14 21:57 -------- d-----w- c:\program files (x86)\Lavasoft
2014-06-14 20:18 . 2014-06-14 22:50 -------- d-----w- c:\programdata\Lavasoft
2014-06-14 14:09 . 2014-06-14 14:09 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2014-06-14 14:09 . 2014-06-14 14:12 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-06-14 14:09 . 2014-06-14 14:09 -------- d-----w- c:\program files\Common Files\Microsoft
2014-06-13 19:12 . 2014-05-30 10:22 871936 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-06-13 19:12 . 2014-05-30 08:49 195584 ----a-w- c:\windows\system32\msrating.dll
2014-06-13 19:12 . 2014-05-30 07:56 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-06-13 19:12 . 2014-05-30 07:20 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-06-13 19:12 . 2014-05-30 07:13 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-06-13 19:12 . 2014-06-02 06:03 293080 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-06-13 19:12 . 2014-05-30 10:21 23414784 ----a-w- c:\windows\system32\mshtml.dll
2014-06-13 19:12 . 2014-05-30 09:11 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-13 19:12 . 2014-05-30 08:46 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-06-13 18:47 . 2014-06-16 12:42 -------- d-----w- c:\users\marc\AppData\Local\Diagnostics
2014-06-13 12:39 . 2014-06-14 10:43 -------- d-----w- c:\program files (x86)\Software Guardian
2014-06-13 12:37 . 2014-06-13 12:37 -------- d-----w- c:\users\marc\AppData\Roaming\Itibiti
2014-06-12 09:42 . 2014-06-12 09:42 -------- d-----w- c:\windows\Sun
2014-06-12 09:38 . 2014-06-13 14:45 -------- d-----w- c:\program files\Common Files\Goobzo
2014-06-12 05:44 . 2014-06-12 06:26 -------- d-----w- C:\justseedit_downloader
2014-06-12 05:40 . 2014-05-07 21:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-10 18:15 . 2014-06-10 18:21 -------- d-----w- c:\users\marc\AppData\Roaming\dBpoweramp
2014-06-04 19:34 . 2014-06-10 18:18 -------- d-----w- c:\users\marc\AppData\Roaming\AccurateRip
2014-06-04 19:34 . 2014-06-04 19:34 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2014-06-04 19:34 . 2014-06-04 19:34 -------- d-----w- c:\program files (x86)\Illustrate
2014-06-02 20:15 . 2014-06-15 03:31 -------- d-----w- c:\program files\EqualizerAPO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-27 02:46 . 2013-12-16 21:09 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-27 02:46 . 2013-12-16 21:09 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-14 09:12 . 2013-12-15 16:36 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-09 14:08 . 2014-05-30 17:32 628288 ----a-w- c:\windows\system32\drivers\klif.sys
2014-06-09 14:08 . 2014-05-30 17:32 92768 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-06-07 16:25 . 2013-12-16 00:29 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-06-07 16:25 . 2013-12-16 00:28 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-06-07 16:25 . 2013-12-16 00:28 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-05-30 18:36 . 2012-08-02 21:09 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-05-30 18:36 . 2013-11-12 04:18 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-05-20 13:03 . 2014-05-20 13:03 45384 ----a-w- c:\windows\SysWow64\DiscHandler.exe
2014-05-13 15:05 . 2014-05-13 15:05 4009984 ----a-w- c:\windows\system32\ffmpeg.dll
2014-05-13 15:05 . 2014-05-13 15:05 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2014-05-13 15:05 . 2014-05-13 15:05 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2014-05-13 15:05 . 2014-05-13 15:05 4374528 ----a-w- c:\windows\system32\ffdshow.ax
2014-05-13 15:04 . 2014-05-13 15:04 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2014-05-13 15:04 . 2014-05-13 15:04 222720 ----a-w- c:\windows\system32\ff_libdts.dll
2014-05-13 15:04 . 2014-05-13 15:04 156672 ----a-w- c:\windows\system32\ff_libmad.dll
2014-05-13 15:04 . 2014-05-13 15:04 116224 ----a-w- c:\windows\system32\ff_liba52.dll
2014-05-13 15:04 . 2014-05-13 15:04 114688 ----a-w- c:\windows\system32\ff_wmv9.dll
2014-05-13 15:04 . 2014-05-13 15:04 190464 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2014-05-13 15:04 . 2014-05-13 15:04 183296 ----a-w- c:\windows\system32\ff_unrar.dll
2014-05-13 15:04 . 2014-05-13 15:04 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll
2014-05-13 15:02 . 2014-05-13 15:02 3916288 ----a-w- c:\windows\SysWow64\ffmpeg.dll
2014-05-13 15:01 . 2014-05-13 15:01 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2014-05-13 15:01 . 2014-05-13 15:01 3502592 ----a-w- c:\windows\SysWow64\ffdshow.ax
2014-05-13 15:01 . 2014-05-13 15:01 271360 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
2014-05-13 15:00 . 2014-05-13 15:00 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
2014-05-13 15:00 . 2014-05-13 15:00 157184 ----a-w- c:\windows\SysWow64\ff_unrar.dll
2014-05-13 15:00 . 2014-05-13 15:00 211968 ----a-w- c:\windows\SysWow64\ff_libdts.dll
2014-05-13 15:00 . 2014-05-13 15:00 1525760 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
2014-05-13 15:00 . 2014-05-13 15:00 147456 ----a-w- c:\windows\SysWow64\ff_libmad.dll
2014-05-13 15:00 . 2014-05-13 15:00 114688 ----a-w- c:\windows\SysWow64\ff_liba52.dll
2014-05-13 15:00 . 2014-05-13 15:00 136704 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll
2014-05-09 06:14 . 2014-05-14 12:10 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 12:10 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-01 16:02 . 2014-05-01 16:02 428792 ----a-w- c:\windows\system32\cdxareader.ax
2014-05-01 15:56 . 2014-05-01 15:56 368888 ----a-w- c:\windows\SysWow64\cdxareader.ax
2014-04-12 02:22 . 2014-05-14 11:42 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 11:42 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 11:42 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 11:42 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 11:42 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 11:42 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 11:42 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 11:42 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 11:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-04-09 13:13 . 2014-04-09 13:13 489064 ----a-w- C:\SecurityScanner.dll
2014-04-08 20:50 . 2014-04-08 20:50 235520 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2014-04-08 20:50 . 2014-04-08 20:50 632320 ----a-w- c:\windows\SysWow64\xvidcore.dll
2014-04-08 15:30 . 2014-04-08 15:30 7682192 ----a-w- c:\windows\system32\avcodec-lav-55.dll
2014-04-08 15:30 . 2014-04-08 15:30 570512 ----a-w- c:\windows\system32\LAVSplitter.ax
2014-04-08 15:30 . 2014-04-08 15:30 441488 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
2014-04-08 15:30 . 2014-04-08 15:30 430736 ----a-w- c:\windows\system32\swscale-lav-2.dll
2014-04-08 15:30 . 2014-04-08 15:30 401040 ----a-w- c:\windows\system32\avutil-lav-52.dll
2014-04-08 15:30 . 2014-04-08 15:30 302224 ----a-w- c:\windows\system32\LAVAudio.ax
2014-04-08 15:30 . 2014-04-08 15:30 286352 ----a-w- c:\windows\system32\libbluray.dll
2014-04-08 15:30 . 2014-04-08 15:30 250512 ----a-w- c:\windows\system32\avfilter-lav-4.dll
2014-04-08 15:30 . 2014-04-08 15:30 161424 ----a-w- c:\windows\system32\avresample-lav-1.dll
2014-04-08 15:30 . 2014-04-08 15:30 1251984 ----a-w- c:\windows\system32\avformat-lav-55.dll
2014-04-08 15:30 . 2014-04-08 15:30 1109136 ----a-w- c:\windows\system32\LAVVideo.ax
2014-04-08 15:29 . 2014-04-08 15:29 411280 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll
2014-04-08 15:29 . 2014-04-08 15:29 238736 ----a-w- c:\windows\SysWow64\libbluray.dll
2014-04-08 15:29 . 2014-04-08 15:29 934544 ----a-w- c:\windows\SysWow64\LAVVideo.ax
2014-04-08 15:29 . 2014-04-08 15:29 7186064 ----a-w- c:\windows\SysWow64\avcodec-lav-55.dll
2014-04-08 15:29 . 2014-04-08 15:29 478864 ----a-w- c:\windows\SysWow64\LAVSplitter.ax
2014-04-08 15:29 . 2014-04-08 15:29 412304 ----a-w- c:\windows\SysWow64\avutil-lav-52.dll
2014-04-08 15:29 . 2014-04-08 15:29 344720 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll
2014-04-08 15:29 . 2014-04-08 15:29 263824 ----a-w- c:\windows\SysWow64\LAVAudio.ax
2014-04-08 15:29 . 2014-04-08 15:29 241296 ----a-w- c:\windows\SysWow64\avfilter-lav-4.dll
2014-04-08 15:29 . 2014-04-08 15:29 152208 ----a-w- c:\windows\SysWow64\avresample-lav-1.dll
2014-04-08 15:29 . 2014-04-08 15:29 1293456 ----a-w- c:\windows\SysWow64\avformat-lav-55.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
2014-05-26 22:38 195872 ----a-w- c:\program files\V-bates\Extension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-05-14 14:18 1730264 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-05-14 14:18 1730264 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-05-14 14:18 1730264 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-05-30 18:14 458944 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-13 2068856]
"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2014-01-09 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-12 356128]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe /QUIET [2013-12-15 117344]
Gizmo.lnk - c:\program files (x86)\Gizmo\gizmo.exe /NoSplash /NoShow [2014-1-9 223640]
WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2013-12-15 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HighliteApp_1020;HighliteApp Update ;c:\program files (x86)\Common Files\Services\1020\hlupdate.exe;c:\program files (x86)\Common Files\Services\1020\hlupdate.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [x]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;c:\windows\system32\drivers\Envy24HF.sys;c:\windows\SYSNATIVE\drivers\Envy24HF.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys;c:\windows\SYSNATIVE\drivers\ksaud.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]
S2 Hauppauge WinTV Extender;Hauppauge WinTV Extender;c:\progra~2\WinTV\Extend\WINTVE~1.EXE;c:\progra~2\WinTV\Extend\WINTVE~1.EXE [x]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE;c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE [x]
S2 MediaDevSrv;MediaDevSrv;c:\programdata\MediaDev\1401594752\mediadev.exe;c:\programdata\MediaDev\1401594752\mediadev.exe [x]
S2 Mext Guard;Mext Guard;c:\program files\V-bates\guardsvc.exe;c:\program files\V-bates\guardsvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [x]
S2 V-bates Updater;V-bates Updater;c:\program files\V-bates\ExtensionUpdaterService.exe;c:\program files\V-bates\ExtensionUpdaterService.exe [x]
S2 WinDevSvc;WinDevSvc;c:\programdata\Online\sv.exe;c:\programdata\Online\sv.exe [x]
S3 cmudaxp;ASUS Xonar D2 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys;c:\windows\SYSNATIVE\DRIVERS\hcw89.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys;c:\windows\SYSNATIVE\drivers\PLTGC.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 00:37 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 02:46]
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-15 17:07]
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-15 17:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-05-14 14:15 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-05-14 14:15 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-05-14 14:15 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-05-30 18:15 491200 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative SB Monitoring Utility"="sbavmon.dll" [2010-01-12 109056]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"Plantronics MyHeadset Updater"="c:\program files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe" [2013-04-04 78336]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2013-05-09 776480]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2010-09-16 8761344]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"V-bates"="c:\program files\V-bates\notifier.exe" [2014-05-26 375584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.istsearch.com
mStart Page = hxxp://speedial.com/?f=1&a=spd_frg01_14_25_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzztA0DyEtCtC0FyCyBtAtAtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtD0B0B0FyByB0AtG0AyCtA0DtGtDzytBtAtGtCtDtA0EtGyE0ByCyEyE0Fzyzz0E0Dzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzy0C0E0F0FtAtG0A0C0DyEtGyBzztAtAtGyByD0C0FtGyD0B0F0EtA0FtDtC0DzytDyB2QtN1B1L1H1Ezu1O2U1M1B&cr=105310371&ir=
mSearch Bar = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\y8sh48xl.default\
FF - prefs.js: browser.search.selectedEngine - Speedial
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - user.js: extensions.nspdlsd.aflt - spd_frg01_14_25_ff
FF - user.js: extensions.nspdlsd.instlRef - 142905_b
FF - user.js: extensions.nspdlsd.cr - 105310371
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzutDtDtBtByCzztA0DyEtCtC0FyCyBtAtAtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtD0B0B0FyByB0AtG0AyCtA0DtGtDzytBtAtGtCtDtA0EtGyE0ByCyEyE0Fzyzz0E0Dzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzy0C0E0F0FtAtG0A0C0DyEtGyBzztAtAtGyByD0C0FtGyD0B0F0EtA0FtDtC0DzytDyB2QtN1B1L1H1Ezu1O2U1M1B
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2c774641-5504-46a8-b63f-6715ae3fe376} - (no file)
BHO-{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-fst_us_67 - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-F2D27FC4-F5BE-6204-B4D0-0F1F095AF149 - c:\program files (x86)\click-n-mark-soft\Uninstall.exe
AddRemove-USB Sound Blaster HD Windows Drivers - c:\program files (x86)\Creative\USB Sound Blaster HD\Program\SETUP.EXE
AddRemove-{85CBCC28-E397-4fcd-802E-100BE5F064A2} - c:\program files (x86)\OpenSource\Simple TTS Reader\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\progra~2\WinTV\TVServer\CAPTUR~4.EXE
c:\progra~2\WinTV\TVServer\CAPTUR~4.EXE
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2014-07-01 18:48:29 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-02 00:48
.
Pre-Run: 663,250,833,408 bytes free
Post-Run: 673,551,851,520 bytes free
.
- - End Of File - - 3510CFAE0C3FE800DA7B7B9B28183B41
A36C5E4F47E84449FF07ED3517B43A31
-
July 11th, 2014, 06:26 PM
#29
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
July 19th, 2014, 06:43 PM
#30
bump...are you still with Superdave?
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|