Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG showing trojan threats constantly [Solved]

Started by k_barta2005 , Aug 28 2013 12:09 PM

  • This topic is locked This topic is locked

#31
k_barta2005
Posted 04 September 2013 - 01:20 PM

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1. Let me know if you were able to uninstall any programs
I uninstalled Adv Care 6 and AVG yesterday.

2. The OFL fixes log

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Process adawarebp.exe killed successfully!
Process ioloServiceManager.exe killed successfully!
No active process named ASCService.exe was found!
No active process named Monitor.exe was found!
No active process named ASCTray.exe was found!
Service vseqrts stopped successfully!
Service vseqrts deleted successfully!
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe moved successfully.
Error: Unable to stop service vsedsps!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsedsps deleted successfully.
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe moved successfully.
Service vseamps stopped successfully!
Service vseamps deleted successfully!
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe moved successfully.
Service ioloSystemService stopped successfully!
Service ioloSystemService deleted successfully!
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe moved successfully.
Service ioloFileInfoList stopped successfully!
Service ioloFileInfoList deleted successfully!
File C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe not found.
Error: No service named AdvancedSystemCareService6 was found to stop!
Service\Driver key AdvancedSystemCareService6 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe not found.
Service AMP stopped successfully!
Service AMP deleted successfully!
C:\Windows\SysNative\drivers\amp.sys moved successfully.
Service AMPSE stopped successfully!
Service AMPSE deleted successfully!
C:\Windows\SysNative\drivers\ampse.sys moved successfully.
Service gfiark stopped successfully!
Service gfiark deleted successfully!
C:\Windows\SysNative\drivers\gfiark.sys moved successfully.
Service gfibto stopped successfully!
Service gfibto deleted successfully!
C:\Windows\SysNative\drivers\gfibto.sys moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection deleted successfully.
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3130090504-1924379729-1071845134-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\FamilyRoom\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Program Files (x86)\AVG\AVG2013\Tuneup folder moved successfully.
C:\Program Files (x86)\AVG\AVG2013\sounds folder moved successfully.
C:\Program Files (x86)\AVG\AVG2013\html\reportcard folder moved successfully.
C:\Program Files (x86)\AVG\AVG2013\html folder moved successfully.
C:\Program Files (x86)\AVG\AVG2013\3rd_party\licenses folder moved successfully.
C:\Program Files (x86)\AVG\AVG2013\3rd_party folder moved successfully.
C:\Program Files (x86)\AVG\AVG2013 folder moved successfully.
C:\Program Files (x86)\AVG folder moved successfully.
C:\Windows\SysWOW64\iolo.ini moved successfully.
C:\Windows\SysNative\iolo.ini moved successfully.
C:\Users\Default\AppData\Roaming\iolo folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\iolo\ not found.
C:\Users\FamilyRoom\AppData\Roaming\Ad-Aware Antivirus\Logs\20130826T223916.831681PID3156 folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\Ad-Aware Antivirus\Logs\20130826T223635.915871PID8260 folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\Ad-Aware Antivirus\Logs\20130826T223635.713071PID10000 folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V6\DiskCheck folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\IObit folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\iolo\SafetyNet\Temp folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\iolo\SafetyNet folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\iolo\Registry\Working folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\iolo\Registry\Last folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\iolo\Registry folder moved successfully.
C:\Users\FamilyRoom\AppData\Roaming\iolo folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\FamilyRoom\Desktop\cmd.bat deleted successfully.
C:\Users\FamilyRoom\Desktop\cmd.txt deleted successfully.
C:\Program Files\Common Files\Authentium\AntiVirus5\ampse folder moved successfully.
C:\Program Files\Common Files\Authentium\AntiVirus5\ampmf folder moved successfully.
C:\Program Files\Common Files\Authentium\AntiVirus5 folder moved successfully.
C:\Program Files\Common Files\Authentium folder moved successfully.
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield folder moved successfully.
C:\Program Files (x86)\iolo\System Mechanic Professional folder moved successfully.
C:\Program Files (x86)\iolo\Common\System Shield folder moved successfully.
C:\Program Files (x86)\iolo\Common\Lib folder moved successfully.
C:\Program Files (x86)\iolo\Common folder moved successfully.
C:\Program Files (x86)\iolo folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbox_Download folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\SecurityHole_Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BootTimeLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\SecurityHole_Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\BootTimeLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 09042013_132309

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




3. The asMBR log
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-04 14:31:08
-----------------------------
14:31:08.911 OS Version: Windows x64 6.1.7601 Service Pack 1
14:31:08.911 Number of processors: 6 586 0xA00
14:31:08.912 ComputerName: FAMILYROOM-PC UserName: FamilyRoom
14:31:09.968 Initialize success
14:32:28.023 AVAST engine defs: 13090400
14:32:42.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
14:32:42.685 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
14:32:42.765 Disk 0 MBR read successfully
14:32:42.767 Disk 0 MBR scan
14:32:42.772 Disk 0 Windows VISTA default MBR code
14:32:42.774 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:32:42.776 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10842 MB offset 81920
14:32:42.779 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942986 MB offset 22286336
14:32:42.787 Disk 0 scanning C:\Windows\system32\drivers
14:32:50.356 Service scanning
14:33:07.651 Modules scanning
14:33:07.661 Disk 0 trace - called modules:
14:33:07.673 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
14:33:07.675 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ae9060]
14:33:07.678 3 CLASSPNP.SYS[fffff880015c243f] -> nt!IofCallDriver -> [0xfffffa8006b0f040]
14:33:07.680 5 amdxata.sys[fffff880010f47a8] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8006b0e060]
14:33:09.349 AVAST engine scan C:\Windows
14:33:11.577 AVAST engine scan C:\Windows\system32
14:35:54.423 AVAST engine scan C:\Windows\system32\drivers
14:36:03.606 AVAST engine scan C:\Users\FamilyRoom
14:47:26.867 Disk 0 MBR has been saved successfully to "C:\Users\FamilyRoom\Desktop\MBR.dat"
14:47:26.874 The log file has been saved successfully to "C:\Users\FamilyRoom\Desktop\aswMBR.txt"




4. The RKreport.txt log
RogueKiller V8.6.9 _x64_ [Sep 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : FamilyRoom [Admin rights]
Mode : Scan -- Date : 09/04/2013 15:11:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] DSite.job : C:\Users\FAMILY~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][SUSP PATH] DSite : C:\Users\FAMILY~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
--- User ---
[MBR] df9bc8f485b4effa14238177e64f5154
[BSP] 4556c1c5d7172108693fe5d86725391e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10842 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22286336 | Size: 942986 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_09042013_151116.txt >>






5. The AdwCleaner[R0].txt log

# AdwCleaner v3.002 - Report created 04/09/2013 at 15:15:57
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : FamilyRoom - FAMILYROOM-PC
# Running from : C:\Users\FamilyRoom\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
File Found : C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Found : C:\Windows\System32\Tasks\DSite
File Found : C:\Windows\Tasks\DSite.job
Folder Found : C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Folder Found C:\Program Files (x86)\adawaretb
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\FamilyRoom\AppData\Local\apn
Folder Found C:\Users\FamilyRoom\AppData\Local\Conduit
Folder Found C:\Users\FamilyRoom\AppData\Local\cre
Folder Found C:\Users\FamilyRoom\AppData\LocalLow\Conduit
Folder Found C:\Users\FamilyRoom\AppData\LocalLow\PriceGong
Folder Found C:\Users\FamilyRoom\AppData\LocalLow\WhiteSmoke_B
Folder Found C:\Users\FamilyRoom\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Found C:\Users\FamilyRoom\AppData\Roaming\BabSolution
Folder Found C:\Users\FamilyRoom\AppData\Roaming\Babylon
Folder Found C:\Users\FamilyRoom\AppData\Roaming\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\adawaretb
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_B
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\d68bd9b73be541
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\d68bd9b73be541
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2901C264-FCCB-4A2D-A8B8-9CD6FA4FC366}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0428D41-23BE-46B5-8C9F-D3991660D732}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_testdisk_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_testdisk_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\WhiteSmoke_B
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=F0E0204E7FEA9E86&affID=119351&tsp=4994

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [9701 octets] - [04/09/2013 15:15:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9761 octets] ##########
  • 0

Advertisements

#32
godawgs
Posted 05 September 2013 - 12:28 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK. The OTL fix removed the residual antivirus services, processes, files and folders and some registry keys. The aswMBR scan shows the master boot record to be clean. And RogueKiller found the zeroaccess infection so let's see it it will kill it.


Run RogueKiller

Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click the Scan button and wait for the scan to complete.
  • Click the Registry tab and remove the checkmarks in the following boxes:
    • [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    • [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    • [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    • [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
  • Click on the Delete button.

    Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
Please post:
The RKreport.txt files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The RogueKiller[0]_D_xxxxxxxx.xxxxxx.log
2. The RogueKiller[0]_SC_xxxxxxxx.xxxxxx.log
  • 0

#33
k_barta2005
Posted 06 September 2013 - 03:24 PM

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Okay, here is the first log:

RogueKiller V8.6.9 _x64_ [Sep 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : FamilyRoom [Admin rights]
Mode : Remove -- Date : 09/05/2013 20:50:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] DSite.job : C:\Users\FAMILY~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED
[V2][SUSP PATH] DSite : C:\Users\FAMILY~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> NOT SELECTED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
--- User ---
[MBR] df9bc8f485b4effa14238177e64f5154
[BSP] 4556c1c5d7172108693fe5d86725391e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10842 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22286336 | Size: 942986 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_09052013_205054.txt >>
RKreport[0]_S_09042013_151116.txt;RKreport[0]_S_09052013_203714.txt;RKreport[0]_S_09052013_204720.txt




And here is the second log:



RogueKiller V8.6.9 _x64_ [Sep 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : FamilyRoom [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/05/2013 21:00:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 12 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 20 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 2 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[Q:] \Device\SftVol -- 0x3 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[0]_SC_09052013_210017.txt >>
RKreport[0]_D_09052013_205054.txt;RKreport[0]_S_09042013_151116.txt;RKreport[0]_S_09052013_203714.txt
RKreport[0]_S_09052013_204720.txt
  • 0

#34
godawgs
Posted 06 September 2013 - 08:54 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK. Looks like RogueKiller got the bugger. Let's see if ComboFix will run now. If it doesn't run in normal maode we will try in safe mode.


Step-1.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • ComboFix will then extract it's files before beginning the scan.

    Posted Image
  • When the scan begins you will see a window like the image below. Although the program states that the scan typically doesn't take more than 10 minutes there are 50 stages or so that it goes through. On a severely infected machine it can take much longer so please be patient.

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

If comboFix ran to completion this time please post the ComboFix.txt log. If it still didn't run let's try it from Safe Mode.

Reboot into Safe Mode.

  • Restart Windows in Safe Mode. To do that....
  • Restart your computer and as soon as it starts booting up again continuously tap the F8 key.
  • An Advanced Boot Options screen will come up where you will be given the option to enter Safe Mode.
    NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
    Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
  • Use the down arrow key to highlight Safe Mode and push the ENTER key (I know the screenshot has Repair Your Computer highlighted but you want Safe Mode).
Windows 7
Posted Image

Now run ComboFix using the instrucrions above and post the ComboFix.txt log
  • 0

#35
k_barta2005
Posted 08 September 2013 - 06:48 AM

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Okay, so I ran into some problems. I started up ComboFix and it was running fine, about 30min. in it had only gotten to stage 4. So I left it alone and came back to it at the end of the day, and 8 hours later it was still at stage 4. So I closed the programs out and booted up the computer in Safe Mode and tried it twice there, and this time the blue scanning screen wouldn't even come up. :wacko:
  • 0

#36
godawgs
Posted 08 September 2013 - 08:58 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
That's ok. :) Some machines just won't run ComboFix. But I want to make sure that the zeroaccess infection is completely gone. Please get me a new FRST scan using the directions (except for the part about downloading the program) in Step 1 of post #22 and post the FRST.txt log.
  • 0

#37
k_barta2005
Posted 08 September 2013 - 10:58 AM

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here you go...


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013
Ran by FamilyRoom (administrator) on FAMILYROOM-PC on 08-09-2013 12:55:52
Running from C:\Users\FamilyRoom\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Advanced Micro Devices) c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Spotify Ltd) C:\Users\FamilyRoom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Farbar) C:\Users\FamilyRoom\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-18] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [FileOpenBroker] - C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1086848 2012-04-30] (FileOpen Systems Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Spotify Web Helper] - C:\Users\FamilyRoom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-13] (Spotify Ltd)
HKCU\...\Run: [Facebook Update] - C:\Users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-09] (Facebook Inc.)
HKCU\...\Run: [Spotify] - C:\Users\FamilyRoom\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-13] (Spotify Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-11-14] (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
BootExecute: autocheck autochk /k:C *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-se...119351&tsp=4994
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {21A19E1F-C698-4F18-8150-EADC5C5BF1A0} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...119351&tsp=4994
SearchScopes: HKCU - {21A19E1F-C698-4F18-8150-EADC5C5BF1A0} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {4E5655CD-B292-4F76-90A3-CCB46D627E8E} URL = http://websearch.ask...11-D22539FD5C3C
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB
Handler: cozi - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: cozi - No CLSID Value -
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR DefaultSearchURL: (Delta Search) - http://www2.delta-se...119351&tsp=4994
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Comrade Plugin) - C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Musicnotes) - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\FamilyRoom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (SOE Web Installer) - C:\Users\FamilyRoom\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Skype Click to Call) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (WhiteSmoke B) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.19.2.505_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\FamilyRoom\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-28] (Advanced Micro Devices, Inc.)
R2 FileOpenManagerSvc; C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [334720 2012-04-30] (FileOpen Systems Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-02-02] (Alcatel-Lucent)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S1 FileDisk; No ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-08 12:53 - 2013-09-08 12:53 - 01948988 _____ (Farbar) C:\Users\FamilyRoom\Downloads\FRST64 (2).exe
2013-09-08 08:36 - 2013-09-08 08:36 - 00013537 _____ C:\Users\FamilyRoom\Desktop\ComboFix.exe - Shortcut.lnk
2013-09-08 08:35 - 2013-09-08 08:35 - 05120615 ____R (Swearware) C:\Users\FamilyRoom\Downloads\ComboFix.exe
2013-09-07 21:39 - 2013-09-07 22:12 - 00000000 ___SD C:\ComboFix
2013-09-07 13:42 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-07 13:42 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-07 13:42 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-07 13:42 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-07 13:42 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-07 13:42 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-07 13:42 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-07 13:42 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-07 07:13 - 2013-09-08 12:49 - 00000401 _____ C:\Users\FamilyRoom\Desktop\intructions_2.txt
2013-09-05 21:00 - 2013-09-05 21:00 - 00001542 _____ C:\Users\FamilyRoom\Desktop\RKreport[0]_SC_09052013_210017.txt
2013-09-05 20:50 - 2013-09-05 20:50 - 00005087 _____ C:\Users\FamilyRoom\Desktop\RKreport[0]_D_09052013_205054.txt
2013-09-05 20:47 - 2013-09-05 20:47 - 00004820 _____ C:\Users\FamilyRoom\Desktop\RKreport[0]_S_09052013_204720.txt
2013-09-05 20:37 - 2013-09-05 20:37 - 00004786 _____ C:\Users\FamilyRoom\Desktop\RKreport[0]_S_09052013_203714.txt
2013-09-04 15:52 - 2013-09-04 15:52 - 04745728 _____ (AVAST Software) C:\Users\FamilyRoom\Downloads\aswmbr (1).exe
2013-09-04 15:17 - 2013-09-04 15:17 - 00009893 _____ C:\Users\FamilyRoom\Desktop\AdwCleaner[R0].txt
2013-09-04 15:15 - 2013-09-04 15:16 - 00000000 ____D C:\AdwCleaner
2013-09-04 15:14 - 2013-09-04 15:14 - 01037222 _____ C:\Users\FamilyRoom\Downloads\AdwCleaner.exe
2013-09-04 15:14 - 2013-09-04 15:14 - 01037222 _____ C:\Users\FamilyRoom\Desktop\AdwCleaner.exe
2013-09-04 15:09 - 2013-09-05 20:50 - 00000000 ____D C:\Users\FamilyRoom\Desktop\RK_Quarantine
2013-09-04 15:08 - 2013-09-04 15:08 - 03787264 _____ C:\Users\FamilyRoom\Downloads\RogueKillerX64 (2).exe
2013-09-04 15:08 - 2013-09-04 15:08 - 03787264 _____ C:\Users\FamilyRoom\Desktop\RogueKillerX64 (2).exe
2013-09-04 14:49 - 2013-09-04 14:50 - 00044119 _____ C:\Users\FamilyRoom\Desktop\FRST.txt
2013-09-04 14:47 - 2013-09-04 14:47 - 00001925 _____ C:\Users\FamilyRoom\Desktop\aswMBR.txt
2013-09-04 14:47 - 2013-09-04 14:47 - 00000512 _____ C:\Users\FamilyRoom\Desktop\MBR.dat
2013-09-04 13:47 - 2013-09-07 22:17 - 00012930 _____ C:\Windows\PFRO.log
2013-09-04 13:24 - 2013-09-04 13:57 - 00023780 _____ C:\Users\FamilyRoom\Desktop\09042013_132309.log
2013-09-04 10:02 - 2013-09-08 08:42 - 00000168 _____ C:\Windows\setupact.log
2013-09-04 10:02 - 2013-09-04 10:02 - 00000000 _____ C:\Windows\setuperr.log
2013-09-04 07:31 - 2013-09-04 07:31 - 00110080 _____ (Thomas Hoen - T-Tools) C:\Users\FamilyRoom\Downloads\BitRemover.exe
2013-09-04 07:31 - 2013-09-04 07:31 - 00110080 _____ (Thomas Hoen - T-Tools) C:\Users\FamilyRoom\Desktop\BitRemover.exe
2013-09-03 19:56 - 2013-09-08 08:43 - 00000396 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_FamilyRoom.job
2013-09-03 19:56 - 2013-09-07 20:02 - 00003000 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_FamilyRoom
2013-09-03 19:56 - 2013-09-07 20:02 - 00002996 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_FamilyRoom
2013-09-03 19:56 - 2013-09-07 20:02 - 00000390 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_FamilyRoom.job
2013-09-03 19:56 - 2013-09-07 20:02 - 00000386 _____ C:\Windows\Tasks\ReclaimerUpdateXML_FamilyRoom.job
2013-09-03 19:56 - 2013-09-03 19:56 - 00003642 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_FamilyRoom
2013-09-03 19:56 - 2013-09-03 19:56 - 00002704 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_FamilyRoom
2013-09-03 19:02 - 2013-09-03 19:02 - 00000056 _____ C:\Users\FamilyRoom\AppData\Roaming\WB.CFG
2013-09-03 17:03 - 2013-09-03 17:04 - 01950416 _____ (Farbar) C:\Users\FamilyRoom\Downloads\FRST64.exe
2013-09-03 17:02 - 2013-09-04 07:43 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\BabSolution
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\DSite
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Babylon
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\ProgramData\Babylon
2013-09-03 17:01 - 2013-09-03 17:01 - 00714816 _____ C:\Users\FamilyRoom\Downloads\ZipOpenerSetup.exe
2013-09-03 17:00 - 2013-09-03 17:00 - 00000568 _____ C:\Users\FamilyRoom\Downloads\fixlist.txt
2013-09-03 17:00 - 2013-09-03 17:00 - 00000568 _____ C:\Users\FamilyRoom\Desktop\fixlist.txt
2013-09-02 15:49 - 2013-09-02 15:49 - 00081764 _____ C:\Users\FamilyRoom\Desktop\Addition.txt
2013-09-02 15:49 - 2013-09-02 15:49 - 00000000 ____D C:\FRST
2013-09-02 14:07 - 2013-09-02 14:07 - 00218496 _____ C:\Users\FamilyRoom\Desktop\OTL_130902.Txt
2013-09-02 14:00 - 2013-09-02 14:00 - 00218496 _____ C:\Users\FamilyRoom\Desktop\OTL.Txt
2013-09-01 15:57 - 2013-09-08 08:41 - 00000000 ___SD C:\32788R22FWJFW
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 ____D C:\Windows\erdnt
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 ____D C:\Qoobox
2013-08-30 06:42 - 2013-08-30 06:42 - 00010108 _____ C:\Users\FamilyRoom\Desktop\08292013_075635.log
2013-08-29 18:23 - 2013-08-29 18:18 - 04745728 _____ (AVAST Software) C:\Users\FamilyRoom\Desktop\aswMBR.exe
2013-08-29 17:03 - 2013-08-29 18:18 - 04745728 _____ (AVAST Software) C:\Users\FamilyRoom\Downloads\aswMBR.exe
2013-08-29 17:02 - 2013-08-29 17:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\FamilyRoom\Desktop\tdsskiller.exe
2013-08-29 17:01 - 2013-08-29 17:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\FamilyRoom\Downloads\tdsskiller.exe
2013-08-29 07:56 - 2013-08-29 07:56 - 00000000 ____D C:\_OTL
2013-08-29 07:55 - 2013-08-28 13:59 - 00069028 _____ C:\Users\FamilyRoom\Desktop\Extras.Txt
2013-08-29 07:55 - 2013-08-28 13:34 - 00602112 _____ (OldTimer Tools) C:\Users\FamilyRoom\Desktop\OTL.exe
2013-08-29 07:47 - 2013-08-29 07:47 - 00295941 ____H C:\Users\FamilyRoom\Desktop\~WRL0003.tmp
2013-08-28 17:54 - 2013-08-28 17:54 - 00000000 ____D C:\Windows\SysWOW64\Dell
2013-08-28 14:13 - 2013-08-28 14:13 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-28 14:13 - 2013-08-28 13:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\FamilyRoom\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-28 09:20 - 2013-08-28 09:20 - 04491784 _____ (AVG Technologies) C:\Users\FamilyRoom\Downloads\avg_avct_stb_all_2013_3392 (1).exe
2013-08-27 22:18 - 2013-08-27 22:18 - 00000148 _____ C:\Users\FamilyRoom\Documents\Sierra_Piano.txt
2013-08-27 18:06 - 2013-08-27 18:06 - 04491784 _____ (AVG Technologies) C:\Users\FamilyRoom\Downloads\avg_avct_stb_all_2013_3392.exe
2013-08-26 18:50 - 2013-09-08 10:23 - 01433390 _____ C:\Windows\WindowsUpdate.log
2013-08-26 18:30 - 2013-08-26 18:30 - 00040226 _____ C:\Users\FamilyRoom\Documents\cc_20130826_183007.reg
2013-08-26 18:28 - 2013-08-26 18:28 - 04454952 _____ (Piriform Ltd) C:\Users\FamilyRoom\Downloads\ccsetup405.exe
2013-08-26 17:45 - 2013-08-26 17:45 - 00003360 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3130090504-1924379729-1071845134-1000
2013-08-26 17:45 - 2013-08-26 17:45 - 00003236 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3130090504-1924379729-1071845134-1000
2013-08-26 15:41 - 2013-08-26 15:42 - 00458052 _____ C:\Users\FamilyRoom\Documents\AVSDK5_UNINST.LOG
2013-08-26 13:08 - 2013-08-26 13:08 - 00000000 ____D C:\ProgramData\ATI
2013-08-23 17:46 - 2013-08-23 17:46 - 00000329 _____ C:\Users\FamilyRoom\Desktop\HP Printer Diagnostic Tools.url
2013-08-20 21:24 - 2013-09-01 16:34 - 00001574 _____ C:\Users\FamilyRoom\Documents\real_faith.txt
2013-08-17 15:44 - 2013-08-17 15:44 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{521B17B6-6E91-48CF-9B55-13039EB2BCFB}
2013-08-15 16:38 - 2013-08-15 16:38 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{93A27973-C774-4C0B-9478-1387A50DE4C8}
2013-08-14 03:05 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 03:05 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 03:05 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 03:05 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 03:05 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 03:05 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 03:05 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 03:05 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 03:05 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 03:05 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 03:05 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 03:05 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 18:00 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 18:00 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 18:00 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 18:00 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 18:00 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 18:00 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 18:00 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 18:00 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 18:00 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 18:00 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 18:00 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 18:00 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 18:00 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 18:00 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 18:00 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 18:00 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 18:00 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 18:00 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 18:00 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 18:00 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 18:00 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 18:00 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 18:00 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 18:00 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 18:00 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 18:00 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 18:00 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 08:09 - 2013-08-11 08:09 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{11420282-3995-4012-ABBC-6539FF4E1207}

==================== One Month Modified Files and Folders =======

2013-09-08 12:56 - 2013-01-23 10:41 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Skype
2013-09-08 12:55 - 2013-09-08 12:54 - 00001517 _____ C:\Users\FamilyRoom\Downloads\FRST64 (2).exe - Shortcut.lnk
2013-09-08 12:53 - 2013-09-08 12:53 - 01948988 _____ (Farbar) C:\Users\FamilyRoom\Downloads\FRST64 (2).exe
2013-09-08 12:49 - 2013-09-07 07:13 - 00000401 _____ C:\Users\FamilyRoom\Desktop\intructions_2.txt
2013-09-08 12:47 - 2012-10-09 11:50 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000UA.job
2013-09-08 12:47 - 2012-10-09 11:50 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000Core.job
2013-09-08 12:47 - 2012-04-20 17:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 12:47 - 2011-07-12 19:27 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-08 10:23 - 2013-08-26 18:50 - 01433390 _____ C:\Windows\WindowsUpdate.log
2013-09-08 10:01 - 2013-05-21 13:20 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-09-08 10:01 - 2013-02-18 14:23 - 00098335 _____ C:\Windows\system32\lvcoinst.log
2013-09-08 09:06 - 2011-09-29 08:39 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Spotify
2013-09-08 08:47 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-08 08:47 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-08 08:43 - 2013-09-03 19:56 - 00000396 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_FamilyRoom.job
2013-09-08 08:43 - 2011-07-12 19:27 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 08:43 - 2010-08-30 15:48 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-09-08 08:43 - 2010-08-30 15:48 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-09-08 08:43 - 2010-08-30 15:24 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-08 08:42 - 2013-09-04 10:02 - 00000168 _____ C:\Windows\setupact.log
2013-09-08 08:42 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-08 08:41 - 2013-09-01 15:57 - 00000000 ___SD C:\32788R22FWJFW
2013-09-08 08:36 - 2013-09-08 08:36 - 00013537 _____ C:\Users\FamilyRoom\Desktop\ComboFix.exe - Shortcut.lnk
2013-09-08 08:35 - 2013-09-08 08:35 - 05120615 ____R (Swearware) C:\Users\FamilyRoom\Downloads\ComboFix.exe
2013-09-07 22:17 - 2013-09-04 13:47 - 00012930 _____ C:\Windows\PFRO.log
2013-09-07 22:12 - 2013-09-07 21:39 - 00000000 ___SD C:\ComboFix
2013-09-07 20:02 - 2013-09-03 19:56 - 00003000 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_FamilyRoom
2013-09-07 20:02 - 2013-09-03 19:56 - 00002996 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_FamilyRoom
2013-09-07 20:02 - 2013-09-03 19:56 - 00000390 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_FamilyRoom.job
2013-09-07 20:02 - 2013-09-03 19:56 - 00000386 _____ C:\Windows\Tasks\ReclaimerUpdateXML_FamilyRoom.job
2013-09-06 22:19 - 2013-05-25 14:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-06 22:19 - 2010-08-30 15:32 - 00000000 ____D C:\ProgramData\Skype
2013-09-05 21:00 - 2013-09-05 21:00 - 00001542 _____ C:\Users\FamilyRoom\Desktop\RKreport[0]_SC_09052013_210017.txt
2013-09-05 20:57 - 2013-01-26 15:11 - 00529408 ___SH C:\Users\FamilyRoom\Documents\Thumbs.db
2013-09-05 20:50 - 2013-09-05 20:50 - 00005087 _____ C:\Users\FamilyRoom\Desktop\RKreport[0]_D_09052013_205054.txt
2013-09-05 20:50 - 2013-09-04 15:09 - 00000000 ____D C:\Users\FamilyRoom\Desktop\RK_Quarantine
2013-09-05 20:47 - 2013-09-05 20:47 - 00004820 _____ C:\Users\FamilyRoom\Desktop\RKreport[0]_S_09052013_204720.txt
2013-09-05 20:37 - 2013-09-05 20:37 - 00004786 _____ C:\Users\FamilyRoom\Desktop\RKreport[0]_S_09052013_203714.txt
2013-09-04 15:52 - 2013-09-04 15:52 - 04745728 _____ (AVAST Software) C:\Users\FamilyRoom\Downloads\aswmbr (1).exe
2013-09-04 15:17 - 2013-09-04 15:17 - 00009893 _____ C:\Users\FamilyRoom\Desktop\AdwCleaner[R0].txt
2013-09-04 15:16 - 2013-09-04 15:15 - 00000000 ____D C:\AdwCleaner
2013-09-04 15:14 - 2013-09-04 15:14 - 01037222 _____ C:\Users\FamilyRoom\Downloads\AdwCleaner.exe
2013-09-04 15:14 - 2013-09-04 15:14 - 01037222 _____ C:\Users\FamilyRoom\Desktop\AdwCleaner.exe
2013-09-04 15:08 - 2013-09-04 15:08 - 03787264 _____ C:\Users\FamilyRoom\Downloads\RogueKillerX64 (2).exe
2013-09-04 15:08 - 2013-09-04 15:08 - 03787264 _____ C:\Users\FamilyRoom\Desktop\RogueKillerX64 (2).exe
2013-09-04 14:50 - 2013-09-04 14:49 - 00044119 _____ C:\Users\FamilyRoom\Desktop\FRST.txt
2013-09-04 14:47 - 2013-09-04 14:47 - 00001925 _____ C:\Users\FamilyRoom\Desktop\aswMBR.txt
2013-09-04 14:47 - 2013-09-04 14:47 - 00000512 _____ C:\Users\FamilyRoom\Desktop\MBR.dat
2013-09-04 13:57 - 2013-09-04 13:24 - 00023780 _____ C:\Users\FamilyRoom\Desktop\09042013_132309.log
2013-09-04 13:24 - 2012-12-30 14:13 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-04 10:02 - 2013-09-04 10:02 - 00000000 _____ C:\Windows\setuperr.log
2013-09-04 07:43 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\BabSolution
2013-09-04 07:43 - 2012-10-05 19:48 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\Unity
2013-09-04 07:31 - 2013-09-04 07:31 - 00110080 _____ (Thomas Hoen - T-Tools) C:\Users\FamilyRoom\Downloads\BitRemover.exe
2013-09-04 07:31 - 2013-09-04 07:31 - 00110080 _____ (Thomas Hoen - T-Tools) C:\Users\FamilyRoom\Desktop\BitRemover.exe
2013-09-03 19:56 - 2013-09-03 19:56 - 00003642 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_FamilyRoom
2013-09-03 19:56 - 2013-09-03 19:56 - 00002704 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_FamilyRoom
2013-09-03 19:02 - 2013-09-03 19:02 - 00000056 _____ C:\Users\FamilyRoom\AppData\Roaming\WB.CFG
2013-09-03 17:42 - 2010-09-19 12:10 - 00000000 ____D C:\Users\FamilyRoom\Documents\1_3_2010
2013-09-03 17:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-03 17:04 - 2013-09-03 17:03 - 01950416 _____ (Farbar) C:\Users\FamilyRoom\Downloads\FRST64.exe
2013-09-03 17:04 - 2010-09-04 22:25 - 00000000 ____D C:\Users\FamilyRoom
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\DSite
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Babylon
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\ProgramData\Babylon
2013-09-03 17:01 - 2013-09-03 17:01 - 00714816 _____ C:\Users\FamilyRoom\Downloads\ZipOpenerSetup.exe
2013-09-03 17:00 - 2013-09-03 17:00 - 00000568 _____ C:\Users\FamilyRoom\Downloads\fixlist.txt
2013-09-03 17:00 - 2013-09-03 17:00 - 00000568 _____ C:\Users\FamilyRoom\Desktop\fixlist.txt
2013-09-03 16:58 - 2010-12-30 23:57 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Apple Computer
2013-09-02 15:49 - 2013-09-02 15:49 - 00081764 _____ C:\Users\FamilyRoom\Desktop\Addition.txt
2013-09-02 15:49 - 2013-09-02 15:49 - 00000000 ____D C:\FRST
2013-09-02 14:07 - 2013-09-02 14:07 - 00218496 _____ C:\Users\FamilyRoom\Desktop\OTL_130902.Txt
2013-09-02 14:00 - 2013-09-02 14:00 - 00218496 _____ C:\Users\FamilyRoom\Desktop\OTL.Txt
2013-09-01 21:17 - 2013-04-05 21:26 - 00000000 ____D C:\Users\FamilyRoom\Documents\Doctor Who
2013-09-01 16:34 - 2013-08-20 21:24 - 00001574 _____ C:\Users\FamilyRoom\Documents\real_faith.txt
2013-09-01 16:08 - 2011-04-04 19:44 - 00000392 _____ C:\Windows\SysWOW64\iolo.ini.txt
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 ____D C:\Windows\erdnt
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 ____D C:\Qoobox
2013-09-01 15:57 - 2009-07-14 01:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-01 07:37 - 2012-01-03 20:04 - 00000000 ____D C:\Users\FamilyRoom\Documents\Teen SS
2013-09-01 00:09 - 2010-09-19 12:09 - 00000000 ____D C:\Users\FamilyRoom\Documents\Sierrainvention
2013-08-30 12:00 - 2012-10-03 17:05 - 03409230 _____ C:\Users\FamilyRoom\Documents\AWESOME HAIR STYLES.pptx
2013-08-30 06:42 - 2013-08-30 06:42 - 00010108 _____ C:\Users\FamilyRoom\Desktop\08292013_075635.log
2013-08-29 18:18 - 2013-08-29 18:23 - 04745728 _____ (AVAST Software) C:\Users\FamilyRoom\Desktop\aswMBR.exe
2013-08-29 18:18 - 2013-08-29 17:03 - 04745728 _____ (AVAST Software) C:\Users\FamilyRoom\Downloads\aswMBR.exe
2013-08-29 17:01 - 2013-08-29 17:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\FamilyRoom\Desktop\tdsskiller.exe
2013-08-29 17:01 - 2013-08-29 17:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\FamilyRoom\Downloads\tdsskiller.exe
2013-08-29 16:54 - 2013-04-11 07:44 - 00000000 ____D C:\ProgramData\MFAData
2013-08-29 16:53 - 2013-04-11 07:44 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\Avg2013
2013-08-29 07:56 - 2013-08-29 07:56 - 00000000 ____D C:\_OTL
2013-08-29 07:47 - 2013-08-29 07:47 - 00295941 ____H C:\Users\FamilyRoom\Desktop\~WRL0003.tmp
2013-08-28 17:54 - 2013-08-28 17:54 - 00000000 ____D C:\Windows\SysWOW64\Dell
2013-08-28 17:54 - 2010-08-30 15:44 - 00000000 ____D C:\Program Files (x86)\Dell
2013-08-28 15:01 - 2013-02-08 22:37 - 00000000 ____D C:\Program Files (x86)\Unfriend Checker
2013-08-28 14:13 - 2013-08-28 14:13 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-28 14:13 - 2012-12-30 23:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-28 13:59 - 2013-08-29 07:55 - 00069028 _____ C:\Users\FamilyRoom\Desktop\Extras.Txt
2013-08-28 13:37 - 2013-08-28 14:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\FamilyRoom\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-28 13:34 - 2013-08-29 07:55 - 00602112 _____ (OldTimer Tools) C:\Users\FamilyRoom\Desktop\OTL.exe
2013-08-28 09:35 - 2011-04-04 19:39 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-08-28 09:20 - 2013-08-28 09:20 - 04491784 _____ (AVG Technologies) C:\Users\FamilyRoom\Downloads\avg_avct_stb_all_2013_3392 (1).exe
2013-08-27 22:18 - 2013-08-27 22:18 - 00000148 _____ C:\Users\FamilyRoom\Documents\Sierra_Piano.txt
2013-08-27 18:06 - 2013-08-27 18:06 - 04491784 _____ (AVG Technologies) C:\Users\FamilyRoom\Downloads\avg_avct_stb_all_2013_3392.exe
2013-08-26 18:47 - 2011-04-04 19:34 - 00000000 ____D C:\ProgramData\iolo
2013-08-26 18:39 - 2012-12-30 14:16 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-26 18:36 - 2012-12-30 14:34 - 00004342 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-08-26 18:30 - 2013-08-26 18:30 - 00040226 _____ C:\Users\FamilyRoom\Documents\cc_20130826_183007.reg
2013-08-26 18:28 - 2013-08-26 18:28 - 04454952 _____ (Piriform Ltd) C:\Users\FamilyRoom\Downloads\ccsetup405.exe
2013-08-26 18:28 - 2012-12-30 23:11 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-26 18:28 - 2011-12-03 20:11 - 00000000 ____D C:\Program Files\CCleaner
2013-08-26 18:13 - 2012-04-20 17:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-26 18:13 - 2012-04-20 17:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-26 18:13 - 2012-04-20 17:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-26 17:48 - 2010-09-05 11:00 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\HpUpdate
2013-08-26 17:45 - 2013-08-26 17:45 - 00003360 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3130090504-1924379729-1071845134-1000
2013-08-26 17:45 - 2013-08-26 17:45 - 00003236 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3130090504-1924379729-1071845134-1000
2013-08-26 17:11 - 2011-11-29 07:08 - 00000000 ____D C:\Windows\system32\Macromed
2013-08-26 17:11 - 2010-08-30 15:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-08-26 17:11 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-26 17:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-26 17:10 - 2011-08-01 22:42 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-08-26 17:10 - 2010-09-05 10:54 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-26 17:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-26 17:09 - 2011-04-04 18:14 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\PCDr
2013-08-26 17:07 - 2012-11-14 22:43 - 00000000 ____D C:\ProgramData\Real
2013-08-26 17:07 - 2012-03-09 10:26 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-08-26 17:07 - 2011-08-01 22:41 - 00000000 ____D C:\Program Files\ATI Technologies
2013-08-26 17:06 - 2012-12-22 09:58 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-08-26 15:42 - 2013-08-26 15:41 - 00458052 _____ C:\Users\FamilyRoom\Documents\AVSDK5_UNINST.LOG
2013-08-26 13:08 - 2013-08-26 13:08 - 00000000 ____D C:\ProgramData\ATI
2013-08-26 13:07 - 2011-08-01 22:42 - 00000000 ____D C:\ProgramData\AMD
2013-08-26 07:01 - 2010-08-30 17:47 - 00000000 ____D C:\Windows\Panther
2013-08-24 20:38 - 2013-01-01 19:06 - 90456064 _____ C:\Windows\system32\config\software.iobit
2013-08-24 20:38 - 2013-01-01 19:06 - 18018304 _____ C:\Windows\system32\config\system.iobit
2013-08-24 20:38 - 2013-01-01 19:06 - 00528384 _____ C:\Windows\system32\config\default.iobit
2013-08-24 20:38 - 2013-01-01 19:06 - 00061440 _____ C:\Windows\system32\config\sam.iobit
2013-08-24 20:38 - 2013-01-01 19:06 - 00024576 _____ C:\Windows\system32\config\security.iobit
2013-08-23 17:46 - 2013-08-23 17:46 - 00000329 _____ C:\Users\FamilyRoom\Desktop\HP Printer Diagnostic Tools.url
2013-08-23 15:14 - 2011-01-21 21:48 - 00000000 ____D C:\Users\FamilyRoom\Documents\My Scans
2013-08-18 20:33 - 2011-02-02 12:40 - 00000000 ____D C:\BigFishGamesCache
2013-08-17 15:46 - 2013-07-20 10:27 - 00025097 _____ C:\Users\FamilyRoom\Downloads\ws_simple_gallifreyan.zip
2013-08-17 15:45 - 2010-10-20 08:54 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\Windows Live
2013-08-17 15:44 - 2013-08-17 15:44 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{521B17B6-6E91-48CF-9B55-13039EB2BCFB}
2013-08-15 16:38 - 2013-08-15 16:38 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{93A27973-C774-4C0B-9478-1387A50DE4C8}
2013-08-14 09:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 03:03 - 2013-07-15 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 03:01 - 2010-09-18 00:33 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-11 08:09 - 2013-08-11 08:09 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{11420282-3995-4012-ABBC-6539FF4E1207}

Files to move or delete:
====================
C:\Users\FAMILY~1\AppData\Local\Temp\SkypeSetup.exe
C:\Users\FAMILY~1\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 00:26

==================== End Of Log ============================
  • 0

#38
godawgs
Posted 08 September 2013 - 11:11 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I don't see any evidence of the system links or junction points in the new FRSt scan so the ZeroAccess has finally been killed. But it did show some additional IE and Chrome settings and files and folders that need to be removed. And then we can see about getting an antivirus program on the system. But before we do that I need to ask if you have installed anything that I haven't asked for since we started this clean up process? I ask because the new FRST scan shows that folders for BabSolution, DSite and Babylon were created on 9/3/2013.

2013-09-03 17:02 - 2013-09-04 07:43 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\BabSolution
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\DSite
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Babylon
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\ProgramData\Babylon


  • 0

#39
k_barta2005
Posted 09 September 2013 - 05:45 PM

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I see what your're talking about. I found two programs that I had accidentally downloaded when I was trying to download one of the other programs. I went ahead and uninstalled them. What do you want me to do now?
  • 0

#40
godawgs
Posted 09 September 2013 - 10:25 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Can you tell me what the programs that you uninstalled were please?
  • 0

Advertisements

#41
k_barta2005
Posted 10 September 2013 - 05:13 AM

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
They were Zip Opener Packages and Update for Zip Opener.
  • 0

#42
godawgs
Posted 10 September 2013 - 03:07 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Step-1.

A.
Change the Chrome HomePage

Open the Chrome browser.
  • Click on the Chrome menu icon, located in the upper right hand corner of your browser window. When the drop-down menu appears, select the choice labeled Settings. (See image below)

    Posted Image
  • Chrome's Options should now be displayed in a new tab or window, depending on your settings. (See the image below)

    Posted Image
  • Click on Settings in the left menu pane, if it is not already selected.
  • Next, locate the Appearance section.
    • By default, the Home button is not visible on Chrome's main toolbar and the Show Home button option is disabled.
  • First, activate this option by clicking on the empty check box next to Show Home button.
  • When the Show Home button checkbox is selected, a web address appears below it. If you want the Homepage button to open up a different webpage, click Change and enter the new address, like http://www.google.com.
  • Finally, once you are satisfied with your new setting, click on the OK button.
B.
Delete a Google Chrome extension:

Open the Chrome browser:

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Click Tools.
  • Select Extensions. A page like the one shown below will open:
    Posted Image
  • Look for any WhiteSmoke and [oelbclnhkbhlhikfmpmbakbgeonbjjnp] items. If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
  • A confirmation dialog will appear, click Remove.

Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has fininshed the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-3

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT.exe file and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-4.

Farbar Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Download the attached fixlist.txt file and save it to the same location where the program is. (It should be the desktop)
  • Please re-open the Farbar Scan tool. To do that:
  • Right click the FRSTT64.exe file to run the program.
  • Press the Fix button just once and wait. The tool will make a log (Fixlog.txt). Please post it in your next reply.
    The Fixlog.txt file can also be found in the same location that the program was run from.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if you had any problems changing the chrome home page or finding the extensions.
2. The AdwCleaner[S1].txt log
3. The JRT.txt log
4. The Fixlog.txt log
5. How is the computer running now?
  • 0

#43
k_barta2005
Posted 12 September 2013 - 05:31 AM

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1. Initially I did not have any problems setting the home page or with the extensions, but after I rebooted the computer following the JRT scan, the home page was no longer set and when after clicking on the Chrome browser a little window pops up that says: "Your preferences cannot be read. Some features may be unavailable and changes to preferences won't be saved."

2. # AdwCleaner v3.003 - Report created 11/09/2013 at 07:25:29
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : FamilyRoom - FAMILYROOM-PC
# Running from : C:\Users\FamilyRoom\Downloads\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\FamilyRoom\AppData\LocalLow\WhiteSmoke_B
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\d68bd9b73be541
Key Deleted : HKLM\SOFTWARE\d68bd9b73be541
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2901C264-FCCB-4A2D-A8B8-9CD6FA4FC366}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0428D41-23BE-46B5-8C9F-D3991660D732}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_B
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\WhiteSmoke_B

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [9893 octets] - [04/09/2013 15:15:57]
AdwCleaner[R1].txt - [5131 octets] - [11/09/2013 07:24:41]
AdwCleaner[S0].txt - [5029 octets] - [11/09/2013 07:25:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5089 octets] ##########




3. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Home Premium x64
Ran by FamilyRoom on Wed 09/11/2013 at 7:16:58.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3130090504-1924379729-1071845134-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3130090504-1924379729-1071845134-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\giant savings_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\giant savings_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPIP_X-SD_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPIP_X-SD_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_testdisk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_testdisk_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPIP_X-SD_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPIP_X-SD_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_testdisk_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_testdisk_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4E5655CD-B292-4F76-90A3-CCB46D627E8E}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\FamilyRoom\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\FamilyRoom\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\FamilyRoom\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\FamilyRoom\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\FamilyRoom\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\FamilyRoom\appdata\local\big fish"
Successfully deleted: [Folder] "C:\Users\FamilyRoom\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\FamilyRoom\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\FamilyRoom\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\FamilyRoom\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\bigfishcache"
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{021643CB-605A-4FE2-9007-ABFFFB9432F1}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{0343B54E-5246-44A4-9FE4-2F035B7C7BBD}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{0445B767-1DBA-4CCA-9A82-E462A2CF13F1}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{05C8C46D-5A73-4A0C-8583-68E834BB9B3A}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{0750F2C1-983E-4EA5-B526-BE51D8DF99D2}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{0766D3F7-20F2-4A96-B23A-B537F08446D3}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{083603D6-E75F-4902-B34F-3018EC440731}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{0918EB45-869F-4A49-A564-86D84EA72CC5}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{0D5F45C2-BD07-4D3A-9FA5-B8A5EB346974}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{0E9B9B74-F05A-42DC-AA1D-A8195C03DA24}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{11420282-3995-4012-ABBC-6539FF4E1207}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{117B4F08-C773-4297-A74D-47ABD6592154}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{13082AB4-3530-41DA-BE81-2FB847C78951}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{13851BB5-9E7B-4244-898B-DCDC276514BB}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{14DD3A73-34B7-4F16-94CD-B4ED708A210B}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{14F9506B-9F62-48C2-81A3-CD361C513972}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{15E82D6F-7610-4D43-A3C9-D568E15191F5}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{176E0FDD-4795-4FE4-A630-46B240AFA407}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{1801E690-9477-4631-9ECD-5C6B4335057C}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{1871F0B7-D7FF-47FD-9F44-D55C9B46CF0E}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{18C732FF-2CA8-4E4F-BC46-E7B3D9E110F1}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{19D068DD-EA1A-4523-A4E7-87BE85A5E72D}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{1A7F03BA-18A5-40C1-9634-01902E8AA4E2}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{1AEDECF1-8636-41B4-B982-8A742BF6E3D2}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{1BDD40EF-8020-41F8-A8A2-9B48E6F320E4}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{1E62C0A4-C09A-432A-8E1B-F01C75DB8151}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{1F07C7DD-BEBA-4D1D-B701-3F521BF86CE8}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{2079603B-57A0-4E81-856B-E7480BB359AA}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{21666071-A209-4512-A1E0-C04C0EC5E683}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{216CD619-26FB-473B-8CAD-C243C1C5B6DC}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{2519D28A-4533-422E-95EC-A8A462EF13DD}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{27D0C18B-B0B0-4A4B-A563-8B10FAC937BC}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{28435C13-35C3-481E-9F09-D5DBC7987CD0}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{286B04DB-B12A-49F1-9F96-3589E2C13499}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{2C90306E-6D22-403C-9460-C4FD53BAF576}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{2C920650-FAE0-461B-87B9-CA55485176F5}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{2E2D2270-35DA-4748-8CB7-DF617FDA9E24}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{2F9BDBA2-12B5-4C77-9F03-C9BA407EBE11}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{334D1EFC-10A7-4A61-A77C-D83360E83994}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{3405858D-C8C3-49B9-8FCC-C2C47AEE30E3}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{36431639-9F33-4F5D-ACB7-4C9CE208E320}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{3652AC67-8A00-411A-8B34-F7D83B5EA691}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{388469D4-C337-429B-BF55-26F8E3FD5E2D}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{39FBFB2A-A261-4937-848F-6D1F4DBA2B98}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{3A724E66-DF58-46A1-B4C3-5E28FCCDE8CC}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{3B9A3C8D-6BA9-434D-A400-2BA81BAFDC87}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{3BF4E571-517B-4D9E-9D9C-288C3DBA9D92}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{3C042118-6799-46D5-B8E7-F626399056DC}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{3D748E4E-F995-4313-96F5-2061B3E6E442}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{3F8E7234-C53D-4830-AFC3-5B11E324D6FA}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{40F33A00-14E3-4E6A-B14F-1E499D82A6FF}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{42FDB482-DADC-4166-9BCE-6EBFE77B5917}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{46A5CDBD-4135-4529-A1CE-857E45EB4EDB}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{46D05508-F408-4ABE-B4AA-63A2DD48A1B0}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{4A04C977-D1C8-443F-BC07-8F5729338D08}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{50BE504E-A015-44B8-A818-25743A63430F}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{5181D758-81CD-43F2-96FF-B78E5D7D53A2}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{521B17B6-6E91-48CF-9B55-13039EB2BCFB}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{54DECB8F-9624-4967-B17A-E5119CB37BB3}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{56273620-DCD6-4DF6-A309-8448AB3A6A8B}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{572BE4AF-86E6-4369-9C3D-A974B4C3238E}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{57EC4BE7-2E3E-4E3E-A0CA-6C7362E4AB56}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{59C3A3A3-8192-46B1-8465-D4E289703589}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{5E28620E-C13A-4C9F-A5F6-31F49F9C2584}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{5E9CEFD4-F316-4BAD-8574-4C6F6E48AE63}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{5F14F046-F3C0-4DF1-89F6-F1D90FCD4033}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{5F2DBE94-4927-4115-ADD1-65D23ECBC7CB}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{5F4ADE7F-A043-4B8B-9A44-6AC32FBB69B9}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{5F5DD32E-4E69-41F6-BC6A-3894B779B6B8}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{621B8DFF-2B45-4812-A476-30C5B242E00F}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{62A0B4DC-472A-4B95-B745-969959C2B1FF}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{6350796E-21A9-4B1D-AB2A-ECBA72474DFC}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{69915DE4-E7A2-4DC1-BD4E-456258A38456}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{69BB8790-0ECA-4B06-BCB5-B11DAF77DBF5}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{6CD6865C-5D3D-48D6-BB8E-C4ADDF089A88}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{74B2362B-A99F-4B42-AD67-303A07616D59}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{74E2B0B7-DF7C-4C44-A979-98186D11549A}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{75407D61-B5A6-4F60-AC87-7ED953FD35CF}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{77C95925-BF60-49A5-8C2F-D9B3F4AA1D3C}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{78D36ADB-1476-4EBA-98E9-9C0A7671D9D7}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{792D29DF-A350-4460-9E3B-EABED3955B58}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{7B21E77D-CA5E-4A5C-83C9-063884C6767D}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{7C001B99-E452-4E61-8DEC-2C9BC0004D14}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{7D120937-F514-4840-A2BA-4D82DE2B1C03}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{7DDAB837-6A58-4C0D-BB23-F9DF60FE1573}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{87DBA3F2-AAE2-4ACF-94A3-B9EE21A8160D}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{892A5FAB-14B2-444D-85D7-5784742A174D}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{8B11CA4A-E655-4519-91EF-A888F862AE34}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{8C46CC31-F1A0-4CFF-9DD2-EF1ED33F178E}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{8C4EA7C3-323D-4143-A163-E39F77E9A7FB}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{90DFAACC-C262-4C63-BEE2-CF5355A59EE8}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{9161901D-2642-47E5-A030-9DD03AF742D4}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{91A5B34C-EBA2-49E5-B8CD-1D20B45BA150}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{91B53F5F-4C9F-4E16-98D0-6228C221996E}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{93A27973-C774-4C0B-9478-1387A50DE4C8}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{93E2CDA2-5193-442C-95B7-971374B73C50}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{95CC7233-F83B-4701-B475-DF3CD55C7322}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{97084234-199F-493F-BBE2-2E5D8A0457E9}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{976188C9-28FE-40D7-8121-B948EE89BEC3}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{97B16634-45F3-4291-A8DD-E78C41C7A189}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{98730DE6-DA64-46EF-89FF-39A32FA5798D}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{9974FB7F-F6EA-470A-BF68-1E45B850D0F2}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{9BB0D28A-25E8-4C3E-86D0-FD90328E7D80}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{9EC6C0D3-9934-499F-9DFA-1EFA5E7BAA3C}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{A06CB8AD-210F-40C3-8C6B-0A997CF4C03B}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{A2BB2A30-E3D4-4BE5-8326-D86BB7BA0E38}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{A50C4657-B26C-46E7-8F98-2A279B103DCF}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{A5FF97AA-7453-49EA-84B5-47B1A8131976}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{A6E7C101-0E92-46EA-BE81-5C2E7681C546}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{AA697A0E-99E6-479E-93DB-71E000504EC3}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{AC9D371A-FEC7-4EA9-98E4-959D25F0AD52}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{B01AAE0D-98EF-46B9-B60E-9E6025C710AD}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{B090A5B4-3147-48A8-BE11-B77951CA9ECE}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{B4DB140E-CCA3-4BFC-AABF-A6374F682602}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{B6503E15-5FD4-4BA6-86DF-01B1890DC7BF}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{B97D8279-3E83-4D84-93CC-231AAC4BF34D}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{BCD3DDC9-B999-4608-98A2-702555D783AD}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{BE7CF0BE-DA60-4D13-8CFE-4D415582BBEA}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{C33743C6-3F79-40B5-B871-E03817FBD955}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{C8BE758F-329B-446C-A81B-F799C087A008}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{C906CBA2-46AB-4409-8F15-B1180592E48B}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{C9C5E150-298B-486F-B1A5-B3EBFC452D16}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{CA435227-438D-4308-85CF-A4793C1470A1}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{CCB5BCD2-D779-45ED-87ED-ABE3437BE9E7}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{CD8E0DE3-9C81-4945-80C0-E39FE82298AB}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{CECAB9A9-B661-4027-B535-F77280645484}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{D12FC69E-30D0-4D9F-AFE7-185390E25FD5}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{D20C3F12-1084-4F67-AEF8-3E7624EAF3DB}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{D47B47AF-BA0D-465F-861D-28763E1DA72C}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{D75B33ED-3248-41B7-A1E9-F85FCB8C4AD1}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{D90C8AB6-9A22-4F36-8A31-FB685871AD9D}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{D9F85D96-9109-4DF7-83BD-B4DACF0D5845}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{DE91BFFB-3DAE-4BF9-AC2A-96EEB93AB184}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{E2407D16-9809-45C4-BED9-A45502FBC677}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{E36FC87A-4329-4D85-AF65-DA913F9AB35E}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{E47205F6-19D5-42C2-A76A-2639921CA465}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{E7116D1C-8816-4662-B15D-28532F81A513}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{E8019891-5EC3-4200-A9E6-0C6ABDF3F53F}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{E83FBE97-E7C3-4CB2-A039-D51A893BC4A0}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{EC0BF87B-75E5-42E2-96D3-1D7B36BF3389}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{ED52D30A-6956-4437-9C7E-FC79804DB3A7}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{EDC3BAAE-5036-4C65-8EC1-5F576EB9D442}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{EDD2CEA8-11DF-4F0A-9501-12E127A68E64}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{F03B26A5-044A-4505-9AC6-7B214CEEEBF2}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{F0CBF2BD-DDCC-4438-975A-40865B8C8A96}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{F2C12924-456A-461F-804E-D0457FE1E6A7}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{F37744D9-72FD-431E-9F7D-3AEB15ACDC01}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{F8355FE0-3849-4A85-B458-8D4FCC34A02C}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{F9EB94FA-1B49-404F-8293-82F400CA99EB}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{FC3EAF1A-4432-4FBF-823A-3F508A371E4D}
Successfully deleted: [Empty Folder] C:\Users\FamilyRoom\appdata\local\{FF100E5E-51B4-449D-8C59-8550C5004A04}
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/11/2013 at 7:21:51.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



4. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013 01
Ran by FamilyRoom at 2013-09-11 17:10:37 Run:7
Running from C:\Users\FamilyRoom\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{7df4b1d4-52bd-5978-c5c3-5549945bfe7e}\ \...\???\{7df4b1d4-52bd-5978-c5c3-5549945bfe7e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{7df4b1d4-52bd-5978-c5c3-5549945bfe7e}
C:\Users\FamilyRoom\GoToAssistDownloadHelper.exe
C:\Users\FAMILY~1\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe
C:\Users\FAMILY~1\AppData\Local\Temp\Low\UnityWebPlayer\UnityWebPlayerUpdate.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
*****************

*etadpug => Service not found.
"C:\Program Files (x86)\Google\Desktop\Install\{7df4b1d4-52bd-5978-c5c3-5549945bfe7e}" => File/Directory not found.
"C:\Users\FamilyRoom\GoToAssistDownloadHelper.exe" => File/Directory not found.
"C:\Users\FAMILY~1\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe" => File/Directory not found.
"C:\Users\FAMILY~1\AppData\Local\Temp\Low\UnityWebPlayer\UnityWebPlayerUpdate.exe" => File/Directory not found.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

5. The computer is running well. (As well as you can expect it to run with a virus)I haven't had any trouble with accessing any websites or running any of our normal programs. The only thing that isn't running right is when I try to upload pictures from a camera memory card, a box comes up and says "The following error occurred while importing your image: Access denied" and then it closes out the window, so we aren't able to import any pictures onto the computer.

Edited by k_barta2005, 12 September 2013 - 05:32 AM.

  • 0

#44
godawgs
Posted 12 September 2013 - 08:51 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Initially I did not have any problems setting the home page or with the extensions, but after I rebooted the computer following the JRT scan, the home page was no longer set and when after clicking on the Chrome browser a little window pops up that says: "Your preferences cannot be read. Some features may be unavailable and changes to preferences won't be saved."

Looks like it was AdwCleaner that deleted a file in the Chrome User Data folder that it shouldn't have.


Step-1.

  • Run AdwCleaner again. When the program open up don't click Scan or Delete or anything. Instead look for the Tools menu in the Menu bar at the top of the window.
  • Click Tools and then click Quarantine manager. The Quarantine manager should open up with a list of everything that AdwCleaner deleted in the last run. Find the following entry:

    C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
  • Click the box beside it. This will put a checkmark in the box.
  • Click the Restore button at the bottom of the window.
A report should be generated. Please post that in your next reply.
Now check the Chrome browser and see if the pop up is still there.


NEXT:

You ran the fixlist.txt file that was in post #26 back on Sept. 3rd.

It looks like you have been downloading everything to the C:\Users\FamilyRoom\Downloads folder and then copying them to the desktop. You can change the browser settings to save the downloads directly to the desktop.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"



Step-2.

Please do a search for fixlist.txt and delete every copy that you find. Then download the the most current fixlist.txt file, (the one in post #42), again and save it to the desktop. There should be a FRST64 icon on the desktop. Using Step 4 in post #42, please run the correct FRST fix.


The computer is running well. (As well as you can expect it to run with a virus)I haven't had any trouble with accessing any websites or running any of our normal programs. The only thing that isn't running right is when I try to upload pictures from a camera memory card, a box comes up and says "The following error occurred while importing your image: Access denied" and then it closes out the window, so we aren't able to import any pictures onto the computer.

I'm happy to hear that the computer is running well. And the main infection has been killed. We're just trying to clean out the remnants now. As for the uploading pictures issue...I can't see anything that we have done that would have caused this. Remind me of this after we are done and I'll investigate it.
Were you able to download pictures before we started?
On a different note, did we install an antivirus program yet?


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above.
2. The new AdwCleaner[xx].txt log and let me know if the issue in Chrome is gone.
3. The new fixlog.txt log
  • 0

#45
k_barta2005
Posted 13 September 2013 - 05:19 AM

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1. To my knowledge we were able to upload pictures before we started.No, we haven't installed an anti-virus program yet.

2. I did what you asked, and found the correct entry in the Quarantine Manager and restored it; but when I opened the Chrome browser, the pop-up was still there. Here is the log:

# AdwCleaner - Quarantine restoration
# 12/09/2013 - 19:16:00

File Restored : C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

##### EOF #####


3.Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-09-2013
Ran by FamilyRoom at 2013-09-13 07:14:18 Run:8
Running from C:\Users\FamilyRoom\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-se...119351&tsp=4994
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...119351&tsp=4994
CHR Extension: (WhiteSmoke B) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.19.2.505_0
CHR HKLM-x32\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\FamilyRoom\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
2013-09-03 17:02 - 2013-09-04 07:43 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\BabSolution
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\DSite
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Babylon
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-03 17:02 - 2013-09-03 17:02 - 00000000 ____D C:\ProgramData\Babylon
2013-09-03 17:01 - 2013-09-03 17:01 - 00714816 _____ C:\Users\FamilyRoom\Downloads\ZipOpenerSetup.exe
2013-08-26 18:47 - 2011-04-04 19:34 - 00000000 ____D C:\ProgramData\iolo
2013-09-04 13:24 - 2012-12-30 14:13 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-08-26 18:36 - 2012-12-30 14:34 - 00004342 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
C:\Users\FAMILY~1\AppData\Local\Temp\SkypeSetup.exe
C:\Users\FAMILY~1\AppData\Local\Temp\uninst1.exe
C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
C:\Users\FamilyRoom\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx


*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp => Key deleted successfully.
"C:\Users\FamilyRoom\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx" => File/Directory not found.
AppMgmt => Service deleted successfully.
"C:\Users\FamilyRoom\AppData\Roaming\BabSolution" => File/Directory not found.
"C:\Users\FamilyRoom\AppData\Roaming\DSite" => File/Directory not found.
"C:\Users\FamilyRoom\AppData\Roaming\Babylon" => File/Directory not found.
"C:\Users\FamilyRoom\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z" => File/Directory not found.
"C:\ProgramData\Babylon" => File/Directory not found.
C:\Users\FamilyRoom\Downloads\ZipOpenerSetup.exe => Moved successfully.
C:\ProgramData\iolo => Moved successfully.
C:\ProgramData\Ad-Aware Browsing Protection => Moved successfully.
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Moved successfully.
C:\Users\FAMILY~1\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\FAMILY~1\AppData\Local\Temp\uninst1.exe => Moved successfully.
"C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp" => File/Directory not found.
"C:\Users\FamilyRoom\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx" => File/Directory not found.

==== End of Fixlog ====
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP