Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware?/Crypto problems? [Closed]


  • This topic is locked This topic is locked

#1
mindgames

mindgames

    Member

  • Member
  • PipPip
  • 16 posts

Hi

 

I've been having some problems for the last couple of days... I'm not really sure what caused it. But I noticed that Malwarebytes started blocking inbound and outbound websites - when I've got Chrome open, but no other programs running. It's now doing this every few minutes.

 

I ran a couple of checks - Avast and Malwarebytes didn't come up with anything, but I had some Malware fix programs installed from a previous problem, and one of them - Rogue Killer - identified Crypto as being bad processes. I didn't perform any suggested changes, though - I just ran Rogue Killer to see what it came up with.

 

Since then Malwarebytes seems to be blocking these websites every few seconds - always from C:\Windows\explorer.exe - both inbound and outbound. The IP addresses coming up are 222.186.19.21 on port 6881, 222.186.19.6, 222.186.19.15.

 

Also, yesterday, the PC told me that it had terminated "Steelwerx: WhoAmI" - which I've got no idea what it is.

 

Please can anyone help? I'm very worried that there is something very wrong. Thanks in advance.

 

Here's the OTL file:

 

OTL logfile created on: 29/07/2014 14:15:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mat\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 44.02% Memory free
7.99 Gb Paging File | 5.22 Gb Available in Paging File | 65.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 294.73 Gb Free Space | 63.29% Space Free | Partition Type: NTFS
Drive D: | 782.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.29 Gb Total Space | 325.89 Gb Free Space | 34.99% Space Free | Partition Type: FAT32
 
Computer Name: BRAVADO | User Name: Mat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/29 14:15:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mat\Downloads\OTL.exe
PRC - [2014/07/21 22:02:50 | 035,464,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mat\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/07/17 11:36:55 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/07/17 11:36:55 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/07/15 10:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/06/11 09:17:23 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/25 02:14:12 | 000,021,328 | ---- | M] (Promethean) -- C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/29 10:30:20 | 000,043,008 | ---- | M] () -- c:\Users\Mat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkgnv7i.dll
MOD - [2014/07/21 21:53:38 | 003,610,624 | ---- | M] () -- C:\Users\Mat\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/07/17 11:36:58 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/17 11:36:56 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/07/15 10:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 10:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 10:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 10:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 10:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/06/11 09:17:25 | 003,022,960 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/06/11 09:17:25 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/06/11 09:17:25 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Mat\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/17 11:36:55 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/06/19 01:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/25 02:14:12 | 000,021,328 | ---- | M] (Promethean) [Auto | Running] -- C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe -- (ActivControl)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/07/09 15:22:14 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/11 09:17:25 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/18 18:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/29 13:21:06 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/17 11:37:21 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/17 11:37:02 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/17 11:37:02 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/17 11:37:02 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/07/17 11:37:02 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/07/17 11:37:02 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/17 11:37:02 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/17 11:37:02 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/04/19 09:33:15 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2013/08/01 21:26:00 | 000,199,296 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rdwm1046.sys -- (RDID1046)
DRV:64bit: - [2013/01/03 14:50:48 | 000,078,336 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/10 16:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/18 10:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/22 09:36:50 | 000,848,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/17 11:37:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/02/28 12:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013/07/26 12:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mat\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.8_0\
CHR - Extension: avast! Online Security = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: Google Wallet = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_00A3C4DDD362FC3807A3726B34A9ED52] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C6F35E-3765-4933-9AB5-AF9477F5C9AF}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3e5d4a7c-04a9-11e3-9bb3-001d099ce126}\Shell - "" = AutoRun
O33 - MountPoints2\{3e5d4a7c-04a9-11e3-9bb3-001d099ce126}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{9b3345e2-6e04-11e3-b9ad-001d099ce126}\Shell - "" = AutoRun
O33 - MountPoints2\{9b3345e2-6e04-11e3-b9ad-001d099ce126}\Shell\AutoRun\command - "" = G:\InnoTabSetup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\InnoTabSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/28 15:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/21 17:13:54 | 000,000,000 | ---D | C] -- C:\Users\Mat\Desktop\photos
[2014/07/17 21:23:51 | 000,000,000 | ---D | C] -- C:\Users\Mat\Desktop\Stress UI
[2014/07/17 13:50:18 | 000,000,000 | ---D | C] -- C:\Users\Mat\AppData\Local\LogMeIn
[2014/07/17 13:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014/07/17 11:37:01 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/07/11 09:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/07/11 09:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/07/11 09:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/07/11 09:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/07/11 09:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/07/09 15:01:28 | 000,000,000 | ---D | C] -- C:\Users\Mat\Desktop\miscue analysis
[2014/07/02 12:32:23 | 000,000,000 | ---D | C] -- C:\Users\Mat\Documents\Heavenly
[2014/04/19 09:33:15 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Mat\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/29 14:00:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/29 13:22:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/29 13:21:06 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/29 10:30:17 | 000,001,954 | ---- | M] () -- C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3070 B611 series (Network).lnk
[2014/07/29 10:30:17 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/29 10:10:19 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/29 10:10:19 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/29 10:03:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/29 10:02:51 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/28 15:16:15 | 000,030,312 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/28 15:09:09 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/28 15:08:05 | 000,000,000 | ---- | M] () -- C:\Users\Mat\defogger_reenable
[2014/07/28 15:07:29 | 000,050,477 | ---- | M] () -- C:\Users\Mat\Desktop\Defogger.exe
[2014/07/25 18:23:12 | 014,690,060 | ---- | M] () -- C:\Users\Mat\Desktop\Onc TDI Dr SG.WMA
[2014/07/25 08:55:16 | 000,001,046 | ---- | M] () -- C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/07/24 21:39:59 | 000,786,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/24 21:39:59 | 000,669,344 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/24 21:39:59 | 000,126,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/21 19:02:52 | 000,068,514 | ---- | M] () -- C:\Users\Mat\Desktop\me and lorn.jpg
[2014/07/21 17:37:52 | 005,346,233 | R--- | M] () -- C:\Users\Mat\Desktop\DSC02009.JPG
[2014/07/20 22:08:21 | 005,005,845 | R--- | M] () -- C:\Users\Mat\Desktop\DSC02011.JPG
[2014/07/17 11:37:21 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/07/17 11:37:02 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/07/17 11:37:02 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/07/17 11:37:02 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/07/17 11:37:02 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/07/17 11:37:02 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/07/17 11:37:02 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/07/17 11:37:02 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/07/17 11:37:02 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/07/17 11:37:01 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/07/14 18:00:24 | 000,329,757 | ---- | M] () -- C:\Users\Mat\Desktop\Louise.pdf
[2014/07/13 15:35:51 | 000,358,203 | ---- | M] () -- C:\Users\Mat\Desktop\Emma40004.jpg
[2014/07/13 15:34:46 | 000,351,933 | ---- | M] () -- C:\Users\Mat\Desktop\Emma40003.jpg
[2014/07/10 07:25:44 | 000,418,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/09 15:01:08 | 000,119,746 | ---- | M] () -- C:\Users\Mat\Desktop\miscue analysis.pdf
[2014/07/08 13:07:21 | 000,687,145 | ---- | M] () -- C:\Users\Mat\Desktop\Emma40002.jpg
[2014/07/07 22:19:46 | 000,139,184 | ---- | M] () -- C:\Users\Mat\Desktop\ehysuqe5.jpg
 
========== Files Created - No Company Name ==========
 
[2014/07/29 12:09:25 | 014,690,060 | ---- | C] () -- C:\Users\Mat\Desktop\Onc TDI Dr SG.WMA
[2014/07/28 15:16:15 | 000,030,312 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/28 15:09:09 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/28 15:08:05 | 000,000,000 | ---- | C] () -- C:\Users\Mat\defogger_reenable
[2014/07/28 15:07:25 | 000,050,477 | ---- | C] () -- C:\Users\Mat\Desktop\Defogger.exe
[2014/07/21 19:02:47 | 000,068,514 | ---- | C] () -- C:\Users\Mat\Desktop\me and lorn.jpg
[2014/07/21 17:37:51 | 005,346,233 | R--- | C] () -- C:\Users\Mat\Desktop\DSC02009.JPG
[2014/07/20 22:08:20 | 005,005,845 | R--- | C] () -- C:\Users\Mat\Desktop\DSC02011.JPG
[2014/07/14 18:00:17 | 000,329,757 | ---- | C] () -- C:\Users\Mat\Desktop\Louise.pdf
[2014/07/13 15:35:32 | 000,358,203 | ---- | C] () -- C:\Users\Mat\Desktop\Emma40004.jpg
[2014/07/13 15:34:27 | 000,351,933 | ---- | C] () -- C:\Users\Mat\Desktop\Emma40003.jpg
[2014/07/09 15:01:07 | 000,119,746 | ---- | C] () -- C:\Users\Mat\Desktop\miscue analysis.pdf
[2014/07/08 13:06:55 | 000,687,145 | ---- | C] () -- C:\Users\Mat\Desktop\Emma40002.jpg
[2014/07/07 22:19:43 | 000,139,184 | ---- | C] () -- C:\Users\Mat\Desktop\ehysuqe5.jpg
[2014/04/19 09:34:21 | 000,001,044 | ---- | C] () -- C:\Users\Mat\AppData\Roaming\vso_ts_preview.xml
[2014/04/19 09:33:15 | 000,099,384 | ---- | C] () -- C:\Users\Mat\AppData\Roaming\inst.exe
[2014/04/19 09:33:15 | 000,007,859 | ---- | C] () -- C:\Users\Mat\AppData\Roaming\pcouffin.cat
[2014/04/19 09:33:15 | 000,001,167 | ---- | C] () -- C:\Users\Mat\AppData\Roaming\pcouffin.inf
[2014/02/06 22:30:43 | 000,113,224 | ---- | C] () -- C:\Users\Mat\g2ax_customer_downloadhelper_win32_x86.exe
[2013/12/26 09:15:00 | 000,000,941 | ---- | C] () -- C:\Users\Mat\AppData\Local\cookies.ini
[2013/12/01 11:13:44 | 000,000,040 | ---- | C] () -- C:\Users\Mat\AppData\Roaming\cdr.ini
[2013/09/11 13:04:53 | 000,014,336 | ---- | C] () -- C:\Users\Mat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/21 07:58:49 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/19 23:57:12 | 000,770,012 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/19 22:04:11 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/07/19 21:42:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/04/25 02:14:32 | 000,186,192 | ---- | C] () -- C:\Windows\libactivboardex.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/01/19 14:43:51 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\ACTIV Software
[2014/01/07 22:14:08 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\AnvSoft
[2014/06/06 16:27:48 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\Audacity
[2013/10/24 07:53:25 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\AVAST Software
[2014/07/29 10:30:24 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\Dropbox
[2013/12/30 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\foobar2000
[2014/01/30 08:59:00 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\Garmin
[2013/12/01 12:41:32 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\JLAdventCalendarEdwardian2013
[2014/05/02 20:48:25 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\MPC-HC
[2014/01/19 18:11:48 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\Promethean
[2013/08/01 20:47:26 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\Propellerhead Software
[2013/11/02 11:36:46 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\Research In Motion
[2013/08/01 20:41:56 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\Steinberg
[2013/07/26 12:24:19 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\Thunderbird
[2014/01/07 22:16:03 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\TuneUp Software
[2014/07/27 22:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\uTorrent
[2014/07/27 22:15:49 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\Vso
[2013/07/22 11:54:24 | 000,000,000 | ---D | M] -- C:\Users\Mat\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'm very sorry that you've been waiting so long. We've been quite busy lately. However, I have time and desire to help you.

 

Can you confirm that you still need help or have you resolved the issue on your own?


  • 0

#3
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP