[Meboubou]

Clock stopped. Need to reboot manually.

[Advertisements]

Reboot and see if a log generates. If it does then copy and paste back here.

If not then:

Click on Start > Search programs and files and navigate to:

:\Qoobox folder (most likely C:\Qoobox\ComboFix.txt) and pasting the contents of the text file back here.

:\QooBox\LastRun\ <--Data from failed CF runs are stored here.

Note: ComboFix.txt are numbered so if there was more than one run for instance you might find C:\Qoobox\ComboFix2.txt. etc.

Copy and paste the contents back here.

[emeraldnzl]

Reboot and see if a log generates. If it does then copy and paste back here.

If not then:

Click on Start > Search programs and files and navigate to:

:\Qoobox folder (most likely C:\Qoobox\ComboFix.txt) and pasting the contents of the text file back here.

:\QooBox\LastRun\ <--Data from failed CF runs are stored here.

Note: ComboFix.txt are numbered so if there was more than one run for instance you might find C:\Qoobox\ComboFix2.txt. etc.

Copy and paste the contents back here.

[Meboubou]

No log generated. In last run, all I have is DAT files. Should I run combofix again, this time prompting a reboot in safe mode?

[emeraldnzl]

Yes please, try running ComboFix again.

this time prompting a reboot in safe mode?

Not sure what you meant by that. Did you run it in Normal mode last time i.e. not Safe Mode... or am I missing something?

[Meboubou]

No, I ran it in safe mode, but it rebooted and .. I was doing laundry so I missed the reboot, it rebooted in normal mode.... ... :-( Sorry.

[emeraldnzl]

I was doing laundry so I missed the reboot, it rebooted in normal mode.... ... :-( Sorry.

Hmm... that sounds fine. Strange that there is no log or that you couldn't find one at C:\Qoobox\ComboFix.txt that you could copy and paste back here. Wonder what's going on there... maybe AVG is getting in the way.

Anyway, back to running ComboFix again. Please let it boot your machine itself if it will. Sometimes CF does work better on the next run. Don't force it to reboot unless you have to. Doesn't matter whether it is Safe Mode or not for the reboot.

[Meboubou]

Hmm, so last time, my rebooted by itself. This time, combofix finished it's thing without rebooting...


-----------

ComboFix 13-12-18.01 - Marie-Eve 20/12/2013 12:10:27.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6050.5344 [GMT 8:00]
Running from: c:\users\Marie-Eve\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\PCDr\6422\AddOnDownloaded\02d6010d-b288-4157-bbcc-a3d510d3fba5.dll
c:\programdata\PCDr\6422\AddOnDownloaded\143c46ba-b979-4e38-9815-2373de9333aa.dll
c:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dll
c:\programdata\PCDr\6422\AddOnDownloaded\409161a3-28c9-4482-9613-e7ca2e306fef.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4c09e0ec-d531-4d04-a038-3dd30a795474.dll
c:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dll
c:\programdata\PCDr\6422\AddOnDownloaded\61c13bfc-28f4-44bc-beec-efa429fa40f0.dll
c:\programdata\PCDr\6422\AddOnDownloaded\6edf11af-92e6-490d-af58-febeeb0cdb04.dll
c:\programdata\PCDr\6422\AddOnDownloaded\9ed1246c-39a1-403b-9134-f313ebd75cb8.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b347630c-35c1-4199-a3e2-2eea8f11e228.dll
c:\programdata\PCDr\6422\AddOnDownloaded\c6ca3141-c4ef-404d-b1c2-840d38395e80.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dll
c:\programdata\PCDr\6422\AddOnDownloaded\f63e05a5-1f40-4c42-b80a-d0995b6e38a7.dll
c:\windows\Downloaded Program Files\cwshell.exe
c:\windows\Downloaded Program Files\mcieplugin.dll
c:\windows\Downloaded Program Files\mcoiupdate.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-11-20 to 2013-12-20 )))))))))))))))))))))))))))))))
.
.
2013-12-20 04:23 . 2013-12-20 04:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-20 04:23 . 2013-12-20 04:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-20 02:26 . 2013-12-20 02:26 -------- d-----w- c:\windows\ERUNT
2013-12-19 02:45 . 2013-12-20 00:45 -------- d-----w- C:\FRST
2013-12-18 18:59 . 2013-12-18 18:59 -------- d-----w- c:\windows\Sun
2013-12-18 16:25 . 2013-12-18 16:25 -------- d-----w- c:\users\Marie-Eve\AppData\Roaming\SUPERAntiSpyware.com
2013-12-18 16:24 . 2013-12-18 16:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-12-18 16:24 . 2013-12-18 16:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-12-13 07:01 . 2013-12-13 07:01 -------- d-----w- c:\users\Marie-Eve\AppData\Roaming\AVG2014
2013-12-13 07:00 . 2013-12-13 07:00 -------- d-----w- c:\users\Marie-Eve\AppData\Roaming\TuneUp Software
2013-12-13 06:59 . 2013-12-13 06:59 -------- d-----w- C:\$AVG
2013-12-13 06:59 . 2013-12-13 07:01 -------- d-----w- c:\programdata\AVG2014
2013-12-13 06:58 . 2013-12-13 06:58 -------- d-----w- c:\program files (x86)\AVG
2013-12-13 06:54 . 2013-12-20 01:35 -------- d-----w- c:\programdata\MFAData
2013-12-13 06:54 . 2013-12-13 07:03 -------- d-----w- c:\users\Marie-Eve\AppData\Local\Avg2014
2013-12-13 06:54 . 2013-12-13 06:54 -------- d--h--w- c:\programdata\Common Files
2013-12-13 06:54 . 2013-12-13 06:54 -------- d-----w- c:\users\Marie-Eve\AppData\Local\MFAData
2013-12-11 19:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 19:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 19:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 19:04 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-11 19:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 19:02 . 2013-11-26 07:48 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-12-11 19:02 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-11 19:02 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-12-11 05:39 . 2013-12-11 07:39 9293192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-12-11 05:31 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 05:31 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-11 05:30 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 05:30 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-11 05:30 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 05:30 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 05:30 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-11 05:26 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 05:26 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-11 05:26 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 05:26 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 05:25 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 05:25 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 05:25 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-11 05:25 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-11 05:25 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 05:25 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 05:25 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-11 05:25 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-11 03:19 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F5A446B-9E9F-4F57-8D21-92E838FFC6A8}\mpengine.dll
2013-12-01 17:00 . 2013-12-01 17:00 -------- d-----w- c:\users\Marie-Eve\AppData\Local\Conference Client
2013-12-01 16:58 . 2013-12-01 16:59 -------- d-----w- c:\users\Marie-Eve\AppData\Local\Radvision
2013-11-27 01:41 . 2013-10-14 10:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-27 01:39 . 2013-11-27 01:39 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 01:39 . 2013-11-27 01:39 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 16:47 . 2012-02-07 12:09 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 07:39 . 2012-04-07 21:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 07:39 . 2012-01-28 09:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-10 21:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-05 13:55 . 2013-11-05 13:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-04 13:52 . 2013-11-04 13:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-10-31 15:00 . 2013-10-31 15:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-10-31 14:49 . 2013-10-31 14:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-31 04:54 . 2013-10-31 04:54 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-31 04:47 . 2013-10-31 04:48 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-31 04:47 . 2013-10-31 04:48 312744 ----a-w- c:\windows\system32\javaws.exe
2013-10-31 04:47 . 2013-10-31 04:48 189352 ----a-w- c:\windows\system32\javaw.exe
2013-10-31 04:47 . 2013-10-31 04:48 189352 ----a-w- c:\windows\system32\java.exe
2013-10-30 18:52 . 2013-10-30 18:52 82944 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\libmicrohttpd-10.dll
2013-10-30 18:52 . 2013-10-30 18:52 63697 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\bfgminer-rpc.exe
2013-10-30 18:52 . 2013-10-30 18:52 599040 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\backtrace.dll
2013-10-30 18:52 . 2013-10-30 18:52 52736 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\libjansson-4.dll
2013-10-30 18:52 . 2013-10-30 18:52 45056 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\pthreadGC2.dll
2013-10-30 18:52 . 2013-10-30 18:52 43854 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\libblkmaker-0.1-0.dll
2013-10-30 18:52 . 2013-10-30 18:52 38190 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\libblkmaker_jansson-0.1-0.dll
2013-10-30 18:52 . 2013-10-30 18:52 369664 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\libcurl-4.dll
2013-10-30 18:52 . 2013-10-30 18:52 314368 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\libevent-2-0-5.dll
2013-10-30 18:52 . 2013-10-30 18:52 1886663 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\bfgminer.exe
2013-10-30 18:52 . 2013-10-30 18:52 167936 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\libusb-1.0.dll
2013-10-30 18:52 . 2013-10-30 18:52 15360 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\libhidapi-0.dll
2013-10-30 18:52 . 2013-10-30 18:52 132096 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\libplibc-1.dll
2013-10-30 18:52 . 2013-10-30 18:52 109568 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\zlib1.dll
2013-10-30 18:52 . 2013-10-30 18:52 102912 ----a-w- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\pdcurses.dll
2013-10-24 14:25 . 2013-10-24 14:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-12 02:30 . 2013-11-12 23:38 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-12 23:38 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-12 23:38 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-12 23:38 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-12 23:38 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-12 23:39 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-12 23:39 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-12 23:38 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-12 23:38 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-12 23:38 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-12 23:38 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-12 23:38 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-12 23:38 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-12 23:38 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-12 23:38 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-10-01 06:04 . 2013-10-01 06:04 61440 ----a-r- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2013-10-01 06:04 . 2013-10-01 06:04 61440 ----a-r- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2013-10-01 06:04 . 2013-10-01 06:04 106496 ----a-r- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2013-10-01 06:04 . 2013-10-01 06:04 106496 ----a-r- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2013-10-01 06:04 . 2013-10-01 06:04 106496 ----a-r- c:\users\Marie-Eve\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2013-10-01 06:03 . 2013-10-01 06:03 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
2013-09-30 16:52 . 2013-09-30 16:52 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-09-28 01:09 . 2013-11-12 23:38 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-12 23:38 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-12 23:38 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-12 23:38 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-12 23:38 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-12 23:38 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-12 23:38 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-12 23:38 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-12 23:38 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-12 23:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-12 23:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-12 23:38 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-12 23:38 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-12 23:38 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CUCore Agent"="c:\users\Marie-Eve\AppData\Local\Radvision\Conference Client\7.17.000.99\ConfAgent.exe" [2013-12-01 100464]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-17 6562584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R2 AlipaySecSvc;Alipay security service;c:\program files (x86)\alipay\alieditplus\AlipaySecSvc.exe;c:\program files (x86)\alipay\alieditplus\AlipaySecSvc.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files (x86)\Astrill\ASOvpnSvc.exe;c:\program files (x86)\Astrill\ASOvpnSvc.exe [x]
R3 ASProxy;ASProxy;c:\program files (x86)\Astrill\ASProxy.exe;c:\program files (x86)\Astrill\ASProxy.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\Drivers\pcouffin64a.sys;c:\windows\SYSNATIVE\Drivers\pcouffin64a.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\DRIVERS\asvpndrv.sys;c:\windows\SYSNATIVE\DRIVERS\asvpndrv.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys;c:\windows\SYSNATIVE\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys;c:\windows\SYSNATIVE\DRIVERS\tixhci.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 14:34 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 07:39]
.
2013-12-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2444817551-2258911842-2084099832-1000Core.job
- c:\users\Marie-Eve\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-24 22:54]
.
2013-12-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2444817551-2258911842-2084099832-1000UA.job
- c:\users\Marie-Eve\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-24 22:54]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-10 00:46]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-10 00:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.eblcu.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 202.99.224.67 202.99.224.68
TCP: Interfaces\{E8077001-E4F5-43D5-8E96-FDF0ACA8A688}\3686F636F602D616E676F6: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\Marie-Eve\AppData\Roaming\Mozilla\Firefox\Profiles\d18vzumr.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AlipaySecControl - c:\windows\system32\aliedit\3.6.0.0\uninst.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\00\08\10\1a'f"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-20 12:27:38
ComboFix-quarantined-files.txt 2013-12-20 04:27
.
Pre-Run: 189,854,801,920 bytes free
Post-Run: 189,776,072,704 bytes free
.
- - End Of File - - C9E71F16A688167BA075A9D6936BC076

[emeraldnzl]

Hello again Meboubou,

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• If you are given an option to quarantine files ensure the scan is set to do so.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic and tell me how your computer is now.

[Meboubou]

I know you mentioned the possibility of a few hours, but the scan has been stuck in the same file for well over 30 minutes (since it detected the second threat). You said to not touch my mouse so I haven't but I'm afraid the computer having problems again. Eset scan and clock seem to be running fine.

[emeraldnzl]

Eset scan and clock seem to be running fine.

If they are running then that's fine, just let it do it's job.

These scans can look if they are doing nothing for long periods.

Have patience.

Having said that if it hasn't made progress say after 5hrs then maybe you could look at stopping it. I ran a scan on my computer today (I do it once a week) and it took 6 hours for a full scan.

[emeraldnzl]

Further to my last post.

I am signing off for today. Getting later in the evening where I am.

Catch you tomorrow.

[Meboubou]

I may have followed your instructions wrong... instead of copying the log file, I copied the quarantined threat file... :\ (Note to self: read instructions carefully next time.)

That being said, things seem to be going... fine. I will test 2 things that would make my computer freeze instantly and if I'm still good, I will post this :-)

** Amazing.** I have yet to be able to use google maps since august. (yes I know, I should have asked for help before it got this bad. I won't do it again, promise!)

Everything seems to be working smoothly, and... almost new-like. I cannot thank-you enough!!!!!!!

Here is the log I copied- hopefully it's useful to you though it might not be what you were hoping for :\

---------

C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application cleaned by deleting - quarantined
C:\Users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\bfgminer-rpc.exe Win32/BitCoinMiner.AN application cleaned by deleting - quarantined
C:\Users\Marie-Eve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\bfgminer.exe a variant of Win32/BitCoinMiner.L application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Desktop\here\this is it\freegate-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Desktop\here\this is it\Needs cleaning\New folder\Crazy Stupid Love {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\AviDvdBurner_inst.exe multiple threats cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\cbsidlm-tr1_13-Virtual_CloneDrive-ORG-173879.exe.part Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\cbsidlm-tr1_9-JPG_to_PDF_Converter-SEO2-10921191.exe.part multiple threats cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\chernobyl.diaries.2012.dvdrip.xvid-vip3r.avi_downloader_98828.exe.part probably a variant of Win32/ExpressFiles application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\cnet2_AviDvdBurner_inst_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\easyminer.exe multiple threats cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\freegate-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\Hanson_secure.exe Win32/TopMedia.A application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\I__m_Alan_Partridge_Season_1,_2_Complete___Extras_DVDRip_TSV.exe Win32/Somoto.E application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\Piche_entre_ciel_et_terre_2010_french_dvdrip_xvid-astral.exe a variant of Win32/DirectDownloader.B application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\Users\Marie-Eve\Downloads\skypelogview.zip a variant of Win32/SkypeLogView.A application deleted - quarantined
C:\Users\Marie-Eve\Downloads\SoftonicDownloader_for_freegate.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined

[Meboubou]

I may have cried victory all to early. I had another complete freeze and had to manually reboot :-( This time though- I think I might have put my finger on what cause the crash... My VPN Astrill stopped working (basically, could not longer access geeks to go (blocked this morning by my dear ISP who I am starting to think could be the root of my problems that only started after I was officially registered as a foreigner living here... call me paranoid- but all 3 foreigners living here are experiencing major computer issues- they should be coming in for a chat sometime soon...)

So- end of rant.

Astrill stopped working, I tried changing servers, everything froze and that was the end of that. Should I re-do the ESET scan for you to get proper log files?

[emeraldnzl]

Should I re-do the ESET scan for you to get proper log files?

No what's there is fine.

My VPN Astrill stopped working (basically, could not longer access geeks

Sounds a possibility.

I may have cried victory all to early. I had another complete freeze and had to manually reboot

Might be worth us taking some time to run a couple of other tools.

Let's do this:

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.



Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

After that

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

[Meboubou]

# AdwCleaner v3.015 - Report created 21/12/2013 at 08:16:59
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Marie-Eve - MARIE-EVE-PC
# Running from : C:\Users\Marie-Eve\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
[x] Not Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Program Files (x86)\Common Files\Tencent
Folder Deleted : C:\Users\Marie-Eve\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Marie-Eve\AppData\Roaming\Mozilla\Firefox\Profiles\d18vzumr.default\adawaretb
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Deleted : C:\windows\System32\Tasks\LaunchApp
File Deleted : C:\windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAS_is1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v24.0 (en-GB)

[ File : C:\Users\Marie-Eve\AppData\Roaming\Mozilla\Firefox\Profiles\d18vzumr.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Marie-Eve\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2241 octets] - [21/12/2013 08:14:10]
AdwCleaner[S0].txt - [2132 octets] - [21/12/2013 08:16:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2192 octets] ##########