Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible unknown malware/slow computer [Closed]

Started by swoperative , Nov 24 2014 01:07 AM
Any help appreciated!

  • This topic is locked This topic is locked

#1
swoperative
Posted 24 November 2014 - 01:07 AM

swoperative

    New Member

  • Member
  • Pip
  • 5 posts

Hey staff of malware removal,

 

I am here because of a persistent problem of slow computer, to which I suspect a hidden malware of some sort that may be taking up memory. I play computer games a lot and whenever I load up my game the memory usage in Task Manager spikes to around 97%. The game thus lags a great deal and I turn off Malwarebytes but the usage still stays the same. Even when I am running only Google Chrome, the physical memory usage is 67%. I don't think this is normal at all and believe there must be some hidden malicious programs running in the background.

 

Some other indications why I suspect a hidden malware:

 

1) ComboFix will not scan at all whether in normal or safe mode. I know ComboFix shouldn't be run without supervision, but I have some experience in malware removal and was merely trying to see if ComboFix will detect anything suspicious. But ComboFix will always get stuck at the stage "scanning infected files" and no logs will be produced. I ran it with Malwarebytes turned off.

 

2) I know my mom has downloaded some dubious monitoring programs for stock trading in the past and I never thought those programs were merely for stock trading. I have since removed them but the computer's speed has not improved.

 

3) I have noticed this recently: Whenever I shut down my computer a window pops up asking me to "Force close programs". But there was no visible program listed and I don't see the reason for such a window popping up unless there is some cloaked program running without my knowledge. 

 

Below is the OTL file requested. I appreciate any help that can be offered.

 

-----------------------------------------------------------------------

OTL logfile created on: 24/11/2014 PM 2:50:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mac 4\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00001004 | Country: Singapore | Language: ZHI | Date Format: d/M/yyyy
 
2.17 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 38.25% Memory free
4.33 Gb Paging File | 2.86 Gb Available in Paging File | 65.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 356.48 Gb Total Space | 244.03 Gb Free Space | 68.46% Space Free | Partition Type: NTFS
Drive E: | 108.96 Gb Total Space | 63.42 Gb Free Space | 58.20% Space Free | Partition Type: HFS
 
Computer Name: MAC4-PC | User Name: Mac 4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/24 14:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mac 4\Desktop\OTL.exe
PRC - [2014/11/15 05:15:26 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/09/12 17:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/02 08:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/03/18 18:18:18 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/07 17:40:36 | 000,525,112 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\Bootcamp.exe
PRC - [2011/02/07 17:40:32 | 000,193,848 | ---- | M] () -- C:\Windows\System32\AppleOSSMgr.exe
PRC - [2011/02/07 17:40:32 | 000,099,640 | ---- | M] (Apple Inc.) -- C:\Windows\System32\AppleTimeSrv.exe
PRC - [2011/02/07 17:35:37 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/07 17:35:37 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2005/01/10 07:10:00 | 000,193,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2004/07/14 15:36:54 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/15 05:15:24 | 014,910,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll
MOD - [2014/11/15 05:15:23 | 009,009,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.65\pdf.dll
MOD - [2014/11/15 05:15:19 | 001,077,064 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
MOD - [2014/11/15 05:15:17 | 000,211,272 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.65\libegl.dll
MOD - [2014/11/15 05:15:16 | 001,677,128 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
MOD - [2011/02/07 17:36:06 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/11/12 05:41:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/06 10:59:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/11/01 20:43:00 | 000,363,208 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptStub.exe -- (BRSptStub)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/12 17:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/06/17 21:22:41 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/29 19:39:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/26 14:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\123456\pev.3XE -- (PEVSystemStart)
SRV - [2011/02/07 17:40:32 | 000,193,848 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2011/02/07 17:40:32 | 000,099,640 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\System32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2011/02/07 17:35:37 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/07 17:35:37 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2005/01/10 07:10:00 | 000,193,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Tencent\QQPCMgr\8.3.9896.222\QMUdisk.sys -- (QMUdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Tencent\QQPCMgr\8.0.9215.228\QMInject.sys -- (QMInject)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2014/11/24 04:16:05 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\MAC4~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/11/01 22:20:29 | 000,066,824 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver.sys -- (BRDriver_1_3_3_E02B25FC)
DRV - [2014/10/01 11:11:24 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/10/01 11:11:14 | 000,075,480 | ---- | M] (Malwarebytes Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/04/21 11:15:01 | 000,323,552 | ---- | M] (CSII) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PECKP.SYS -- (PECKbdProtector)
DRV - [2014/03/06 02:25:56 | 001,641,920 | ---- | M] (Epiphan Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vga2usb.sys -- (VGA2USB)
DRV - [2011/02/07 17:36:23 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/02/07 17:35:37 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011/02/07 17:35:33 | 000,014,336 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CS420x86.sys -- (CirrusFilter)
DRV - [2011/02/07 17:35:28 | 000,054,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bScsiSDx.sys -- (bScsiSDx)
DRV - [2011/02/07 17:34:56 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2011/02/07 17:34:52 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2011/02/07 17:34:42 | 000,029,824 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applemtp.sys -- (applemtp)
DRV - [2011/02/07 17:34:42 | 000,010,880 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applemtm.sys -- (applemtm)
DRV - [2011/02/07 17:34:40 | 000,049,536 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AppleHFS.sys -- (AppleHFS)
DRV - [2011/02/07 17:34:40 | 000,006,784 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AppleMNT.sys -- (AppleMNT)
DRV - [2011/02/07 17:34:39 | 000,025,088 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2011/02/07 17:34:38 | 000,012,928 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2011/02/07 17:34:20 | 000,018,560 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV - [2010/11/21 05:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/21 05:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/21 05:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 07:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2005/11/01 12:14:22 | 000,024,448 | ---- | M] (Terason Division of Teratech Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TT13942k.sys -- (TT1394L2)
DRV - [2005/01/10 07:10:00 | 000,090,168 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2004/12/15 15:59:14 | 000,013,872 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dk3drv.sys -- (DK3DRV)
DRV - [2003/02/11 13:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 13:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 A5 DA CF F3 63 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {44177982-996D-4b79-B29F-5B60E13A5169}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{44177982-996D-4b79-B29F-5B60E13A5169}: "URL" = http://www.baidu.com...b&ch=1&ie=utf-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kingsfot.com/npkws: C:\Program Files\Kingsoft\kingsoft antivirus\npkws.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npAndroidAssistant: C:\Program Files\Common Files\Tencent\QQPhoneManager\\1.8.101.2154\npQQPhoneManagerExt.dll ()
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1: C:\Program Files\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1: C:\Program Files\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Mac 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Mac 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (QQ下载助手浏览器控件) - {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files\Common Files\Tencent\QQMiniDL\44\Browser\QQIEHelper01.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [kxesc] "C:\Program Files\Kingsoft\kingsoft antivirus\kxetray.exe" -autorun File not found
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: qq.com ([cache.tv] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivecaption] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivehabit] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivesearch] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([video_1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 95599.cn ([easyabc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 95599.cn ([easyabc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 95599.cn ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 95599.cn ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 95599.sh.cn ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 95599.sh.cn ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: abchina.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: abchina.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: abchina.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: icbc.com.cn ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: soso.com ([toolbar] http in Trusted sites)
O15 - HKCU\..Trusted Domains: toolbar.soso.com ([*] * in Trusted sites)
O16 - DPF: {746E471A-B6E4-44E3-8F3C-2A09B3A030B4} https://mybank.icbc....c_tdrusbkey.cab (Token Class)
O16 - DPF: {AE065E12-DBA5-4EC2-8513-87ED377F9BF4} http://www.abchina.c...ABCEnvCheck.ocx (ABCEnvCheck Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD5FB6C4-B58F-4071-A72D-C165E4420358}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07533c63-6582-11e3-b1d2-c82a141396fa}\Shell - "" = AutoRun
O33 - MountPoints2\{07533c63-6582-11e3-b1d2-c82a141396fa}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{74596685-d0d4-11e2-8740-954917c02740}\Shell - "" = AutoRun
O33 - MountPoints2\{74596685-d0d4-11e2-8740-954917c02740}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{c4858d95-e3e9-11e2-89a4-cdc6ab69c46f}\Shell - "" = AutoRun
O33 - MountPoints2\{c4858d95-e3e9-11e2-89a4-cdc6ab69c46f}\Shell\AutoRun\command - "" = F:\ABCInstall.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/24 14:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mac 4\Desktop\OTL.exe
[2014/11/24 14:38:54 | 000,000,000 | --SD | C] -- C:\123456
[2014/11/24 03:58:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2014/11/24 03:56:11 | 005,598,306 | R--- | C] (Swearware) -- C:\Users\Mac 4\Desktop\123456.exe
[2014/11/14 05:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/11/13 08:57:39 | 000,000,000 | -HSD | C] -- C:\Users\Mac 4\AppData\Local\EmieBrowserModeList
[2014/11/10 02:23:24 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/10 02:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/10 02:22:52 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/10 02:22:52 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/10 02:22:52 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/11/10 02:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/11/10 02:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/09 03:16:59 | 000,000,000 | ---D | C] -- C:\Users\Mac 4\AppData\Roaming\Mumble
[2014/11/09 03:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2014/11/09 03:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2014/11/02 04:38:26 | 000,000,000 | ---D | C] -- C:\Users\Mac 4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2014/11/02 04:38:19 | 000,000,000 | ---D | C] -- C:\Games
[2014/11/01 20:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BitRaider
[2 C:\Users\Mac 4\Desktop\*.tmp files -> C:\Users\Mac 4\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/24 14:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mac 4\Desktop\OTL.exe
[2014/11/24 14:43:48 | 000,028,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/24 14:43:47 | 000,028,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/24 14:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/24 14:36:54 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/24 14:36:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/24 03:56:40 | 005,598,306 | R--- | M] (Swearware) -- C:\Users\Mac 4\Desktop\123456.exe
[2014/11/24 03:33:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/21 12:48:11 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/14 05:11:13 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/11/13 19:05:56 | 002,648,564 | ---- | M] () -- C:\Users\Mac 4\Desktop\Visa.pdf
[2014/11/13 13:38:52 | 000,526,825 | ---- | M] () -- C:\Users\Mac 4\Desktop\NoCriminalRecordCommitment.pdf
[2014/11/13 03:39:52 | 000,410,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/10 02:34:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/11/10 02:23:02 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/09 06:44:28 | 000,000,024 | ---- | M] () -- C:\Users\Mac 4\random.dat
[2014/11/09 06:27:37 | 000,000,044 | ---- | M] () -- C:\Users\Mac 4\jagex_cl_runescape_LIVE.dat
[2014/11/09 03:19:33 | 000,002,403 | ---- | M] () -- C:\Users\Mac 4\Desktop\backup mumble data swtor.p12
[2014/11/05 16:44:47 | 000,007,614 | ---- | M] () -- C:\Users\Mac 4\Desktop\mechnicalParts.png
[2014/11/02 04:38:28 | 000,000,777 | ---- | M] () -- C:\Users\Mac 4\Desktop\World of Tanks.lnk
[2014/11/01 20:34:34 | 000,000,000 | ---- | M] () -- C:\end
[2014/10/31 00:25:20 | 000,004,096 | -HS- | M] () -- C:\radial.cdb
[2014/10/26 13:49:49 | 000,633,914 | ---- | M] () -- C:\Users\Mac 4\Desktop\awakeningEN.pdf
[2 C:\Users\Mac 4\Desktop\*.tmp files -> C:\Users\Mac 4\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/14 05:11:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/11/14 05:11:13 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/11/13 19:05:56 | 002,648,564 | ---- | C] () -- C:\Users\Mac 4\Desktop\Visa.pdf
[2014/11/13 13:39:14 | 000,526,825 | ---- | C] () -- C:\Users\Mac 4\Desktop\NoCriminalRecordCommitment.pdf
[2014/11/10 02:23:02 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/09 03:19:31 | 000,002,403 | ---- | C] () -- C:\Users\Mac 4\Desktop\backup mumble data swtor.p12
[2014/11/05 16:44:47 | 000,007,614 | ---- | C] () -- C:\Users\Mac 4\Desktop\mechnicalParts.png
[2014/11/02 04:38:28 | 000,000,777 | ---- | C] () -- C:\Users\Mac 4\Desktop\World of Tanks.lnk
[2014/10/26 13:49:48 | 000,633,914 | ---- | C] () -- C:\Users\Mac 4\Desktop\awakeningEN.pdf
[2013/12/16 14:01:38 | 000,000,024 | ---- | C] () -- C:\Users\Mac 4\random.dat
[2013/12/16 14:01:37 | 000,000,044 | ---- | C] () -- C:\Users\Mac 4\jagex_cl_runescape_LIVE.dat
[2013/11/09 11:06:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/09 11:06:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/09 11:06:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/09 11:06:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/09 11:06:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/09 15:54:14 | 000,113,872 | ---- | C] () -- C:\Windows\System32\EditControl.dll
[2013/06/09 15:54:14 | 000,072,912 | ---- | C] () -- C:\Windows\System32\UploadControl.dll
[2013/06/09 15:54:12 | 000,269,584 | ---- | C] () -- C:\Windows\System32\GPKPCSC.dll
[2013/06/09 15:54:12 | 000,249,136 | ---- | C] () -- C:\Windows\System32\GPKPIN.dll
[2013/06/09 15:54:12 | 000,101,584 | ---- | C] () -- C:\Windows\System32\jcutilHUAUK.dll
[2013/06/09 15:54:12 | 000,093,392 | ---- | C] () -- C:\Windows\System32\jcutilHUAUKLCD.dll
[2013/06/09 15:54:12 | 000,056,528 | ---- | C] () -- C:\Windows\System32\jcutilTdrUKLCD.dll
[2013/06/09 15:54:12 | 000,052,432 | ---- | C] () -- C:\Windows\System32\jcutilgem101101.dll
[2013/06/09 15:54:12 | 000,048,336 | ---- | C] () -- C:\Windows\System32\hmukchk.dll
[2013/06/09 15:54:12 | 000,040,144 | ---- | C] () -- C:\Windows\System32\ChangPIN.dll
[2013/06/09 15:54:12 | 000,029,392 | ---- | C] () -- C:\Windows\System32\GEMPIN01.dll
[2013/06/09 15:54:10 | 000,089,296 | ---- | C] () -- C:\Windows\System32\jcinTHTFUK.dll
[2013/06/09 15:54:10 | 000,081,104 | ---- | C] () -- C:\Windows\System32\jcidTHTFUK.dll
[2013/06/09 15:54:10 | 000,072,912 | ---- | C] () -- C:\Windows\System32\jcinHUAUK.dll
[2013/06/09 15:54:10 | 000,064,720 | ---- | C] () -- C:\Windows\System32\USBKey.dll
[2013/06/09 15:54:10 | 000,064,720 | ---- | C] () -- C:\Windows\System32\jcidHUAUK.dll
[2013/06/09 15:54:10 | 000,060,624 | ---- | C] () -- C:\Windows\System32\GDSetLET.dll
[2013/06/09 15:54:10 | 000,052,432 | ---- | C] () -- C:\Windows\System32\jcinGEM101.dll
[2013/06/09 15:54:10 | 000,052,432 | ---- | C] () -- C:\Windows\System32\jcidGEM101.dll
[2013/06/09 15:54:10 | 000,052,432 | ---- | C] () -- C:\Windows\System32\jcidGD84.dll
[2013/06/09 15:54:10 | 000,048,336 | ---- | C] () -- C:\Windows\System32\jcinGD84.dll
[2013/06/09 15:54:10 | 000,036,048 | ---- | C] () -- C:\Windows\System32\jcinWATCHK.dll
[2013/06/09 15:54:10 | 000,036,048 | ---- | C] () -- C:\Windows\System32\jcidWATCHK.dll
[2013/06/09 15:54:10 | 000,034,512 | ---- | C] () -- C:\Windows\System32\jcinGEM102.dll
[2013/06/09 15:54:10 | 000,030,416 | ---- | C] () -- C:\Windows\System32\jcidGEM102.dll
[2013/06/09 15:54:08 | 000,307,920 | ---- | C] () -- C:\Windows\System32\InputControl.dll
[2013/06/09 15:54:08 | 000,276,688 | ---- | C] () -- C:\Windows\System32\SubmitControl.dll
[2013/06/09 15:54:05 | 000,077,008 | ---- | C] () -- C:\Windows\System32\certInStall.dll
[2013/06/09 15:54:03 | 000,174,288 | ---- | C] () -- C:\Windows\System32\icbcclean.dll
[2013/06/09 13:53:06 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2011/11/15 23:42:32 | 000,007,605 | ---- | C] () -- C:\Users\Mac 4\AppData\Local\Resmon.ResmonCfg
[2011/08/24 11:21:42 | 000,118,565 | ---- | C] () -- C:\Users\Mac 4\AppData\Local\debuggee.mdmp
[2011/06/28 21:07:47 | 000,000,144 | ---- | C] () -- C:\Users\Mac 4\.qt-license
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 09:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/11/13 18:53:39 | 000,000,000 | ---D | M] -- C:\Users\Mac 4\AppData\Roaming\Canon
[2011/08/24 12:53:52 | 000,000,000 | ---D | M] -- C:\Users\Mac 4\AppData\Roaming\Galil
[2013/06/09 14:10:39 | 000,000,000 | ---D | M] -- C:\Users\Mac 4\AppData\Roaming\InstallPlugin
[2013/09/22 19:33:52 | 000,000,000 | ---D | M] -- C:\Users\Mac 4\AppData\Roaming\Kingsoft
[2014/11/09 05:26:10 | 000,000,000 | ---D | M] -- C:\Users\Mac 4\AppData\Roaming\Mumble
[2014/10/02 23:06:30 | 000,000,000 | ---D | M] -- C:\Users\Mac 4\AppData\Roaming\QtProject
[2013/07/26 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\Mac 4\AppData\Roaming\shoujizhushou
[2011/06/28 23:00:15 | 000,000,000 | ---D | M] -- C:\Users\Mac 4\AppData\Roaming\Subversion
[2014/02/13 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\Mac 4\AppData\Roaming\Tencent
[2013/06/09 21:59:36 | 000,000,000 | ---D | M] -- C:\Users\Mac 4\AppData\Roaming\Wargaming.net
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/10/14 22:49:20 | 000,000,000 | ---D | M](C:\Users\Mac 4\Documents\?? ???) -- C:\Users\Mac 4\Documents\넥슨 플러그
[2014/10/14 22:49:20 | 000,000,000 | ---D | C](C:\Users\Mac 4\Documents\?? ???) -- C:\Users\Mac 4\Documents\넥슨 플러그
[2012/01/08 23:38:49 | 000,000,020 | ---- | M] ()(C:\Windows\ü??) -- C:\Windows\üô•
[2012/01/08 23:38:48 | 000,000,020 | ---- | C] ()(C:\Windows\ü??) -- C:\Windows\üô•
 
< End of report >

 

 


  • 0

Advertisements

#2
Essexboy
Posted 27 November 2014 - 11:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay could I have a fresh look at the system

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
swoperative
Posted 28 November 2014 - 02:33 AM

swoperative

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thank you Essex. While I was waiting for a response, my laptop shut down and couldn't be booted due to a short circuit in the power adaptor. i have a 2nd laptop that had the same problem but I managed to boot it back up yesterday. According to MBAM scan yesterday it had malware as well so I'm posting logs for it instead. I've also attached MBAM scan logs.

 

This 2nd laptop also have multiple svchost.exe running but nothing peculiar or slow when I run games. I will start a new topic if I manage to boot up my first laptop to prevent confusion.

Attached Files


  • 0

#4
Essexboy
Posted 28 November 2014 - 06:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have noticed a few things that will need fixing and may be related to your problem

First : You have two firewalls, Online Armour and Zone Alarm. You will need to uninstall one of them
Second : Several drivers from Avast are not working properly, is Avast reporting that ? If not then we will need to do a clean install of Avast

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2260965131-4144060610-2710024404-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2260965131-4144060610-2710024404-1000 -> {51318826-E87D-4216-8DB6-929234409A64} URL = http://search.condui...8372046323&UM=2
Toolbar: HKLM - No Name - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No File
FF Plugin: @pps.tv/npWebPlayer -> C:\Program Files\PPStream\npWebPlayer.dll No File
FF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin: @qq.com/TXSSO -> C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.30\Bin\npSSOAxCtrlForPTLogin.dll No File
FF Plugin: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF Plugin: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
CustomCLSID: HKU\S-1-5-21-2260965131-4144060610-2710024404-1000_Classes\CLSID\{000F1EA4-5E08-4564-A29B-29076F63A37A}\InprocServer32 -> C:\Users\esther\AppData\Roaming\Mozilla\Firefox\Profiles\zsnamwyz.default\extensions\{000F1EA4-5E08- (the data entry has 49 more characters).
C:\Users\esther\jagex_cl_runescape_LIVE.dat
C:\Users\esther\jagex_cl_runescape_LIVE1.dat
C:\Users\esther\jagex_cl_speccollect_LIVE.dat
C:\Users\esther\random.dat
C:\Users\Esther 2\jagex_cl_runescape_LIVE.dat
C:\Users\Esther 2\jagex_cl_runescape_LIVE1.dat
C:\Users\Esther 2\random.dat
C:\Users\RS\jagex_cl_runescape_LIVE.dat
C:\Users\RS\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\RS\random.dat
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
swoperative
Posted 29 November 2014 - 04:02 AM

swoperative

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi Essex.

 

Zonealarm hasn't been installed for a long time, same with Avast. I've uninstalled OA and reinstalled ZoneAlarm.

 

MBAM still reporting 1000 over malicious items even after quarantine.

 

Logs requested below:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by esther at 2014-11-29 17:15:44 Run:1
Running from C:\Users\SWTOR\Desktop
Loaded Profiles: esther & SWTOR (Available profiles: esther & Esther 2 & RS & Movies & Games & SWTOR)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2260965131-4144060610-2710024404-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2260965131-4144060610-2710024404-1000 -> {51318826-E87D-4216-8DB6-929234409A64} URL = http://search.condui...8372046323&UM=2
Toolbar: HKLM - No Name - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No File
FF Plugin: @pps.tv/npWebPlayer -> C:\Program Files\PPStream\npWebPlayer.dll No File
FF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin: @qq.com/TXSSO -> C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.30\Bin\npSSOAxCtrlForPTLogin.dll No File
FF Plugin: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF Plugin: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
CustomCLSID: HKU\S-1-5-21-2260965131-4144060610-2710024404-1000_Classes\CLSID\{000F1EA4-5E08-4564-A29B-29076F63A37A}\InprocServer32 -> C:\Users\esther\AppData\Roaming\Mozilla\Firefox\Profiles\zsnamwyz.default\extensions\{000F1EA4-5E08- (the data entry has 49 more characters).
C:\Users\esther\jagex_cl_runescape_LIVE.dat
C:\Users\esther\jagex_cl_runescape_LIVE1.dat
C:\Users\esther\jagex_cl_speccollect_LIVE.dat
C:\Users\esther\random.dat
C:\Users\Esther 2\jagex_cl_runescape_LIVE.dat
C:\Users\Esther 2\jagex_cl_runescape_LIVE1.dat
C:\Users\Esther 2\random.dat
C:\Users\RS\jagex_cl_runescape_LIVE.dat
C:\Users\RS\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\RS\random.dat
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2260965131-4144060610-2710024404-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\S-1-5-21-2260965131-4144060610-2710024404-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51318826-E87D-4216-8DB6-929234409A64}" => Key deleted successfully.
"HKCR\CLSID\{51318826-E87D-4216-8DB6-929234409A64}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} => value deleted successfully.
"HKCR\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}" => Key not found.
"HKLM\Software\MozillaPlugins\@pps.tv/npWebPlayer" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@qq.com/TXSSO" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1" => Key deleted successfully.
C:\Program Files\QQMailPlugin\npQQMailWebKit.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1" => Key deleted successfully.
C:\Program Files\QQMailPlugin\nptxftnWebKit.dll => Moved successfully.
"HKU\S-1-5-21-2260965131-4144060610-2710024404-1000_Classes\CLSID\{000F1EA4-5E08-4564-A29B-29076F63A37A}" => Key deleted successfully.
C:\Users\esther\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\esther\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\esther\jagex_cl_speccollect_LIVE.dat => Moved successfully.
C:\Users\esther\random.dat => Moved successfully.
C:\Users\Esther 2\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Esther 2\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Esther 2\random.dat => Moved successfully.
C:\Users\RS\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\RS\jagex_cl_runescape_LIVE_BETA.dat => Moved successfully.
C:\Users\RS\random.dat => Moved successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {F7AC0A0E-E008-42F9-BF04-07B4870DE4BF}.
Unable to cancel {1623F909-E400-4277-B054-1B7FBA1E4C84}.
Unable to cancel {20E8E315-71A5-44B2-85F7-54D9F78E0C69}.
Unable to cancel {A5985572-DA3D-4C89-9D87-AC857A30C4CF}.
Unable to cancel {7E587DF5-03E9-4324-A8C3-47066916F28D}.
Unable to cancel {A99E2491-8903-4C6F-9A5A-B79DAEE8F1E8}.
Unable to cancel {52CD2AB8-3C7D-496D-9DEB-B948572E522B}.
0 out of 7 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 536.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

-------------------------------------------------------------------------------------

# AdwCleaner v4.102 - Report created 29/11/2014 at 17:30:26
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : esther - ESTHER-PC
# Running from : C:\Users\SWTOR\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Roaming\tencent
File Deleted : \END

***** [ Scheduled Tasks ] *****

Task Deleted : BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EAAED308-7322-4B9B-965E-171933ADD473}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAAED308-7322-4B9B-965E-171933ADD473}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4118EA45-65DF-4459-828C-262491C26F5B}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v33.1.1 (x86 en-GB)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [5365 octets] - [09/07/2014 16:23:23]
AdwCleaner[R1].txt - [2888 octets] - [29/11/2014 17:21:16]
AdwCleaner[S0].txt - [5433 octets] - [09/07/2014 16:24:13]
AdwCleaner[S1].txt - [2599 octets] - [29/11/2014 17:30:26]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [2659 octets] ##########
 


  • 0

#6
Essexboy
Posted 29 November 2014 - 04:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we will now remove the Avast remnants then and have another look at the computer

Download Avast Uninstall Utility to your Desktop.
Uninstall Avast via control panel
  • Run the uninstall tool and accept the reboot to safe mode
  • Once complete reboot your system
Then could you run a fresh FRST scan please, then post it and let me know how the computer is behaving
  • 0

#7
swoperative
Posted 30 November 2014 - 08:43 AM

swoperative

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

I am still getting notifications of malware on MBAM, and it is always the same 1000 odd infections reported over the past few days. (see attached log)

 

The Avast tool ran without problems. Here's the fresh FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by esther (administrator) on ESTHER-PC on 30-11-2014 22:39:29
Running from C:\Users\SWTOR\Desktop
Loaded Profiles: esther & SWTOR (Available profiles: esther & Esther 2 & RS & Movies & Games & SWTOR)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\System32\FSRremoS.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(BitRaider, LLC) C:\ProgramData\BitRaider\BRSptStub.exe
(BitRaider, LLC) C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRSptSvc.exe
(BitRaider, LLC) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\bitraider\bin\brwc.exe
(BioWare, A Division of Electronic Arts) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
(BioWare, A Division of Electronic Arts) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [526208 2011-06-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\Windows\system32\ICO.EXE [57344 2004-07-14] (Primax Electronics Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2260965131-4144060610-2710024404-1000\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S1].txt [2737 2014-11-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\esther\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Movies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\esther\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\esther\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\esther\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2260965131-4144060610-2710024404-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2260965131-4144060610-2710024404-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC408A4DDB6B6CE01
HKU\S-1-5-21-2260965131-4144060610-2710024404-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKU\S-1-5-21-2260965131-4144060610-2710024404-1007 -> DefaultScope {B829C6A2-5BA3-4794-88D8-9BA76DA935F5} URL = https://search.yahoo...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2260965131-4144060610-2710024404-1007 -> {B829C6A2-5BA3-4794-88D8-9BA76DA935F5} URL = https://search.yahoo...p={SearchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4CEC1E26-67B2-44B9-9219-C2955AF67502}: [NameServer] 192.168.1.254
Tcpip\..\Interfaces\{FCC18657-FC36-4C36-8618-461D8AAF5D3D}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\esther\AppData\Roaming\Mozilla\Firefox\Profiles\ciqrgvir.default-1404893745965
FF SelectedSearchEngine: Search By ZoneAlarm
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Keyword.URL: hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=82d79c352cde4c79a52b853ce15737c8&tu=10G9y00H92D33N0&sku=&tstsId=&ver=&&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2260965131-4144060610-2710024404-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\esther\AppData\Roaming\Mozilla\Firefox\Profiles\zsnamwyz.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
FF user.js: detected! => C:\Users\esther\AppData\Roaming\Mozilla\Firefox\Profiles\ciqrgvir.default-1404893745965\user.js
FF SearchPlugin: C:\Users\esther\AppData\Roaming\Mozilla\Firefox\Profiles\ciqrgvir.default-1404893745965\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-16]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-11-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [194432 2011-06-29] ()
R2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [100224 2011-06-29] (Apple Inc.)
R3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-11-27] (BitRaider, LLC)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-11-13] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-06-20] ()
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R3 AppleBtBc; C:\Windows\System32\DRIVERS\AppleBtBc.sys [18560 2011-03-25] (Apple Inc.)
R0 AppleHFS; C:\Windows\system32\Drivers\AppleHFS.sys [49664 2011-06-13] (Apple Inc.) [File not signed]
R0 AppleMNT; C:\Windows\system32\Drivers\AppleMNT.sys [6784 2011-06-13] (Apple Inc.) [File not signed]
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [10880 2011-03-25] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [29824 2011-03-25] (Apple Inc.)
R3 BRDriver_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver.sys [66824 2014-11-27] (BitRaider)
R3 bScsiSDx; C:\Windows\System32\DRIVERS\bScsiSDx.sys [54312 2011-06-13] (Broadcom Corporation)
R3 CirrusFilter; C:\Windows\System32\DRIVERS\CS420x86.sys [14336 2011-06-13] (Cirrus Logic)
R3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [16512 2011-03-25] (Apple Inc.)
R2 KeyAgent; C:\Windows\system32\drivers\KeyAgent.sys [6528 2011-06-15] (Apple Inc.) [File not signed]
R3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [26624 2011-05-26] (Apple Inc.)
R2 MacHALDriver; C:\Windows\system32\drivers\MacHALDriver.sys [12928 2011-03-25] (Apple Inc.) [File not signed]
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-06-13] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16384 2003-01-10] (Primax Electronics Ltd.)
S3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [9216 2003-02-11] (Primax Electronics Ltd.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-08-13] (Check Point Software Technologies Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [X]
S3 catchme; \??\C:\Users\esther\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S1 OADevice; \??\C:\Windows\system32\drivers\OADriver.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 12:16 - 2014-11-30 12:16 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-30 12:14 - 2014-11-30 12:14 - 05040384 _____ (AVAST Software) C:\Users\SWTOR\Desktop\avastclear.exe
2014-11-29 17:39 - 2014-11-29 17:39 - 00000732 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-11-29 17:39 - 2014-11-29 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-11-29 17:38 - 2014-11-29 17:39 - 00000000 ____D () C:\Program Files\CheckPoint
2014-11-29 17:38 - 2014-11-29 17:38 - 00000000 ____D () C:\Users\esther\AppData\Roaming\Check Point Software Technologies LTD
2014-11-29 17:38 - 2014-11-29 17:38 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-11-29 17:37 - 2014-11-29 17:37 - 03401864 _____ (Check Point Software Technologies Ltd.) C:\Users\SWTOR\Desktop\zafwSetupWeb_133_209_000.exe
2014-11-29 17:37 - 2014-11-29 17:37 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-11-29 17:27 - 2014-11-29 17:27 - 00000000 ____D () C:\Users\SWTOR\AppData\Local\Apple
2014-11-29 17:19 - 2014-11-29 17:19 - 02148864 _____ () C:\Users\SWTOR\Desktop\AdwCleaner.exe
2014-11-29 07:37 - 2014-11-29 07:37 - 00000000 ____D () C:\Users\esther\Documents\Star Wars - The Old Republic
2014-11-29 06:25 - 2014-11-29 06:25 - 00000346 _____ () C:\Users\SWTOR\Desktop\Parsec.appref-ms
2014-11-29 06:25 - 2014-11-29 06:25 - 00000000 ____D () C:\Users\SWTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Parsec
2014-11-29 06:22 - 2014-11-29 19:08 - 00000000 ____D () C:\Users\SWTOR\AppData\Local\Deployment
2014-11-29 06:22 - 2014-11-29 06:22 - 00000000 ____D () C:\Users\SWTOR\AppData\Local\Apps\2.0
2014-11-29 06:21 - 2014-11-29 06:21 - 00005894 _____ () C:\Users\SWTOR\Downloads\ParsecClient.application
2014-11-28 16:19 - 2014-11-28 16:19 - 00000000 __SHD () C:\Users\SWTOR\AppData\Local\EmieUserList
2014-11-28 16:19 - 2014-11-28 16:19 - 00000000 __SHD () C:\Users\SWTOR\AppData\Local\EmieSiteList
2014-11-28 16:19 - 2014-11-28 16:19 - 00000000 __SHD () C:\Users\SWTOR\AppData\Local\EmieBrowserModeList
2014-11-28 16:09 - 2014-11-28 16:09 - 00028572 _____ () C:\Users\SWTOR\Desktop\Addition.txt
2014-11-28 16:08 - 2014-11-30 22:39 - 00016641 _____ () C:\Users\SWTOR\Desktop\FRST.txt
2014-11-28 16:08 - 2014-11-30 22:39 - 00000000 ____D () C:\FRST
2014-11-28 16:08 - 2014-11-28 16:08 - 01109504 _____ (Farbar) C:\Users\SWTOR\Downloads\FRST(1).exe
2014-11-28 16:07 - 2014-11-28 16:07 - 01109504 _____ (Farbar) C:\Users\SWTOR\Desktop\FRST.exe
2014-11-27 22:24 - 2014-11-27 22:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-27 19:25 - 2014-11-27 19:25 - 00000000 ____D () C:\Users\esther\AppData\Local\SWTOR
2014-11-27 18:54 - 2014-11-27 18:54 - 00000000 ____D () C:\ProgramData\BitRaider
2014-11-27 18:51 - 2014-11-27 18:52 - 18021088 _____ () C:\Users\SWTOR\Downloads\LauncherRepairUtilityP1.78.3a.exe
2014-11-27 18:48 - 2014-11-27 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2014-11-27 18:47 - 2014-11-27 18:47 - 29720272 _____ () C:\Users\SWTOR\Downloads\SWTOR_setup.exe
2014-11-27 18:41 - 2014-11-27 18:41 - 00000000 ____D () C:\Users\SWTOR\AppData\Roaming\Macromedia
2014-11-27 18:41 - 2014-11-27 18:41 - 00000000 ____D () C:\Users\SWTOR\AppData\Local\Macromedia
2014-11-27 18:39 - 2014-11-27 18:39 - 00000000 ____D () C:\Users\SWTOR\AppData\Roaming\Mozilla
2014-11-27 18:39 - 2014-11-27 18:39 - 00000000 ____D () C:\Users\SWTOR\AppData\Local\Mozilla
2014-11-27 18:29 - 2014-11-27 18:29 - 00109688 _____ () C:\Users\SWTOR\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-27 18:29 - 2014-11-27 18:29 - 00000000 ____D () C:\Users\SWTOR\AppData\Roaming\Apple Computer
2014-11-27 18:28 - 2014-11-28 16:19 - 00000000 ____D () C:\Users\SWTOR\AppData\Local\VirtualStore
2014-11-27 18:28 - 2014-11-27 18:28 - 00001425 _____ () C:\Users\SWTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-27 18:28 - 2014-11-27 18:28 - 00000020 ___SH () C:\Users\SWTOR\ntuser.ini
2014-11-27 18:28 - 2014-11-27 18:28 - 00000000 ____D () C:\Users\SWTOR\AppData\Roaming\Adobe
2014-11-27 18:28 - 2014-11-27 18:28 - 00000000 ____D () C:\Users\SWTOR
2014-11-27 18:28 - 2013-09-26 11:32 - 00000000 ____D () C:\Users\SWTOR\AppData\Local\Microsoft Help
2014-11-27 18:28 - 2009-07-14 12:42 - 00000000 ___RD () C:\Users\SWTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-27 18:28 - 2009-07-14 12:37 - 00000000 ___RD () C:\Users\SWTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-27 16:26 - 2014-11-27 16:26 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-11-27 15:38 - 2014-11-27 15:38 - 29720272 _____ () C:\Users\Games\Downloads\SWTOR_setup(3).exe
2014-11-27 15:27 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-27 15:27 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-27 15:27 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-27 15:27 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-27 15:27 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-27 15:26 - 2014-11-06 01:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-27 15:26 - 2014-11-06 01:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-27 15:26 - 2014-11-06 01:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-27 15:26 - 2014-10-03 09:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-27 15:26 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-27 15:26 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-27 15:26 - 2014-10-03 09:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-27 15:26 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-27 15:26 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-27 15:26 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-27 15:26 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-27 15:26 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-27 15:26 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-27 15:26 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-27 15:26 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-27 15:26 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-27 15:26 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-27 15:25 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-27 15:25 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-27 15:25 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-27 15:23 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-27 15:23 - 2014-10-14 09:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-27 15:23 - 2014-10-14 09:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-27 15:23 - 2014-10-14 09:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-27 15:23 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-27 15:23 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-27 15:22 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-27 15:22 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-27 15:22 - 2014-11-06 11:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-27 15:22 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-27 15:22 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-27 15:22 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-27 15:22 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-27 15:22 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-27 15:22 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-27 15:22 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-27 15:22 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-27 15:22 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-27 15:22 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-27 15:22 - 2014-11-06 10:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-27 15:22 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-27 15:22 - 2014-11-06 10:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-27 15:22 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-27 15:22 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-27 15:22 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-27 15:22 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-27 15:22 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-27 15:22 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-27 15:22 - 2014-11-06 10:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-27 15:22 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-27 15:22 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-27 15:22 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-27 15:22 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-27 15:22 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-27 15:22 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-27 15:22 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 21:48 - 2013-09-21 20:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 12:40 - 2014-05-04 20:15 - 01956256 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 12:24 - 2009-07-14 12:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 12:24 - 2009-07-14 12:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 12:23 - 2010-11-21 05:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 12:17 - 2014-06-13 00:43 - 00003764 _____ () C:\Windows\setupact.log
2014-11-30 12:17 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 12:16 - 2014-06-13 00:43 - 00205060 _____ () C:\Windows\PFRO.log
2014-11-29 17:39 - 2014-04-24 10:55 - 00431396 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-11-29 17:36 - 2014-06-16 20:29 - 00000000 ____D () C:\Program Files\McAfee
2014-11-29 17:30 - 2014-07-09 16:23 - 00000000 ____D () C:\AdwCleaner
2014-11-29 17:16 - 2014-06-14 13:58 - 00000000 ____D () C:\Users\RS
2014-11-29 17:16 - 2014-04-15 00:48 - 00000000 ____D () C:\Users\Esther 2
2014-11-29 17:16 - 2013-09-28 23:04 - 00000000 ____D () C:\Program Files\QQMailPlugin
2014-11-29 17:16 - 2013-09-21 15:08 - 00000000 ____D () C:\Users\esther
2014-11-29 17:09 - 2013-09-25 13:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-29 03:06 - 2013-09-21 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-28 10:58 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-27 18:48 - 2013-11-16 16:08 - 00000000 ____D () C:\Program Files\Common Files\BioWare
2014-11-27 18:48 - 2013-11-16 16:07 - 00014049 _____ () C:\Users\esther\Documents\Install STAR WARS The Old Republic.log
2014-11-27 18:48 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-27 18:47 - 2013-11-17 04:44 - 00010047 _____ () C:\Users\esther\Documents\Uninstall STAR WARS The Old Republic.log
2014-11-27 18:11 - 2013-09-21 20:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-27 18:11 - 2013-09-21 20:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-27 18:09 - 2014-04-15 01:12 - 00000843 _____ () C:\Users\Esther 2\Documents\Uninstall STAR WARS The Old Republic.log
2014-11-27 17:49 - 2014-06-18 23:30 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 17:49 - 2014-04-17 23:02 - 00109688 _____ () C:\Users\Esther 2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-27 17:33 - 2013-09-21 19:51 - 00109688 _____ () C:\Users\esther\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-27 17:03 - 2014-06-23 16:09 - 00109688 _____ () C:\Users\Games\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-27 17:02 - 2009-07-14 12:33 - 00409504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-27 17:01 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-27 16:59 - 2013-09-21 18:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-27 16:41 - 2014-06-18 23:30 - 00001072 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-27 16:41 - 2014-06-18 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-27 16:41 - 2014-06-18 23:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-27 15:13 - 2014-05-16 04:43 - 00000000 ____D () C:\Games
2014-10-31 23:25 - 2013-09-21 19:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\esther\AppData\Local\temp\Quarantine.exe
C:\Users\esther\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-20 03:00

==================== End Of Log ============================

Attached Files

  • Attached File  log5.txt   166.79KB   216 downloads

  • 0

#8
Essexboy
Posted 30 November 2014 - 09:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now I can see the problem

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
Select the cog to access scan areas
Kas%20front.JPG

On the first tab select all elements down to OS C and then select start scan
Kas%20Scan%20area.JPG

Once it has finished select reports and post the detected threats
.

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button

kas%20manual.JPG

Once it has completed then click Step 2 Report sending
avp%20report.JPG

Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached
  • 0

#9
swoperative
Posted 03 December 2014 - 01:43 AM

swoperative

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi Essex. Sorry I haven't replied in a few days, my macbook currently has a problem whereby it will not charge even with magsafe plugged in. I cannot do any scans therefore without the battery being drained. Any idea what I should do?


  • 0

#10
Essexboy
Posted 03 December 2014 - 08:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Until we can get a stable power supply there is very little that can be done at the moment

If you have sufficient power for about 20 minutes then

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#11
Essexboy
Posted 10 December 2014 - 08:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP