Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Strange happenings [Solved]


  • This topic is locked This topic is locked

#31
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

umm for the .blee ... do I disable AV?

Sorry, yes. WHen the instructions say Disable Security Software, they are taking about A/V and/or anything else of a Security nature that would block the Scanner (ESET or anything else) from operating.

 

If you know how to Disable your A/V, you don't need to bother with the BC information. It's just for people that don't know how to do it.


  • 0

Advertisements


#32
dumbum

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

That was a fast scan .....

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by vito (administrator) on 01-12-2014 at 16:13:23
Running from "C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTBE9OQ6"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

**** End of log ****


  • 0

#33
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, so you have no Proxy set, as I suspected. Have you tried disabling your A/V and then running ESET?


  • 0

#34
dumbum

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

I did the same earlier to disable AV  .. but this time it ran .. here are the results ...

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by vito (administrator) on 01-12-2014 at 16:13:23
Running from "C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTBE9OQ6"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

**** End of log ****


  • 0

#35
dumbum

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

  Here are the scan results ......

 

C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\vGrabber\ldrtbVgra.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\vGrabber\tbVgra.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\vito\AppData\LocalLow\vGrabber\ldrtbVgra.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\vito\AppData\LocalLow\vGrabber\tbVgra.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\vito\Downloads\asc7-setup-aff.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
 


  • 0

#36
dumbum

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

went back and re read the instructions ... I found the file but how do I open it in notepad ?


  • 0

#37
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

 

I suppose these instructions could be worded a little differently. Anyway, when the scan completes, the results will either be in a window or a text file. If it's in a text file, that "is" a Notepad file and it's already opened. All you have to do is highlight, copy and paste the contents for me. If only a windows is open, same thing...highlight, copy, paste. Really no different than everything you've been doing all along.


  • 0

#38
dumbum

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

Ok .. so I opened the file and I get a list of 16 entries ... I tried to screen shot and it wont paste here  I've tried to just copy/paste and again wont paste here .. I opened a couple files and this is what was there (copy and paste worked this time) ??  I know I'm doing it wrong but I don't know what to do about it ...

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1

 

L        À      F‹    岑˜
ДÂT’˜
ДÂT’˜
Ð                      Q PàOÐ ê:i¢Ø +00 /C:\                   l 1     E— PROGRA~2  T ï¾î:…E—*   K=                   P r o g r a m   F i l e s   ( x 8 6 )   J 1     E— ESET  6 ï¾E—E—*   ÙË   ±              E S E T   l 1     E— ESETON~1  T ï¾E—E—*   ÓÌ   Þ               E S E T   O n l i n e   S c a n n e r      `            /       _         u„M¤   OS C:\Program Files (x86)\ESET\ESET Online Scanner  5 . . \ . . \ . . \ P r o g r a m   F i l e s   ( x 8 6 ) \ E S E T \ E S E T   O n l i n e   S c a n n e r       *   ™         ï@Z|û üK‡JÀòà¹úŽ™   7      ¨   1SPS0ñ%·ïG¥ñ`Œžë¬9  
          E S E T   O n l i n e   S c a n n e r   )             F i l e   f o l d e r          @    Ÿ¡’˜
Р      @    Ÿ¡’˜
Р      1SPSâŠXF¼L8C»ü“&˜mÎq          /   S - 1 - 5 - 2 1 - 3 3 6 9 9 3 9 1 3 9 - 1 6 5 5 6 3 2 9 0 8 - 2 8 1 1 0 5 2 0 0 9 - 1 0 0 0         i   1SPSí0½ÚC ‰G§øФsf"M   d          E S E T   ( C : \ P r o g r a m   F i l e s   ( x 8 6 ) )          1SPS¦jc(=•ÒµÖ ÀOÙÐq          0   C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ E S E T \ E S E T   O n l i n e   S c a n n e r           `      X       vito-hp         µºæ/ƒH´™§Dòwøk øyä„©<Ù+]¹µºæ/ƒH´™§Dòwøk øyä„©<Ù+]¹   
 


  • 0

#39
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Wow... :)  It's making me a little nervous that perhaps I missed something, so let's both look and clean in the following manner

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;
    
    process;
    
    services-list;
    
    systemspecs;
    
    startupall;
    
    skipfix-iedefaults;
    
    firefoxlook;
    
    chromelook;
    
    filesrcm;
    
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

 

 
We'll search for some remnants that might be hiding.
 
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update
 
  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

MBAMsettings.JPG

 
  • Go back to the Dashboard and select Scan Now

MBAMScan.JPG

 
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

MBAMReboot.JPG

 
  • On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.

MBAMLog.JPG

 
 
Please post that log for my review.

 

After these have run, take a few minutes and let me know how the machine is working. Then we can discuss next steps.


  • 0

#40
dumbum

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by vito on 03/12/2014 at 11:28:30.07.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9J82HG4\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-12-03-161705.log 477 bytes

==== System Restore Info ======================

03/12/2014 11:31:44 AM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\RAF deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\PDFC deleted successfully
C:\PROGRA~3\Ralink deleted successfully
C:\PROGRA~3\Yahoo! deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\Users\vito\AppData\Roaming\ieSpell deleted successfully
C:\Users\vito\AppData\Roaming\Mozilla deleted successfully
C:\Users\vito\AppData\Roaming\ObviousIdea deleted successfully
C:\Users\vito\AppData\Roaming\TP deleted successfully
C:\Users\Administrator\AppData\Local\PDFC deleted successfully
C:\Users\vito\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully
C:\Users\vito\AppData\Local\CrashDumps deleted successfully
C:\Users\vito\AppData\Local\MigWiz deleted successfully
C:\Users\vito\AppData\Local\PDFC deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3369939139-1655632908-2811052009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{91709BE5-1238-4096-88B2-76F2F210AF24} deleted successfully
HKEY_USERS\S-1-5-21-3369939139-1655632908-2811052009-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C9FEBFB-9D81-4C36-9460-4EF0AB5443D1} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

Adblock Plus for IE 
Adblock Plus for IE (32-bit and 64-bit) 
Adobe AIR 
Adobe Flash Player 15 ActiveX 
Adobe Flash Player 15 Plugin 
Adobe Reader XI (11.0.09) 
AMD APP SDK Runtime 
AMD Catalyst Install Manager 
AMD Fuel 
AMD Problem Report Wizard 
AMD VISION Engine Control Center 
ANT Drivers Installer x64 
Apple Application Support 
Apple Mobile Device Support 
Apple Software Update 
Avast Free Antivirus 
Big Fish Games: Game Manager 
Bing Bar 
Bing Bar Platform 
Bing Desktop 
Bing Rewards Client Installer 
Blio 
Bonjour 
Canon Easy-PhotoPrint EX 
Canon Easy-WebPrint EX 
Canon MP Navigator EX 5.1 
Canon MX890 series MP Drivers 
Canon MX890 series On-screen Manual 
Canon My Printer 
Canon Solution Menu EX 
Canon Speed Dial Utility 
Catalyst Control Center - Branding 
Catalyst Control Center Graphics Previews Common 
Catalyst Control Center InstallProxy 
Catalyst Control Center Localization All 
ccc-utility64 
CCC Help Chinese Standard 
CCC Help Chinese Traditional 
CCC Help Czech 
CCC Help Danish 
CCC Help Dutch 
CCC Help English 
CCC Help Finnish 
CCC Help French 
CCC Help German 
CCC Help Greek 
CCC Help Hungarian 
CCC Help Italian 
CCC Help Japanese 
CCC Help Korean 
CCC Help Norwegian 
CCC Help Polish 
CCC Help Portuguese 
CCC Help Russian 
CCC Help Spanish 
CCC Help Swedish 
CCC Help Thai 
CCC Help Turkish 
CCleaner 
Cisco EAP-FAST Module 
Cisco LEAP Module 
Cisco PEAP Module 
Compl‚ment Messenger 
Contr“le ActiveX Windows Live Mesh pour connexions … distance 
D3DX10 
Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition 
DoNotTrackMe Add-on 3.2.1098 
Dropbox 
Elevated Installer 
EPSON Printer Software 
EPSON Scan 
f.lux 
Galerie de photos Windows Live 
Garmin Express 
Garmin Express Tray 
Google Chrome 
Google Earth 
Google Toolbar for Internet Explorer 
Google Update Helper 
Hewlett-Packard ACLM.NET v1.2.2.3 
HP Auto 
HP Client Services 
HP Customer Experience Enhancements 
HP IDF Software 
HP LinkUp 
HP Odometer 
HP Setup 
HP Setup Manager 
HP Support Assistant 
HP Support Information 
HP Update 
HP Vision Hardware Diagnostics 
HydraVision 
iCloud 
ieSpell 
iTunes 
Java 8 Update 25 
Java Auto Updater 
Junk Mail filter update 
LabelPrint 
Logitech Harmony Remote Software 7 
Malwarebytes Anti-Malware version 2.0.3.1025 
Mesh Runtime 
Messenger Companion 
Microsoft .NET Framework 4.5.1 
Microsoft Application Error Reporting 
Microsoft Default Manager 
Microsoft Expression Encoder 4 Screen Capture Codec 
Microsoft Office Access MUI (English) 2010 
Microsoft Office Access Setup Metadata MUI (English) 2010 
Microsoft Office Click-to-Run 2010 
Microsoft Office Excel MUI (English) 2010 
Microsoft Office Home and Student 2010 
Microsoft Office Office 64-bit Components 2010 
Microsoft Office OneNote MUI (English) 2010 
Microsoft Office Outlook MUI (English) 2010 
Microsoft Office PowerPoint MUI (English) 2010 
Microsoft Office Proof (English) 2010 
Microsoft Office Proof (French) 2010 
Microsoft Office Proof (Spanish) 2010 
Microsoft Office Proofing (English) 2010 
Microsoft Office Publisher MUI (English) 2010 
Microsoft Office Shared 64-bit MUI (English) 2010 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 
Microsoft Office Shared MUI (English) 2010 
Microsoft Office Shared Setup Metadata MUI (English) 2010 
Microsoft Office Single Image 2010 
Microsoft Office Word MUI (English) 2010 
Microsoft Silverlight 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2005 Redistributable (x64) 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 
MSVCRT 
MSVCRT_amd64 
Pin It 
PlayReady PC Runtime amd64 
PlayReady PC Runtime x86 
Power2Go 
PressReader 
QuickTime 7 
RAF 
Ralink 802.11n Wireless LAN Card 
Rapport 
Realtek High Definition Audio Driver 
Recovery Manager 
Remote Control USB Driver 
Remote Graphics Receiver 
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) 
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition 
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition 
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition 
StudioTax 2013 
SUPERAntiSpyware 
Trusteer Endpoint Protection 
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition 
Update for Microsoft Excel 2010 (KB2889935) 32-Bit Edition 
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition 
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2494150) 
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition 
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition 
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition 
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition 
Update for Microsoft PowerPoint 2010 (KB2878251) 32-Bit Edition 
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition 
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition 
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition 
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) 
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) 
Windows Live Communications Platform 
Windows Live Essentials 
Windows Live Family Safety 
Windows Live ID Sign-in Assistant 
Windows Live Installer 
Windows Live Language Selector 
Windows Live Mail 
Windows Live Mesh 
Windows Live Mesh ActiveX Control for Remote Connections 
Windows Live Messenger 
Windows Live Messenger Companion Core 
Windows Live MIME IFilter 
Windows Live Movie Maker 
Windows Live Photo Common 
Windows Live Photo Gallery 
Windows Live PIMT Platform 
Windows Live Remote Client 
Windows Live Remote Client Resources 
Windows Live Remote Service 
Windows Live Remote Service Resources 
Windows Live SOXE 
Windows Live SOXE Definitions 
Windows Live UX Platform 
Windows Live UX Platform Language Pack 
Windows Live Writer 
Windows Live Writer Resources 
XBMC 
Zinio Reader 4 
Zuma's Revenge 

==== Running Processes ======================

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Users\vito\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9J82HG4\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [!SASCORE] - SAS Core Service - c:\program files\superantispyware\sascore64.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [BingDesktopUpdate] - Bing Desktop Update service - c:\program files (x86)\microsoft\bingdesktop\bingdesktopupdater.exe
R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe
R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
R2 - [RalinkCountryRegion] - RalinkCountryRegion - c:\program files (x86)\ralink\common\racountryregion.exe
R2 - [RalinkRegistryWriter] - RalinkRegistryWriter - c:\program files (x86)\ralink\common\raregistry.exe
R2 - [RalinkRegistryWriter64] - RalinkRegistryWriter64 - c:\program files (x86)\ralink\common\raregistry64.exe
R2 - [RapportMgmtService] - Rapport Management Service - c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe
R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe
R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [Garmin Core Update Service] - Garmin Core Update Service - c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [LiveUpdateSvc] - LiveUpdate - c:\program files (x86)\iobit\liveupdate\liveupdate.exe
S2 - [RaMediaServer] - Ralink UPnP Media Server - c:\program files (x86)\ralink\common\ramediaserver.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
S3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
S4 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [EPSON_PM_RPCV4_01] - EPSON V3 Service4(01) - c:\programdata\epson\epw!3 ssrp\e_s40rpb.exe
S4 - [HPAuto] - HP Auto - c:\program files\hewlett-packard\hp auto\hpauto.exe
S4 - [HPClientSvc] - HP Client Services - c:\program files\hewlett-packard\hp client services\hpclientservices.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\Yahoo! deleted
C:\found.000 deleted
C:\Users\vito\AppData\Roaming\ParetoLogic deleted
C:\PROGRA~3\ParetoLogic deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\vito\AppData\LocalLow\ADSRemoval deleted
C:\Users\vito\AppData\LocalLow\Yahoo! deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\vito\AppData\Local\{70D09425-2125-4E7E-9940-2639B1CECFD4}" deleted

==== Registry Search Results for "createsrpoint" ======================

No instances of string "createsrpoint" found.

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 7936 MB
CPU Info: AMD Phenom™ II X4 960T Processor
CPU Speed: 3009.5 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: ATI Radeon HD 4200  | ATI Radeon HD 4200  | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; HP 2311 Series Wide LCD Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless LAN Card | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      DVD RW AD-7251H5
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  1385.1GB | D:  12.0GB | Q:  0.0MB
Hard Disks - Free: C:  1300.0GB | D:  1.3GB | Q:  0.0MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | HPQOEM - 20110629
Time Zone: Eastern Standard Time
Motherboard *: FOXCONN 2AB1
Country: Canada
Language: ENC

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 11.0.9600.17420
Google Chrome version: 39.0.2171.71
Adobe Reader version: 11.0.9.29
Sun Java version: 1.8.0_25 (32-bit)
Sun Java version: 1.8.0_25 (64-bit)
Flash Player version: 15.0.0.239

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-11-28 16:07:24 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-28 14:34:10 F9F4905664C5B42B49E78EFA12D1A6B6 20 ----a-w- C:\Windows\¼÷í
2014-11-25 18:27:17 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2014-11-25 18:27:17 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2014-11-25 18:27:17 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2014-11-25 18:27:17 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2014-11-25 18:27:17 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\vito\AppData\Local\Temp ====
2014-12-01 18:01:08 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\libiconv2.dll
2014-12-01 18:01:08 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\libintl3.dll
2014-12-01 18:01:08 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\pcre3.dll
2014-12-01 18:01:08 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\regex2.dll
2014-12-01 18:01:08 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-28 02:40:18 D0AAAE16BA162DD89D646887F1539855 1700352 ----a-w- C:\Windows\SysWOW64\gdiplus.dll
2014-11-28 02:40:18 CA2F560921B7B8BE1CF555A5A18D54C3 348160 ----a-w- C:\Windows\SysWOW64\msvcr71.dll
2014-11-28 02:40:18 1FD3F9722119BDF7B8CFF0ECD1E84EA6 1060864 ----a-w- C:\Windows\SysWOW64\mfc71.dll
2014-11-22 19:59:37 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-28 16:07:33 6663B30328C239D2AB10D2583054CF2E 364512 ----a-w- C:\Windows\Sysnative\aswBoot.exe
====== C:\Windows\Sysnative\drivers =====
2014-11-28 16:07:36 B1881A01E301990B671694CA1623F1B6 436624 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2014-11-28 16:07:36 9BE9F2B83DE80E2752B1405CC427E2EC 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys
2014-11-28 16:07:36 7509F07BA6F84C1E3B2C0D78A1F6F782 116728 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys
2014-11-28 16:07:36 2DA1C1AEDF454F8E32A863A1AEACDD8C 83280 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-11-28 16:07:36 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 267632 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2014-11-28 16:07:36 1323269A92645705DEFA053F3596829D 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-11-28 16:07:35 E74FD717476B30E23F45354B8F3ACB30 1050432 ----a-w- C:\Windows\Sysnative\drivers\aswsnx.sys
2014-11-28 16:07:35 4750016EF9CC1DEC6DA3FE5AF9A7F095 93568 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-11-22 17:22:49 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-22 17:22:22 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-11-22 17:22:22 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-11-22 17:22:22 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-11-22 10:08:06 A7CF9B841956293F20E25E08D53718D6 175528 ----a-w- C:\Windows\Sysnative\drivers\tmcomm.sys
2014-11-12 03:42:19 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
2014-11-28 16:07:53 C08E7F4E72A340706974329C0A61D39D 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
2014-11-28 02:53:18 D4B377083FF8DF2F2D3FDBCDDBA23A37 2956 ----a-w- C:\Windows\Sysnative\Tasks\{80D10C5F-1E27-49B8-8780-F0B388A48438}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-28 02:38:22 -------- d-----w- C:\Program Files\COMODO
======= C:\PROGRA~2 =====
2014-12-01 18:56:52 -------- d-----w- C:\PROGRA~2\ESET
2014-11-22 19:59:39 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-11-22 18:54:31 -------- d-----w- C:\PROGRA~2\Microsoft Expression
2014-11-22 18:45:16 -------- d-----w- C:\PROGRA~2\QuickTime
======= C: =====
====== C:\Users\vito\AppData\Roaming ======
2014-11-28 18:41:42 -------- d-----w- C:\Users\vito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-28 18:40:52 -------- d-----w- C:\Users\vito\AppData\Roaming\Dropbox
2014-11-28 03:34:11 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Trusteer
2014-11-28 02:40:50 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Comodo
2014-11-28 02:38:35 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\COMODO
2014-11-28 02:38:15 -------- d-----w- C:\Users\vito\AppData\Local\Comodo
2014-11-25 19:54:13 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-11-25 19:54:13 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-11-25 19:54:13 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2014-11-25 19:54:13 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2014-11-22 10:13:41 CF57535EDDB8AC1DC930FCB9BAD2FB01 10 ----a-w- C:\Users\vito\AppData\Local\sponge.last.runtime.cache
2014-11-21 23:51:07 -------- d-----w- C:\Users\vito\AppData\Local\HOOFFS
2014-11-21 23:35:44 -------- d-----w- C:\Users\vito\AppData\Roaming\JavaUpdaterV118
2014-11-21 23:35:44 -------- d-----w- C:\Users\vito\AppData\Local\Developerts_LLC
2014-11-12 08:50:33 -------- d-sh--w- C:\Users\vito\AppData\Local\EmieBrowserModeList
2014-11-12 08:50:28 -------- d-sh--w- C:\Users\vito\AppData\Locallow\EmieBrowserModeList
====== C:\Users\vito ======
2014-11-28 02:37:07 -------- d-----w- C:\ProgramData\Comodo
2014-11-26 15:26:48 13B76FC33784F23E79F298E5F226F7F6 1110016 ----a-w- C:\Users\vito\Downloads\FRST.exe
2014-11-25 19:54:13 -------- d-----w- C:\Users\Public\AppData
2014-11-22 19:59:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-22 18:45:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-22 16:52:53 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\vito\Downloads\adwcleaner_4.101.exe
2014-11-22 15:35:26 2F3B1DD634F95D265C4B30FAF8EC2082 17711760 ----a-w- C:\Users\vito\Downloads\AdobeAIRInstaller.exe

====== C: exe-files ==
2014-12-01 18:56:52 E273331224005C5A8A504164373DE1DC 535304 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2014-12-01 18:56:52 9E47522861242EE002D7F385C35D1322 2887824 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2014-12-01 18:56:52 5B3DE7968D23B476AFB256D8014B25B9 333424 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2014-12-01 18:56:52 47B06E473B78A792DF07D226E0537D63 119184 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2014-12-01 18:56:52 3C3F35C91F230493B088B334E39D1F7A 358144 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-12-01 18:01:08 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-11-28 18:41:40 AB0C872B1FFE283D20C91C8E575E2F67 35419192 ----a-w- C:\Users\vito\AppData\Roaming\Dropbox\bin\Dropbox.exe
2014-11-28 18:41:40 3DE922CE5A2D820DDA0585EA07E9BAC0 225232 ----a-w- C:\Users\vito\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
2014-11-28 16:07:33 6663B30328C239D2AB10D2583054CF2E 364512 ----a-w- C:\Windows\System32\aswBoot.exe
=== C: other files ==
2014-12-01 18:01:07 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\prelim.bat
2014-12-01 18:01:07 EBAA7BD799FC68980A6A8594BB14A950 190569 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\misc.bat
2014-12-01 18:01:07 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\TDL4.bat
2014-12-01 18:01:07 BC28D90D34DB7AC6BB5789BF3C9E8FDB 14957 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\get.bat
2014-12-01 18:01:07 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\medfos.bat
2014-12-01 18:01:07 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\surfvox.bat
2014-12-01 18:01:07 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\searchlnk.bat
2014-12-01 18:01:07 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\firefox.bat
2014-12-01 18:01:07 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\ev_clear.bat
2014-12-01 18:01:07 813FA9E2180EE3BB5EFCE744009B5611 10880 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\runvalues.bat
2014-12-01 18:01:07 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\ask.bat
2014-12-01 18:01:07 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\iexplore.bat
2014-12-01 18:01:07 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\delfolders.bat
2014-12-01 18:01:07 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\mws.bat
2014-12-01 18:01:07 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\chrome.bat
2014-11-28 18:41:40 B3B7E9E398D909FA919BE73884662D86 1129317 ----a-w- C:\Users\vito\AppData\Roaming\Dropbox\bin\xui_resources.zip
2014-11-28 16:07:36 B1881A01E301990B671694CA1623F1B6 436624 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2014-11-28 16:07:36 9BE9F2B83DE80E2752B1405CC427E2EC 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-28 16:07:36 7509F07BA6F84C1E3B2C0D78A1F6F782 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-28 16:07:36 2DA1C1AEDF454F8E32A863A1AEACDD8C 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-28 16:07:36 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-28 16:07:36 1323269A92645705DEFA053F3596829D 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-28 16:07:35 E74FD717476B30E23F45354B8F3ACB30 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-28 16:07:35 4750016EF9CC1DEC6DA3FE5AF9A7F095 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3369939139-1655632908-2811052009-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"f.lux"="C:\Users\vito\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BingDesktop"="C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"f.lux"="C:\Users\vito\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avast]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avast"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AVAST Software\\Avast\\avastUI.exe\" /nogui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonMyPrinter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonSolutionMenuEx"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Device Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Device Detection"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\FUJIFILM\\MyFinePix Studio\\dd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON Stylus CX4200 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON Stylus CX4200 Series"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIAEA.EXE /FU \"C:\\Windows\\TEMP\\E_SCE42.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Default Manager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Microsoft Default Manager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft\\Search Enhancement Pack\\Default Manager\\DefMgr.exe\" -resume"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Norton Online Backup"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF Complete]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDF Complete"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF Complete\\pdfsty.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpybotSD TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^vito^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
"item"="OneNote 2010 Screen Clipper and Launcher"
"path"="C:\\Users\\vito\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Screen Clipper and Launcher.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2010 Screen Clipper and Launcher.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~1\\Office14\\ONENOTEM.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\!SASCORE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD FUEL Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_PM_RPCV4_01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GamesAppService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HP Support Assistant Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPAuto]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPClientSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPDrvMntSvc.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hpqwmiex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NOBU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\pdfcDispatcher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SBSDWSCService]

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [26/11/2014 10:01 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/10/2014 12:50 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
C:\Windows\tasks\HPCeeScheduleForVITO-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43 AM]
C:\Windows\tasks\HPCeeScheduleForvito.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForvito" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForVITO-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\PinItAutoUpdate" ["C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{270B58D6-4D56-48A3-A561-336DDC15721B}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{06A2683A-FE94-4FC0-A677-BB90EE82F41B}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\{503FD191-7775-4593-847A-B32BF2F73A6E}" [C:\Users\vito\Desktop\Tor Browser\Browser\firefox.exe]
"C:\Windows\SysNative\tasks\{6911E958-879C-4FDA-8675-16B216878C78}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\{80D10C5F-1E27-49B8-8780-F0B388A48438}" [C:\Program Files (x86)\Comodo\Dragon\dragon.exe]
"C:\Windows\SysNative\tasks\{C4036461-6B8F-4C5C-BF2B-5DD00ADA8523}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\{EA768C95-758B-472D-82BC-755837FAF795}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\{F265CD4D-889D-4061-A3C3-67B6D51FBBB9}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [28/11/2014 11:07 AM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[28/11/2014 11:07 AM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[28/11/2014 11:07 AM]

YouTube - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
,"session": { "restore_on_startup": 4, "urls_to_restore_on_startup": [ "http://feed.snapdo.c...Date=21/11/2013"]  }}

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft....k/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft....k/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{3EAD0059-0CB9-42D4-87F2-E331D8BFD61D}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown  Url="Not_Found"
{3EAD0059-0CB9-42D4-87F2-E331D8BFD61D} Bing  Url="http://www.bing.com/...Box&FORM=IESR02"
{95D68E93-E8B9-4077-B354-0DF4AE6781D6} Flickr  Url="https://www.flickr.c...?q={searchTerms}"
{B3FB0908-1B27-49BF-B828-A68C175FEF36} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3369939139-1655632908-2811052009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3369939139-1655632908-2811052009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B3FB0908-1B27-49BF-B828-A68C175FEF36} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\[email protected] deleted successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0H7655PQ will be deleted at reboot
C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9J82HG4 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\vito\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=29 folders=32 49072900 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\vito\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\vito\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0H7655PQ" deleted
"C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9J82HG4" not found

==== EOF on 03/12/2014 at 12:12:53.14 ======================


  • 0

Advertisements


#41
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, how is the machine behaving now?

 

Also, and on a different note, can you describe how you are taking the log results from the tools and posting them for me?

 

I'm not trying to chastise, but I think you might be adding some unnecessary steps and maybe we can save you some effort. By way of example, look at the text and font of your posts and compare it to mine or compare it to a different thread. Quite unusual and different isn't it? Let's see if we can figure it out. It might have so relevance to how the machine is working :thumbsup:


  • 0

#42
dumbum

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

Here is the malware bytes log ...... the computer has been running normal the last couple days, well, at least I haven't noticed anything amiss. For the copynpaste .. I go to file select all then copy and then it'll paste when I use the clipboard on the reply to topic to paste. The one with the strange font was like that in the file .. I thought it strange and wanted you to see it.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/12/2014
Scan Time: 9:06:01 AM
Logfile: mallwareb.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.04.06
Rootkit Database: v2014.12.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: vito

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380337
Time Elapsed: 16 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#43
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Well, that scan looks fine :thumbsup:

 

As does the text in the Paste.

 

Let's let it run for a day or so. If everything is still good, then perform these next steps and post back to me.

 

51a5ce45263de-delfix.png Clean with DelFix
 
Please download DelFix by Xplode and save it to your desktop.
 
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
  •  
    Include it for my review.

    • 0

    #44
    dumbum

    dumbum

      Member

    • Topic Starter
    • Member
    • PipPip
    • 72 posts

    Hi ... here is the log ... the computer seems to be much, much better .... I must be more aware of my downloading .. I usually type my address in the address bar but, the one time I clicked the link and got burned.

     

    # DelFix v10.8 - Logfile created 05/12/2014 at 09:02:03
    # Updated 29/07/2014 by Xplode
    # Username : vito - VITO-HP
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\_OTL
    Deleted : C:\FRST
    Deleted : C:\zoek_backup
    Deleted : C:\AdwCleaner
    Deleted : C:\ComboFix.txt
    Deleted : C:\log.txt
    Deleted : C:\zoek-results.log
    Deleted : C:\zoek-results2014-12-03-161705.log
    Deleted : C:\Users\vito\Downloads\adwcleaner_4.101.exe
    Deleted : C:\Users\vito\Downloads\Extras.Txt
    Deleted : C:\Users\vito\Downloads\FRST.exe
    Deleted : C:\Windows\grep.exe
    Deleted : C:\Windows\PEV.exe
    Deleted : C:\Windows\NIRCMD.exe
    Deleted : C:\Windows\MBR.exe
    Deleted : C:\Windows\SED.exe
    Deleted : C:\Windows\SWREG.exe
    Deleted : C:\Windows\SWSC.exe
    Deleted : C:\Windows\SWXCACLS.exe
    Deleted : C:\Windows\Zip.exe
    Deleted : HKLM\SOFTWARE\OldTimer Tools
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Swearware

    ~ Cleaning system restore ...

    Deleted : RP #851 [Scheduled Checkpoint | 12/05/2014 05:00:01]

    New restore point created !

    ~ Resetting system settings ... OK

    ########## - EOF - ##########


    • 0

    #45
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

    Glad everything is working well!! :)

     

    I'll keep the topic open for a few days in case you have questions, otherwise, it's been a pleasure! :wave:

     

    There are my suggestions for keeping your machine safe.

     

    Preventing Re-Infection

    An ounce of prevention is better than a pound of cure, so, I have listed some tips for you to stay safe on the internet in the future.

    WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. Have a look at this article.

    I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you still want to keep Java

    • Click the Start button
    • Click Control Panel
    • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
    • Click the Update tab
    • Click Update Now
    • Allow any updates to be downloaded and installed
    • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.

    Adobe products have to always be updated, because they also are being used to infect your computer.

    • If you want to update Adobe Flash Player, visit this site.
    • If you want to update Adobe Reader, visit this site.
    • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

    Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

    • Click Start > Control Panel > System and Security > Windows Update
    • Under Windows Update click Turn automatic updating on or off
    • Make sure that your settings are set so that you will receive updates automatically and click OK.

    FileHippo is one of programs that can check for out-of-date programs on your computer. You can get it here

    Recommendations for security programs

    • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
    • WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

    For some good tips about how to prevent infection in the future, visit this site.

     


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP