Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malwarebytes deleting important files? Can't log on after virus re

Started by Shruikan66 , Jun 17 2014 12:51 PM
malwarebytes winlogon pcimon

  • This topic is locked This topic is locked

#1
Shruikan66
Posted 17 June 2014 - 12:51 PM

Shruikan66

    Member

  • Member
  • PipPip
  • 42 posts

Hiya! Was hoping someone here could help me, as I've encountered a problem that's got my head spinning. I'm running Windows 7 Professional on a Lenovo B560 Laptop.

 

I started noticing some virus-like behaviour such as automatic messages being sent through my Skype "XD Check out these fails! <insert probably infected link here>", chrome working very slowly, and my webcam actually turned on all on its own for like 30 seconds. That freaked me out, and prompted me to tape up my camera and start running scans. I ran a full scan (which took like 6 hours for some reason? I don't believe it should have taken this long) with Windows Security Essentials but it found nothing. So I've been told I should try Malwarebytes instead as it is apparently one of the better anti-virus programs out there. I downloaded Malwarebytes from malwarebytes.org, free version and was given a trial program. I ran a full scan and sure enough it found 6 things Windows Security Essentials didn't find. I don't have the log sorry, but i remember it found a bunch of PUP files, something called BitcoinMiner, and the two files winlogon and pcimon. After letting it doing its thing and remove the threats, my computer was working great.

 

But then when I restart my computer it has trouble logging on. I get pass the users screen and it will load my desktop and taskbar, but nothing else. I can't really click on anything; when I mouse over my taskbar the little blue "waiting" circle on my cursor appears. And it does nothing. It won't go into hibernate either, my only option is to hold the power button until it shuts down. System Restore solves the problem, but I still have all my viruses!! 

 

What's got my head spinning is that I've actually noticed the two files "winlogon" and "pcimon" asking for my permission to run when I log in (with publisher: Unknown"). Obviously, this has never happened, so that was a red flag that those two are definitely viruses. I look up these files and they're windows files? According to what they do, they really shouldn't be asking my permission like this, but they are very important nevertheless. I also found out viruses like to mimic these files, and if my winlogon is a fake I should find the fake in my User Directory, but I can't.  

 

I just want to know what's up. Is Malwarebytes deleting something important? Do I still have viruses and, if so, how do I get rid of them?

 

Thanks! 

 

OTL Log:

OTL logfile created on: 17/06/2014 2:43:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\testy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
5.74 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 71.49% Memory free
11.48 Gb Paging File | 9.52 Gb Available in Paging File | 82.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 391.24 Gb Free Space | 84.02% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MISA | User Name: testy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/17 14:26:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
PRC - [2014/05/13 19:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/04/14 20:39:56 | 002,308,872 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2007/04/27 19:40:14 | 001,581,056 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/13 19:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/13 19:40:53 | 013,695,816 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
MOD - [2014/05/13 19:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/13 19:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014/05/13 19:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014/05/13 19:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/04/13 20:18:10 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lenovo\EnergyCut\KbdHook.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/07 13:02:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/15 07:02:40 | 000,036,656 | ---- | M] (Egis Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2011/07/01 15:08:04 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/06/03 23:59:38 | 000,057,648 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd2.sys -- (FSProFilter2)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?o...U221DHP&pc=U221
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\testy\AppData\Local\Roblox\Versions\version-4d8b1955ef2740b3\\NPRobloxProxy.dll ()
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.ca/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.1_0\
CHR - Extension: Google Wallet = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [EnergyCut] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [PCI Monitor] C:\Program Files (x86)\PCI Monitor\pcimon.exe (© The Computer Guy Tony                                     )
O4 - HKLM..\Run: [Winlogon] C:\Users\testy\AppData\Roaming\winlogon.exe (© The Computer Guy Tony                                     )
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Winlogon] C:\Users\testy\AppData\Roaming\winlogon.exe (© The Computer Guy Tony                                     )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 199.235.124.213 199.235.124.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DF823DF-502D-4E94-90A2-2A5EF33789A7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{802FC181-7A86-4503-AE7C-82B67922BBDF}: DhcpNameServer = 199.235.124.213 199.235.124.214
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 22:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 19:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c769d213-ea54-11e3-bfe6-f0def14a573c}\Shell - "" = AutoRun
O33 - MountPoints2\{c769d213-ea54-11e3-bfe6-f0def14a573c}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/29 22:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/17 14:26:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
[2014/06/16 23:56:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/06/16 21:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/16 19:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/16 19:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/16 18:48:04 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Lite
[2014/06/16 18:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2014/06/16 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014/06/15 16:26:40 | 000,000,000 | ---D | C] -- C:\Users\testy\javaupdate
[2014/06/13 12:30:58 | 000,000,000 | ---D | C] -- C:\Users\testy\Desktop\Sprites
[2014/06/12 18:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCI Monitor
[2014/06/12 18:28:31 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\1B94DF9B-8C09-437B-94AF-7C149D758150
[2014/06/12 18:09:37 | 132,583,424 | -HS- | C] (© The Computer Guy Tony                                     ) -- C:\Users\testy\AppData\Roaming\csrss.exe
[2014/06/12 18:07:24 | 133,012,047 | ---- | C] (© The Computer Guy Tony                                     ) -- C:\Users\testy\AppData\Roaming\Photoshop CS6.exe
[2014/06/12 18:02:18 | 132,583,424 | -HS- | C] (© The Computer Guy Tony                                     ) -- C:\Users\testy\AppData\Roaming\winlogon.exe
[2014/06/12 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\testy\Documents\RPGVXAce
[2014/06/12 17:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG MAKER VX Ace
[2014/06/12 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enterbrain
[2014/06/12 17:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Enterbrain
[2014/06/12 17:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[2014/06/12 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2014/06/12 17:30:05 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\InstallShield
[2014/06/12 17:30:02 | 000,000,000 | ---D | C] -- C:\Drivers
[2014/06/10 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2014/06/10 21:42:08 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Local\Roblox
[2014/06/07 13:24:19 | 000,000,000 | ---D | C] -- C:\Users\testy\Documents\Electronic Arts
[2014/06/07 13:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2014/06/07 13:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2014/06/07 13:18:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/06/07 13:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2014/06/07 13:02:58 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/06/07 13:02:55 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Pro
[2014/06/07 13:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2014/06/07 13:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2014/06/02 23:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2014/05/22 21:41:54 | 000,000,000 | ---D | C] -- C:\Users\testy\Documents\FirstClass
[2014/05/22 21:41:45 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\FirstClass
[2014/05/22 21:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirstClass
[2014/05/22 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\testy\Desktop\Games
[2014/05/22 12:06:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/05/19 17:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/05/19 17:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/05/19 17:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/05/19 17:45:38 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Local\Adobe
[2014/05/18 20:47:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/05/18 18:23:01 | 000,000,000 | ---D | C] -- C:\Users\testy\jagexcache
[2 C:\Users\testy\Desktop\*.tmp files -> C:\Users\testy\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/17 14:47:55 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/17 14:47:54 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/17 14:26:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
[2014/06/17 14:19:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/17 09:39:38 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/17 09:39:38 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/17 08:46:41 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/17 08:46:41 | 000,666,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/17 08:46:41 | 000,125,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/17 08:41:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/17 08:40:14 | 326,508,543 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/13 12:34:25 | 000,002,009 | ---- | M] () -- C:\Users\testy\Desktop\Photoshop.lnk
[2014/06/12 18:28:27 | 132,583,424 | -HS- | M] (© The Computer Guy Tony                                     ) -- C:\Users\testy\AppData\Roaming\winlogon.exe
[2014/06/12 18:28:27 | 132,583,424 | -HS- | M] (© The Computer Guy Tony                                     ) -- C:\Users\testy\AppData\Roaming\csrss.exe
[2014/06/12 18:13:04 | 000,000,040 | -H-- | M] () -- C:\76C026703A79
[2014/06/12 18:07:35 | 133,012,047 | ---- | M] (© The Computer Guy Tony                                     ) -- C:\Users\testy\AppData\Roaming\Photoshop CS6.exe
[2014/06/12 17:34:38 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\RPG MAKER VX Ace.lnk
[2014/06/12 17:18:53 | 000,001,235 | ---- | M] () -- C:\Users\testy\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.lnk
[2014/06/12 17:18:53 | 000,001,211 | ---- | M] () -- C:\Users\testy\Desktop\FrostWire 5.lnk
[2014/06/10 20:15:41 | 413,179,345 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/10 12:08:57 | 000,018,920 | ---- | M] () -- C:\Users\testy\Desktop\Courage.mx6
[2014/06/10 00:14:10 | 000,002,000 | ---- | M] () -- C:\Users\testy\Desktop\Mixcraft 6.lnk
[2014/06/07 13:22:40 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2014/06/07 13:15:01 | 000,001,318 | ---- | M] () -- C:\Users\testy\Desktop\Frostwire.lnk
[2014/06/07 13:03:36 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2014/06/07 13:02:58 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/05/26 11:48:41 | 000,000,925 | ---- | M] () -- C:\Users\testy\Desktop\ .lnk
[2014/05/24 22:53:49 | 000,000,024 | ---- | M] () -- C:\Users\testy\random.dat
[2014/05/24 22:45:01 | 000,000,044 | ---- | M] () -- C:\Users\testy\jagex_cl_runescape_LIVE.dat
[2014/05/22 21:41:47 | 000,001,930 | ---- | M] () -- C:\Users\testy\Desktop\FirstClass.lnk
[2014/05/19 18:09:57 | 000,069,096 | ---- | M] () -- C:\Users\testy\Desktop\Winterspell.mx6
[2014/05/19 16:26:12 | 000,002,657 | ---- | M] () -- C:\Users\testy\Desktop\Microsoft Office Word 2003.lnk
[2014/05/18 20:47:38 | 000,357,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/18 20:41:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2 C:\Users\testy\Desktop\*.tmp files -> C:\Users\testy\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/12 18:23:44 | 000,002,009 | ---- | C] () -- C:\Users\testy\Desktop\Photoshop.lnk
[2014/06/12 18:13:04 | 000,000,040 | -H-- | C] () -- C:\76C026703A79
[2014/06/12 17:34:38 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\RPG MAKER VX Ace.lnk
[2014/06/10 00:12:22 | 000,018,920 | ---- | C] () -- C:\Users\testy\Desktop\Courage.mx6
[2014/06/07 13:22:40 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2014/06/07 13:15:01 | 000,001,318 | ---- | C] () -- C:\Users\testy\Desktop\Frostwire.lnk
[2014/06/07 13:03:36 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2014/05/22 21:41:47 | 000,001,930 | ---- | C] () -- C:\Users\testy\Desktop\FirstClass.lnk
[2014/05/19 17:50:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/05/18 20:46:59 | 413,179,345 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/05/18 20:41:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/05/18 18:23:01 | 000,000,044 | ---- | C] () -- C:\Users\testy\jagex_cl_runescape_LIVE.dat
[2014/05/18 18:23:01 | 000,000,024 | ---- | C] () -- C:\Users\testy\random.dat
[2014/05/18 18:17:06 | 000,069,096 | ---- | C] () -- C:\Users\testy\Desktop\Winterspell.mx6
[2014/05/15 17:55:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/14 00:07:24 | 000,765,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/28 19:59:14 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\.minecraft
[2014/06/15 18:11:44 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\1B94DF9B-8C09-437B-94AF-7C149D758150
[2014/05/16 19:53:21 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Acoustica
[2014/06/07 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Audacity
[2014/06/16 18:51:35 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Lite
[2014/06/07 13:06:17 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Pro
[2014/05/22 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\FirstClass
[2014/05/15 23:13:08 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Oracle
[2014/05/16 19:53:26 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\SynthMaker
[2014/05/15 22:15:21 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\SYSTEMAX Software Development
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
Biscuithd
Posted 17 June 2014 - 12:54 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi there, wavey.gif.pagespeed.ce.4AQn4GwL8t.gif Welcome to the forums!
welcome.gif.pagespeed.ce.jM2aDq5TfO.gif. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

  • Carefully read every post completely before doing anything.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

Give me the remainder of the day to assess your log and create a fix. I'll get back with you as soon as I can! :)


  • 0

#3
Biscuithd
Posted 17 June 2014 - 12:56 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Also, could you post the Extras.txt log file. Its the second log that OTL produces. It should be on your desktop. If you can't find it, let me know.


  • 0

#4
Shruikan66
Posted 17 June 2014 - 04:57 PM

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Not a problem! Here it is:

 

 

OTL Extras logfile created on: 17/06/2014 2:43:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\testy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
5.74 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 71.49% Memory free
11.48 Gb Paging File | 9.52 Gb Available in Paging File | 82.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 391.24 Gb Free Space | 84.02% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MISA | User Name: testy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0086BA5A-C0CD-4A4C-8AF6-90E510C89010}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{03BDA60B-CFC4-4CF4-8205-13AFF1440E71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{06A152D2-7857-4207-8FF7-002B93DDE5B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0DE11B0B-56F4-4D96-B0D4-9D07BC3CD96C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{114B223E-126A-431B-B7A7-B067D44FBA63}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1E34E2B3-848E-4AE9-8C38-0A5991852729}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{3F8E5706-C178-4C53-A2FE-5A5EB89392B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{436DEE29-3256-458A-B82A-22F6932C29CD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4D2B3340-B9F2-412F-A8B5-204A3AA32E76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{56886CB7-F4F3-4D17-9374-2E6313ED2A18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5BCEAB2D-7187-46C5-A649-D7D1F5B93DDD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65A38268-B243-4E17-8DF2-C8335879EEBF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{79592127-F801-4E26-B963-C961B8E4A41B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{96EC3EE8-2D53-4660-8A9A-AF55E079624C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BC2C6171-7839-4817-9EB1-8CD06271D35E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C79BE452-E4DE-42CE-A79D-CEF888A287EB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D28270E5-F449-4E0E-B76E-3FCA77DDD149}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D4084FA6-5F91-4DE3-BE7D-B83FC5EFB3D8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EDF130F8-8B25-49C6-8A04-CFC075A4C73F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EEDC82EF-AE94-4B00-9857-6A57CCFBA00E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1C047C8-99A7-4431-94C8-9CDD8503E6B1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F29258D0-AEB6-497A-9D37-7E9C00C3F19C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FEC2A8D7-8F77-4AED-BB36-493BFFCAEF34}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13FA9DA0-8117-4A65-8454-3C707C12FFE7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1A09A6C8-9D87-42B4-95C0-AC1FDE364A43}" = protocol=6 | dir=out | app=system | 
"{2E074A05-608A-4128-B65F-54830EE11E89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{341165C5-4284-436F-AD5D-3F1F985D245E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3E5E8F93-CFE7-42AB-8B3B-85FA660EFB62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C9DEFA4-F4F3-4208-B333-D27F49A4DF51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6718DBD1-D43E-4607-BA2A-208493F4CD61}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{68B462EA-FCD3-43F8-BA7B-5B9881BF2C84}" = protocol=58 | dir=out | [email protected],-503 | 
"{76801B27-F286-4953-B2E6-02BDA7607D50}" = protocol=1 | dir=out | [email protected],-28544 | 
"{7B4F4F27-7801-40D3-B67B-934AECD5D4A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7FA12B2E-5F50-45B6-8B56-177D26F8F49A}" = protocol=58 | dir=out | [email protected],-28546 | 
"{81D83672-271E-43F0-9082-82134151E91A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{83028109-9D5C-4481-B3F4-8A6BF662D56B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{91EBFB7B-FBB6-4358-9055-EADCA9929C50}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9BCBF1D3-161F-470F-A64E-7A519E684131}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9C160AA4-91BE-4466-AD5A-8976B1C09D26}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9C6CDDEA-4948-4D16-BB4E-C638D8A69918}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E868FFA-6870-4365-AB45-188FF4DE439C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B5042A6D-51EA-408D-ACCE-9392E321478A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B540B869-96FC-4CCF-9A82-AFC6F63886A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6A62B4D-4EAD-4D00-94DB-5C2B100B4FCE}" = protocol=58 | dir=in | [email protected],-28545 | 
"{C113B593-E5D2-43F4-8E98-E8AEB72C5170}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D563CBA7-6B2E-415C-965D-EAF7C38D474E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5360AC7-4C91-4127-9266-AD1189FB10ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EAF4B5CD-6DE5-4E0A-8700-EFC85D639485}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE723003-20DD-47BD-9CCC-4422350AE738}" = protocol=58 | dir=in | app=system | 
"{F0D9E10A-7CF3-494E-A3B5-DF84565B40DB}" = protocol=1 | dir=in | [email protected],-28543 | 
"TCP Query User{36C2331D-E59C-4583-9DBD-6E3D102CD285}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"TCP Query User{B21B9442-7A0B-4805-830E-5D771D527FC1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{F345A9A9-394C-425C-A3DA-4A535C8EB37E}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"TCP Query User{FEB537B0-1477-4438-919F-0B79B7568824}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{1C00ED9A-EB46-44AC-BFC3-6A4E29B80A09}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{4143A530-96D9-48F8-85BB-045A444D7717}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"UDP Query User{536483B8-C695-4D87-822A-FEAC64691FD9}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"UDP Query User{822AD225-6409-4B6D-BF16-398DE4090718}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9D20916D-C1E9-4E39-9723-13D200D87C40}" = iTunes
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"Microsoft Security Client" = Microsoft Security Essentials
"My Lockbox_is1" = My Lockbox 3.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}" = EnergyCut
"{6EBED885-73D9-4750-B96E-FD654500E59F}" = FirstClass Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{835D562C-B72C-461D-A9C3-B8206B66E85A}" = RPG Maker VX Ace
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{BDF90AE9-C455-49B8-AEC6-D2B9737A4E54}_is1" = Portal 1 version 1.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Acoustica Mixcraft 6" = Acoustica Mixcraft 6
"Adobe Photoshop CS6" = Adobe Photoshop CS6
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Audacity_is1" = Audacity 2.0.5
"DAEMON Tools Pro" = DAEMON Tools Pro
"FrostWire 5" = FrostWire 5.7.3
"Google Chrome" = Google Chrome
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"WinRAR archiver" = WinRAR 5.10 beta 4 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for testy
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for testy
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17/06/2014 12:57:48 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 117796
 
Error - 17/06/2014 1:00:13 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17/06/2014 1:00:13 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1279
 
Error - 17/06/2014 1:00:13 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1279
 
Error - 17/06/2014 1:04:09 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17/06/2014 1:04:09 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 237028
 
Error - 17/06/2014 1:04:09 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 237028
 
Error - 17/06/2014 1:36:55 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17/06/2014 1:36:55 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1138
 
Error - 17/06/2014 1:36:55 PM | Computer Name = MISA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1138
 
[ System Events ]
Error - 17/06/2014 8:35:34 AM | Computer Name = MISA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 17/06/2014 8:35:34 AM | Computer Name = MISA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 17/06/2014 8:35:34 AM | Computer Name = MISA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 17/06/2014 8:35:34 AM | Computer Name = MISA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 17/06/2014 8:35:34 AM | Computer Name = MISA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 17/06/2014 8:35:34 AM | Computer Name = MISA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 17/06/2014 8:35:34 AM | Computer Name = MISA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 17/06/2014 8:35:34 AM | Computer Name = MISA | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 17/06/2014 8:36:17 AM | Computer Name = MISA | Source = DCOM | ID = 10005
Description = 
 
Error - 17/06/2014 8:37:04 AM | Computer Name = MISA | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
 Provider Host service which failed to start because of the following error:   %%1068
 
 
< End of report >

  • 0

#5
Biscuithd
Posted 17 June 2014 - 06:49 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi Shruikan66,

 

Yes, I can see that you have some significant issues, but I think we can help. Just so you know, MBAM can only do so much and what I see here is beyond what MBAM can do.

 

That said, I have a custom fix for you, but first you mentioned Boot Issues. I'm going to assume that you can Boot far enough to run the fix. If that is not the case, perhaps try Safe Mode. The fix might even work more easily in Safe Mode, although try the fix in normal mode if it's easier. If you need instructions for Safe Mode let me know. I also have instructions for creating a boot environment on a CD or USB drive. However, you would need a second computer and a bit of time. Again, that's ony if necessary. Hopefully this first fix should alleviate the booting issues and then we can work on the remaining malware.

 

Run OTL as you've done previously.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Command

[CreateRestorePoint] 



:OTL

O4 - HKLM..\Run: [PCI Monitor] C:\Program Files (x86)\PCI Monitor\pcimon.exe (© The Computer Guy Tony                                     )

O4 - HKLM..\Run: [Winlogon] C:\Users\testy\AppData\Roaming\winlogon.exe (© The Computer Guy Tony                                     )

O4 - HKCU..\Run: [Winlogon] C:\Users\testy\AppData\Roaming\winlogon.exe (© The Computer Guy Tony                                     )

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 199.235.124.213 199.235.124.214

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DF823DF-502D-4E94-90A2-2A5EF33789A7}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{802FC181-7A86-4503-AE7C-82B67922BBDF}: DhcpNameServer = 199.235.124.213 199.235.124.214

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[2014/06/12 18:28:31 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\1B94DF9B-8C09-437B-94AF-7C149D758150

[2014/06/12 18:09:37 | 132,583,424 | -HS- | C] (© The Computer Guy Tony                                     ) -- C:\Users\testy\AppData\Roaming\csrss.exe

[2014/06/12 18:07:24 | 133,012,047 | ---- | C] (© The Computer Guy Tony                                     ) -- C:\Users\testy\AppData\Roaming\Photoshop CS6.exe

[2014/06/12 18:02:18 | 132,583,424 | -HS- | C] (© The Computer Guy Tony                                     ) -- C:\Users\testy\AppData\Roaming\winlogon.exe



:Commands 

[EMPTYTEMP] 

[RESETHOSTS] 

[REBOOT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, if the PC doesn't reboot on it's own, then reboot the PC manually.

When the computer is finished booting, re-run OTL and this time chose Quick Scan and post the resulting scan results.

 

If you have any questions or issues, let me know. :)


  • 0

#6
Shruikan66
Posted 18 June 2014 - 08:20 PM

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Yes I ran into some reboot issues shortly before posing this thread, but system restore thankfully was able to restore my computer to the way it was before my MBAM scan.

So I was able to run your custom scan in normal mode with no problems! :)

Here are the scan results you asked for:

 

 

OTL logfile created on: 18/06/2014 10:06:15 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\testy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
5.74 Gb Total Physical Memory | 4.33 Gb Available Physical Memory | 75.50% Memory free
11.48 Gb Paging File | 9.91 Gb Available in Paging File | 86.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 392.33 Gb Free Space | 84.25% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MISA | User Name: testy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/17 14:26:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
PRC - [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/04/14 20:39:56 | 002,308,872 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2007/04/27 19:40:14 | 001,581,056 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/05 09:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 09:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 09:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 09:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 09:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/04/13 20:18:10 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lenovo\EnergyCut\KbdHook.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/07 13:02:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/15 07:02:40 | 000,036,656 | ---- | M] (Egis Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2011/07/01 15:08:04 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/06/03 23:59:38 | 000,057,648 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd2.sys -- (FSProFilter2)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?o...U221DHP&pc=U221
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\testy\AppData\Local\Roblox\Versions\version-4d8b1955ef2740b3\\NPRobloxProxy.dll ()
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.ca/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.1_0\
CHR - Extension: Google Wallet = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/06/18 21:55:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [EnergyCut] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.226.1.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{802FC181-7A86-4503-AE7C-82B67922BBDF}: DhcpNameServer = 192.168.1.1 24.226.1.93
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 22:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 19:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c769d213-ea54-11e3-bfe6-f0def14a573c}\Shell - "" = AutoRun
O33 - MountPoints2\{c769d213-ea54-11e3-bfe6-f0def14a573c}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/29 22:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/18 21:53:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/17 22:08:06 | 000,000,000 | ---D | C] -- C:\Users\testy\Desktop\Yay!
[2014/06/17 14:26:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
[2014/06/16 23:56:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/06/16 21:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/16 19:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/16 19:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/16 18:48:04 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Lite
[2014/06/16 18:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2014/06/16 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014/06/15 16:26:40 | 000,000,000 | ---D | C] -- C:\Users\testy\javaupdate
[2014/06/13 12:30:58 | 000,000,000 | ---D | C] -- C:\Users\testy\Desktop\Sprites
[2014/06/12 18:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCI Monitor
[2014/06/12 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\testy\Documents\RPGVXAce
[2014/06/12 17:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG MAKER VX Ace
[2014/06/12 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enterbrain
[2014/06/12 17:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Enterbrain
[2014/06/12 17:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[2014/06/12 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2014/06/12 17:30:05 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\InstallShield
[2014/06/12 17:30:02 | 000,000,000 | ---D | C] -- C:\Drivers
[2014/06/10 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2014/06/10 21:42:08 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Local\Roblox
[2014/06/07 13:24:19 | 000,000,000 | ---D | C] -- C:\Users\testy\Documents\Electronic Arts
[2014/06/07 13:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2014/06/07 13:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2014/06/07 13:18:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/06/07 13:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2014/06/07 13:02:58 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/06/07 13:02:55 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Pro
[2014/06/07 13:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2014/06/07 13:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2014/06/02 23:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2014/05/22 21:41:54 | 000,000,000 | ---D | C] -- C:\Users\testy\Documents\FirstClass
[2014/05/22 21:41:45 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\FirstClass
[2014/05/22 21:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirstClass
[2014/05/22 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\testy\Desktop\Games
[2014/05/22 12:06:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2 C:\Users\testy\Desktop\*.tmp files -> C:\Users\testy\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/18 22:03:45 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/18 22:03:45 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/18 22:01:36 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/18 22:00:41 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/18 22:00:41 | 000,666,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/18 22:00:41 | 000,125,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/18 21:56:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/18 21:56:14 | 326,508,543 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/18 21:55:21 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/06/18 21:44:35 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/17 14:47:54 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/17 14:26:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
[2014/06/13 12:34:25 | 000,002,009 | ---- | M] () -- C:\Users\testy\Desktop\Photoshop.lnk
[2014/06/12 18:13:04 | 000,000,040 | -H-- | M] () -- C:\76C026703A79
[2014/06/12 17:34:38 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\RPG MAKER VX Ace.lnk
[2014/06/12 17:18:53 | 000,001,235 | ---- | M] () -- C:\Users\testy\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.lnk
[2014/06/12 17:18:53 | 000,001,211 | ---- | M] () -- C:\Users\testy\Desktop\FrostWire 5.lnk
[2014/06/10 20:15:41 | 413,179,345 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/10 12:08:57 | 000,018,920 | ---- | M] () -- C:\Users\testy\Desktop\Courage.mx6
[2014/06/10 00:14:10 | 000,002,000 | ---- | M] () -- C:\Users\testy\Desktop\Mixcraft 6.lnk
[2014/06/07 13:22:40 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2014/06/07 13:15:01 | 000,001,318 | ---- | M] () -- C:\Users\testy\Desktop\Frostwire.lnk
[2014/06/07 13:03:36 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2014/06/07 13:02:58 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/05/26 11:48:41 | 000,000,925 | ---- | M] () -- C:\Users\testy\Desktop\ .lnk
[2014/05/24 22:53:49 | 000,000,024 | ---- | M] () -- C:\Users\testy\random.dat
[2014/05/24 22:45:01 | 000,000,044 | ---- | M] () -- C:\Users\testy\jagex_cl_runescape_LIVE.dat
[2014/05/22 21:41:47 | 000,001,930 | ---- | M] () -- C:\Users\testy\Desktop\FirstClass.lnk
[2 C:\Users\testy\Desktop\*.tmp files -> C:\Users\testy\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/12 18:23:44 | 000,002,009 | ---- | C] () -- C:\Users\testy\Desktop\Photoshop.lnk
[2014/06/12 18:13:04 | 000,000,040 | -H-- | C] () -- C:\76C026703A79
[2014/06/12 17:34:38 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\RPG MAKER VX Ace.lnk
[2014/06/10 00:12:22 | 000,018,920 | ---- | C] () -- C:\Users\testy\Desktop\Courage.mx6
[2014/06/07 13:22:40 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2014/06/07 13:15:01 | 000,001,318 | ---- | C] () -- C:\Users\testy\Desktop\Frostwire.lnk
[2014/06/07 13:03:36 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2014/05/22 21:41:47 | 000,001,930 | ---- | C] () -- C:\Users\testy\Desktop\FirstClass.lnk
[2014/05/18 18:23:01 | 000,000,044 | ---- | C] () -- C:\Users\testy\jagex_cl_runescape_LIVE.dat
[2014/05/18 18:23:01 | 000,000,024 | ---- | C] () -- C:\Users\testy\random.dat
[2014/05/15 17:55:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/14 00:07:24 | 000,765,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/28 19:59:14 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\.minecraft
[2014/05/16 19:53:21 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Acoustica
[2014/06/07 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Audacity
[2014/06/16 18:51:35 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Lite
[2014/06/07 13:06:17 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Pro
[2014/05/22 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\FirstClass
[2014/05/15 23:13:08 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Oracle
[2014/05/16 19:53:26 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\SynthMaker
[2014/05/15 22:15:21 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\SYSTEMAX Software Development
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

#7
Biscuithd
Posted 19 June 2014 - 07:19 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Many apologies! I have had terrible storms and no power the last day. All is well now, so I will respond with further instructions some time later today.


  • 0

#8
Shruikan66
Posted 19 June 2014 - 09:15 AM

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

No problem. I'm just thankful you're helping me! :) Take the time you need.


  • 0

#9
Biscuithd
Posted 19 June 2014 - 12:53 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

No problem. I'm just thankful you're helping me! :) Take the time you need.

 

Thanks for your understanding! I think I'm in good shape unless another storm hits :)

 

Initially you indicated that ..."MBAM was Deleting Important FIles." What files were you referring to?

 

That said, here are your next steps

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next, download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  • Click Options button below the large panel and check the box:

    Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

Security Check

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Last, rerun OTL as you did previously, but this time just press the Quick Scan button. When OTL completes you will find one log, OTL.TXT. Please post that with the adwCleaner log, the Junkware log, the ZOEK log and the Security Log.


  • 0

#10
Shruikan66
Posted 20 June 2014 - 04:18 PM

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

I thought MBAM was deleting important files because after it cleaned my computer and I restart, that's when I would get the log on problems. Plus, I found out one of the viruses was a fake "winlogon.exe" so I figured MBAM must be deleting the real winlogon.exe by accident and that's why I couldn't log on. I don't know, I was just guessing.

 

AdwCleaner:

 

# AdwCleaner v3.212 - Report created 20/06/2014 at 18:09:40
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : testy - MISA
# Running from : C:\Users\testy\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKCU\Software\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.pu-results.info/?l=1&q={searchTerms}&pid=726&r=2013/03/11&hid=1353371629&lg=EN&cc=CA
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.explorelearning.com/index.cfm?method=cSearch.actDoSearch&NewSearch=1&uncompiledQuery={searchTerms}&src=osrchbr
 
*************************
 
AdwCleaner[R0].txt - [1419 octets] - [20/06/2014 18:07:04]
AdwCleaner[S0].txt - [1309 octets] - [20/06/2014 18:09:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1369 octets] ##########
 
 
The next logs are coming, just a minute.

  • 0

Advertisements

#11
Shruikan66
Posted 20 June 2014 - 04:31 PM

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by testy on 20/06/2014 at 18:22:02.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/06/2014 at 18:30:08.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#12
Biscuithd
Posted 20 June 2014 - 04:42 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Those logs are a vast improvement! I have a few more steps for you which I will post in the morning, but...how the machine working now?


  • 0

#13
Biscuithd
Posted 20 June 2014 - 05:00 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Also, don't forget to run Security Check and post the log, then let me know how the machine is running.


  • 0

#14
Shruikan66
Posted 21 June 2014 - 11:08 AM

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Sorry about that. My wifi cut off while I was posting the logs. Here are the remaining logs:

 

Zoek:

 

 
Zoek.exe v5.0.0.0 Updated 20-06-2014
Tool run by testy on 21/06/2014 at 12:47:52.00.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\testy\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== System Restore Info ======================
 
21/06/2014 12:48:40 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\testy\Searches deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
 
==== Chrome Look ======================
 
Google Voice Search Hotword (Beta) - testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
AdBlock - testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...ge={startPage}"
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\testy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8A2AMD8F will be deleted at reboot
C:\Users\testy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNW7V1VQ will be deleted at reboot
C:\Users\testy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYFM7NTS will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
 
 
 
 
Security Check:
 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 
 

  • 0

#15
Shruikan66
Posted 21 June 2014 - 11:21 AM

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

All of my virus symptoms have disappeared as soon as we started! Those two files winlogon and pcimon are gone, chrome is working great now and my webcam only turned on once (before I posted in this forum) and hasn't shown any unusual activity since. I hope that's what you meant by "let me know how the machine is running"? :P

 

Here's the last OTL scan:

 

OTL logfile created on: 21/06/2014 1:05:54 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\testy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
5.74 Gb Total Physical Memory | 3.72 Gb Available Physical Memory | 64.84% Memory free
11.48 Gb Paging File | 9.55 Gb Available in Paging File | 83.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 392.18 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MISA | User Name: testy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/17 14:26:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
PRC - [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/04/14 20:39:56 | 002,308,872 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2007/04/27 19:40:14 | 001,581,056 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/05 09:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 09:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 09:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 09:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 09:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/04/13 20:18:10 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lenovo\EnergyCut\KbdHook.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/07 13:02:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/15 07:02:40 | 000,036,656 | ---- | M] (Egis Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2011/07/01 15:08:04 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/06/03 23:59:38 | 000,057,648 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd2.sys -- (FSProFilter2)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?o...U221DHP&pc=U221
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\testy\AppData\Local\Roblox\Versions\version-4d8b1955ef2740b3\\NPRobloxProxy.dll ()
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.ca/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.3_0\
CHR - Extension: Google Wallet = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/06/18 21:55:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [EnergyCut] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.226.1.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{802FC181-7A86-4503-AE7C-82B67922BBDF}: DhcpNameServer = 192.168.1.1 24.226.1.93
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 22:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 19:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c769d213-ea54-11e3-bfe6-f0def14a573c}\Shell - "" = AutoRun
O33 - MountPoints2\{c769d213-ea54-11e3-bfe6-f0def14a573c}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/29 22:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/21 12:59:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/21 12:58:21 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/06/21 12:58:21 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Local\Temp
[2014/06/21 12:47:45 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/06/20 18:21:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/20 18:13:31 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\testy\Desktop\JRT.exe
[2014/06/20 18:07:25 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/20 18:07:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/18 21:53:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/17 22:08:06 | 000,000,000 | ---D | C] -- C:\Users\testy\Desktop\Yay!
[2014/06/17 14:26:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
[2014/06/16 23:56:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/06/16 21:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/16 19:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/16 19:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/16 18:48:04 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Lite
[2014/06/16 18:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2014/06/16 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014/06/15 16:26:40 | 000,000,000 | ---D | C] -- C:\Users\testy\javaupdate
[2014/06/13 12:30:58 | 000,000,000 | ---D | C] -- C:\Users\testy\Desktop\Sprites
[2014/06/12 18:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCI Monitor
[2014/06/12 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\testy\Documents\RPGVXAce
[2014/06/12 17:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG MAKER VX Ace
[2014/06/12 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enterbrain
[2014/06/12 17:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Enterbrain
[2014/06/12 17:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[2014/06/12 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2014/06/12 17:30:05 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\InstallShield
[2014/06/12 17:30:02 | 000,000,000 | ---D | C] -- C:\Drivers
[2014/06/10 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2014/06/10 21:42:08 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Local\Roblox
[2014/06/07 13:24:19 | 000,000,000 | ---D | C] -- C:\Users\testy\Documents\Electronic Arts
[2014/06/07 13:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2014/06/07 13:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2014/06/07 13:18:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/06/07 13:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2014/06/07 13:02:58 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/06/07 13:02:55 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Pro
[2014/06/07 13:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2014/06/07 13:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2014/06/02 23:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2014/05/22 21:41:54 | 000,000,000 | ---D | C] -- C:\Users\testy\Documents\FirstClass
[2014/05/22 21:41:45 | 000,000,000 | ---D | C] -- C:\Users\testy\AppData\Roaming\FirstClass
[2014/05/22 21:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirstClass
[2014/05/22 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\testy\Desktop\Games
[2 C:\Users\testy\Desktop\*.tmp files -> C:\Users\testy\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/21 13:06:34 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/21 13:06:34 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/21 13:04:57 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/21 13:04:57 | 000,666,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/21 13:04:57 | 000,125,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/21 13:01:22 | 000,854,390 | ---- | M] () -- C:\Users\testy\Desktop\SecurityCheck.exe
[2014/06/21 12:59:47 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/21 12:59:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/21 12:59:10 | 326,508,543 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/21 12:47:45 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/06/21 12:46:43 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/20 18:32:16 | 001,285,120 | ---- | M] () -- C:\Users\testy\Desktop\zoek.exe
[2014/06/20 18:13:46 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\testy\Desktop\JRT.exe
[2014/06/19 18:47:23 | 001,333,465 | ---- | M] () -- C:\Users\testy\Desktop\AdwCleaner.exe
[2014/06/19 11:41:47 | 000,000,132 | ---- | M] () -- C:\Users\testy\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/06/18 21:55:21 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/06/17 14:47:54 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/17 14:26:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\testy\Desktop\OTL.exe
[2014/06/13 12:34:25 | 000,002,009 | ---- | M] () -- C:\Users\testy\Desktop\Photoshop.lnk
[2014/06/12 18:13:04 | 000,000,040 | -H-- | M] () -- C:\76C026703A79
[2014/06/12 17:34:38 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\RPG MAKER VX Ace.lnk
[2014/06/12 17:18:53 | 000,001,235 | ---- | M] () -- C:\Users\testy\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.lnk
[2014/06/12 17:18:53 | 000,001,211 | ---- | M] () -- C:\Users\testy\Desktop\FrostWire 5.lnk
[2014/06/10 20:15:41 | 413,179,345 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/10 12:08:57 | 000,018,920 | ---- | M] () -- C:\Users\testy\Desktop\Courage.mx6
[2014/06/10 00:14:10 | 000,002,000 | ---- | M] () -- C:\Users\testy\Desktop\Mixcraft 6.lnk
[2014/06/07 13:22:40 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2014/06/07 13:15:01 | 000,001,318 | ---- | M] () -- C:\Users\testy\Desktop\Frostwire.lnk
[2014/06/07 13:03:36 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2014/06/07 13:02:58 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/05/26 11:48:41 | 000,000,925 | ---- | M] () -- C:\Users\testy\Desktop\ .lnk
[2014/05/24 22:53:49 | 000,000,024 | ---- | M] () -- C:\Users\testy\random.dat
[2014/05/24 22:45:01 | 000,000,044 | ---- | M] () -- C:\Users\testy\jagex_cl_runescape_LIVE.dat
[2014/05/22 21:41:47 | 000,001,930 | ---- | M] () -- C:\Users\testy\Desktop\FirstClass.lnk
[2 C:\Users\testy\Desktop\*.tmp files -> C:\Users\testy\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/21 13:01:21 | 000,854,390 | ---- | C] () -- C:\Users\testy\Desktop\SecurityCheck.exe
[2014/06/21 12:58:22 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/06/20 18:32:15 | 001,285,120 | ---- | C] () -- C:\Users\testy\Desktop\zoek.exe
[2014/06/19 18:47:16 | 001,333,465 | ---- | C] () -- C:\Users\testy\Desktop\AdwCleaner.exe
[2014/06/19 11:41:47 | 000,000,132 | ---- | C] () -- C:\Users\testy\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/06/12 18:23:44 | 000,002,009 | ---- | C] () -- C:\Users\testy\Desktop\Photoshop.lnk
[2014/06/12 18:13:04 | 000,000,040 | -H-- | C] () -- C:\76C026703A79
[2014/06/12 17:34:38 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\RPG MAKER VX Ace.lnk
[2014/06/10 00:12:22 | 000,018,920 | ---- | C] () -- C:\Users\testy\Desktop\Courage.mx6
[2014/06/07 13:22:40 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2014/06/07 13:15:01 | 000,001,318 | ---- | C] () -- C:\Users\testy\Desktop\Frostwire.lnk
[2014/06/07 13:03:36 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2014/05/22 21:41:47 | 000,001,930 | ---- | C] () -- C:\Users\testy\Desktop\FirstClass.lnk
[2014/05/18 18:23:01 | 000,000,044 | ---- | C] () -- C:\Users\testy\jagex_cl_runescape_LIVE.dat
[2014/05/18 18:23:01 | 000,000,024 | ---- | C] () -- C:\Users\testy\random.dat
[2014/05/15 17:55:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/14 00:07:24 | 000,765,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/06/20 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\.minecraft
[2014/05/16 19:53:21 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Acoustica
[2014/06/07 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Audacity
[2014/06/16 18:51:35 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Lite
[2014/06/07 13:06:17 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\DAEMON Tools Pro
[2014/05/22 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\FirstClass
[2014/05/15 23:13:08 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\Oracle
[2014/05/16 19:53:26 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\SynthMaker
[2014/05/15 22:15:21 | 000,000,000 | ---D | M] -- C:\Users\testy\AppData\Roaming\SYSTEMAX Software Development
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malwarebytes, winlogon, pcimon

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP