Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Popup at startup prevents laptop use

This is a discussion on Popup at startup prevents laptop use within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi Folks, When the laptop boots into windows (7 Home premium edition) It almost immediately displays the "User account control"


 
 
Thread Tools Search this Thread
Old 11-27-2014, 11:12 AM   #1
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2



Hi Folks,

When the laptop boots into windows (7 Home premium edition) It almost immediately displays the "User account control" window asking if I want to allow the following program to make changes to the system.

Program name:Registry Consol Tool
Verified publisher: Microsoft Windows
Program location: "C:\Windows\SysWOW64\reg.exe" add
HKLM\SYSTEM\ControlSet001\Services\win
/v ServiceDll/t REG_EXPAND_SZ/d
C:\PROGRA~3\CBB68958.dot/f

Regardless of which button you press, it dissapears and then instantly reapears preventing you from doing pretty much anything else ... Hence I haven't been able to run the diagnostic programs you have asked for.

Any assistance gratefully recieved.

Many thanks.
Hotcod1 is offline  
Sponsored Links
Advertisement
 
Old 11-29-2014, 12:37 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Print out these instructions to use while in the Recovery Environment or read off another computer:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • Select 'Repair your computer' and press 'Enter'.
  • On the System Recovery Options menu, select 'Startup Repair'.
  • Did it detect a problem? Let me know.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-01-2014, 01:29 AM   #3
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2



Hi Chemist,

Followed your instructions, and windows could not find any start-up errors.
However, when I rebooted the laptop, the pop-up is still there.

Edit: After several minutes, a new pop-up has appeared ... Still the user account control window but this time the program that is trying to make changes is "reg.exe" and is listed as unknown author, but is trying to run the same program. Left it on screen to write up the exact details, and the second pop-up has gone and been replaced with the first


Many thanks for your help.
Hotcod1 is offline  
Sponsored Links
Advertisement
 
Old 12-01-2014, 06:54 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. Restart the computer again as before, this time choosing 'Last Known Good Configuration' on the Advanced Boot Options Menu. Any joy?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-03-2014, 03:07 PM   #5
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2



Couldn't get into the advanced boot menu, tried 4 or 5 times and either windows would ignor the esc key (f8 only works AFTER I hit esc on the first screen) or it opened a wierd Hewlet Packard help screen.

So I let windows open and immediately went through control panel and system resore. During the system restore process, the pop-up appeared closely followed by an error message saying something like "too many programs running on sys32... " (disapeared before I could copy it down). End result, after system restore finally finished and the laptop booted up, there was an error message saying that system restore was un-successful.

Is there any way your diagnostic programs will work in safe mode ?
Hotcod1 is offline  
Old 12-03-2014, 05:01 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Yes, they will work in Safe Mode. However, Safe Mode is on the Advanced Boot Menu.

It appears you were able to access it earlier when you chose 'Repair your computer'.

Keep trying.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-04-2014, 07:10 AM   #7
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2


If all else fails I'll boot up into windows, then turn the machine off using the power switch ... last time I had to do that it went straight to the advanced boot menu when I turned it on again ;-) ... at least then I can run the diagnostics so you will have some real information to work with
Hotcod1 is offline  
Old 12-04-2014, 09:12 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Let me know. Might be helpful if you also run this tool if you are able(you can run it from any drive or zip drive):

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-08-2014, 01:44 PM   #9
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2



Been out of the area for a few days. Managed to boot into safe mode and I'm working through the diagnostic programs now. Will post the results asap.

Thanks for being patient.
Hotcod1 is offline  
Old 12-08-2014, 01:53 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-08-2014, 03:05 PM   #11
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2



DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.9.2
Run by Christine at 21:22:08 on 2014-12-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1787.1228 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=61EgVN-9HOHH8geEz4GYCQ&gws_rd=ssl
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - <orphaned>
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Yontoo Desktop] "C:\Users\Christine\AppData\Roaming\Yontoo\YontooDesktop.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOGEAR~1.LNK - C:\Program Files (x86)\Philips\GoGear SA3MXX Device Manager\main.exe
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: Interfaces\{30E262B6-18C5-4B43-A79A-6995FA2C8F14}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{30E262B6-18C5-4B43-A79A-6995FA2C8F14}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{30E262B6-18C5-4B43-A79A-6995FA2C8F14}\2445F40756E6A7F6E656D23416666656E45627F6 : DHCPNameServer = 192.168.22.22 192.168.22.23
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-11-22 28184]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-12 38456]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-18 65776]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-18 224896]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-21 1041168]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-11-21 427360]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-12 98208]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-12 202752]
S2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-11 29208]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-21 79184]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-8-11 92008]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-11 50344]
S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-8-11 106488]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-10-4 3979712]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 tor;Tor Win32 Service;C:\Program Files (x86)\Tor\tor.exe [2013-9-3 3233806]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-20 111616]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-12 347680]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-24 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 RtVOsdService;RtVOsdService Installer;"C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe" --> C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [?]
.
=============== Created Last 30 ================
.
2014-12-03 22:40:10 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92AAC855-73E4-479F-895C-92A9017E39CA}\mpengine.dll
2014-11-27 19:22:49 728064 ------w- C:\Windows\System32\kerberos.dll
2014-11-27 19:22:49 1460736 ------w- C:\Windows\System32\lsasrv.dll
2014-11-27 19:22:47 241152 ------w- C:\Windows\System32\pku2u.dll
2014-11-27 19:22:46 22016 ------w- C:\Windows\SysWow64\secur32.dll
2014-11-27 19:22:45 96768 ------w- C:\Windows\SysWow64\sspicli.dll
2014-11-27 19:22:33 680960 ------w- C:\Windows\System32\audiosrv.dll
2014-11-27 19:22:33 296448 ------w- C:\Windows\System32\AudioSes.dll
2014-11-27 19:18:50 742400 ------w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-11-27 19:18:48 1892864 ------w- C:\Windows\SysWow64\wininet.dll
2014-11-27 19:18:45 2365440 ------w- C:\Windows\System32\wininet.dll
2014-11-27 19:18:26 1882624 ------w- C:\Windows\System32\msxml3.dll
2014-11-27 19:18:25 2048 ------w- C:\Windows\System32\msxml3r.dll
2014-11-27 19:16:34 861696 ------w- C:\Windows\System32\oleaut32.dll
2014-11-27 19:16:34 571904 ------w- C:\Windows\SysWow64\oleaut32.dll
2014-11-27 19:15:19 342016 ------w- C:\Windows\System32\schannel.dll
2014-11-27 19:15:19 309760 ------w- C:\Windows\System32\ncrypt.dll
2014-11-27 19:15:15 314880 ------w- C:\Windows\System32\msv1_0.dll
2014-11-27 19:15:15 210944 ------w- C:\Windows\System32\wdigest.dll
2014-11-27 19:15:14 86528 ------w- C:\Windows\System32\TSpkg.dll
2014-11-27 19:15:12 22016 ------w- C:\Windows\System32\credssp.dll
2014-11-27 19:15:12 17408 ------w- C:\Windows\SysWow64\credssp.dll
2014-11-27 18:42:01 -------- d-----w- C:\ProgramData\Oracle
2014-11-27 18:04:52 -------- d-----w- C:\53df2783115667dffc17e65c
2014-11-27 17:56:47 352256 ----atw- C:\ProgramData\CBB68958.dot
2014-11-11 2201 235520 ----a-w- C:\ProgramData\85986BBC.cpp
.
==================== Find3M ====================
.
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-02 14:53:02 278152 ----a-w- C:\Windows\System32\MpSigStub.exe
2014-10-01 07:51:01 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-01 07:51:01 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:41:55 2796032 ----a-w- C:\Windows\System32\iertutil(165).dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 0147 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:55:50 2187264 ----a-w- C:\Windows\SysWow64\iertutil(186).dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet(184).dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-19 00:14:19 1447936 ----a-w- C:\Windows\System32\urlmon(180).dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet(191).dll
2014-09-18 23:53:45 1190400 ----a-w- C:\Windows\SysWow64\urlmon(190).dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 21:24:34.03 ===============
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2014
Ran by Christine (administrator) on CHRISTINE-HP on 08-12-2014 22:49:44
Running from C:\Users\Christine\Desktop
Loaded Profile: Christine (Available profiles: Christine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-04-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-05-23] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2933184 2012-10-04] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-12] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\...\Run: [Yontoo Desktop] => C:\Users\Christine\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] ()
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\...\Policies\system: [DisableChangePassword] 0
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoGear SA3MXX Device Manager.lnk
ShortcutTarget: GoGear SA3MXX Device Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = msn
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com/isapi/redir...=ie&ar=msnhome
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gfe_rd=cr&...YCQ&gws_rd=ssl
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = msn
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {008171FD-BA68-4A56-A14F-0F4B1E58EC3F} URL = https://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = https://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {A8E85E58-FA72-488D-B1D1-B95E47127AB7} URL = https://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F} URL = https://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtBtAtCtDtBtDyB0D0Ezy0EtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzztB0B0AtD0E0BtGyB0EyCyBtG0F0DtD0EtGzz0AtCyDtGtBzztC0D0C0CyBzy0BtA0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0A0AyBtA0C0AtGtCtB0CtCtG0B0B0A0FtG0AtB0E0EtGyC0D0FtB0C0E0EzztB0FyC0C2Q&cr=75228055&ir=
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = https://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {008171FD-BA68-4A56-A14F-0F4B1E58EC3F} URL = https://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = https://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {A8E85E58-FA72-488D-B1D1-B95E47127AB7} URL = https://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F} URL = https://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = https://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {008171FD-BA68-4A56-A14F-0F4B1E58EC3F} URL = https://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = https://www.delta-search.com/?q={searchTerms}&affID=120519&tt=190313_wo3&babsrc=SP_ss&mntrId=4AA6AC8112310207
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = https://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = https://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {A8E85E58-FA72-488D-B1D1-B95E47127AB7} URL = https://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F} URL = https://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtBtAtCtDtBtDyB0D0Ezy0EtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzztB0B0AtD0E0BtGyB0EyCyBtG0F0DtD0EtGzz0AtCyDtGtBzztC0D0C0CyBzy0BtA0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0A0AyBtA0C0AtGtCtB0CtCtG0B0B0A0FtG0AtB0E0EtGyC0D0FtB0C0E0EzztB0FyC0C2Q&cr=75228055&ir=
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {DBA5F30C-B8FF-4D56-9421-B9AB29AD9B15} URL = https://search.virginmedia.com/results/index.php?channel=ieffsearch&q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} https://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-11] (EasyBits Software Corp.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-21]

Chrome:
=======
CHR HomePage: Default -> Google
CHR StartupUrls: Default -> "www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File
CHR Plugin: (Delta Toolbar) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\DeltaChromeToolbar.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows LiveŽ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-18]
CHR Extension: (Google Drive) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-30]
CHR Extension: (YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-18]
CHR Extension: (Adblock Plus) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-30]
CHR Extension: (Google Search) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-18]
CHR Extension: (Google Wallet) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-18]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\CHRIST~1\AppData\Local\Temp\crx77A2.tmp [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Christine\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680960 2014-10-03] (Microsoft Corporation) [File not signed]
S2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680960 2014-10-03] (Microsoft Corporation) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-11] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-11] (AVAST Software)
S2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3979712 2012-10-04] (Symantec Corporation)
S2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-03] () [File not signed]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S4 RtVOsdService; "C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-11] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-11] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-11] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-11] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-11] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-11] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-11] ()
S0 aswNdisFlt; system32\DRIVERS\aswNdisFlt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 dumzycxb; \??\C:\Windows\system32\drivers\dumzycxb.sys [X]
U3 kglcyuow; \??\C:\Users\CHRIST~1\AppData\Local\Temp\kglcyuow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 22:49 - 2014-12-08 22:50 - 00023693 _____ () C:\Users\Christine\Desktop\FRST.txt
2014-12-08 22:48 - 2014-12-08 22:49 - 00000000 ____D () C:\FRST
2014-12-08 22:47 - 2014-12-08 21:35 - 02119680 _____ (Farbar) C:\Users\Christine\Desktop\FRST64.exe
2014-12-08 22:46 - 2014-12-08 22:46 - 00000000 _____ () C:\Users\Christine\Desktop\ark.txt
2014-12-08 21:24 - 2014-12-08 21:24 - 00020363 _____ () C:\Users\Christine\Desktop\attach.txt
2014-12-08 21:24 - 2014-12-08 21:24 - 00017308 _____ () C:\Users\Christine\Desktop\dds.txt
2014-12-08 21:21 - 2014-12-08 21:11 - 00370943 _____ () C:\Users\Christine\Desktop\gmer.zip
2014-12-08 21:21 - 2014-12-08 21:08 - 00688992 ____R (Swearware) C:\Users\Christine\Desktop\dds.scr
2014-11-27 19:22 - 2014-11-11 03:08 - 00728064 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-27 19:22 - 2014-11-11 03:08 - 00241152 ____N (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-27 19:22 - 2014-10-14 02:12 - 01460736 ____N (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-27 19:22 - 2014-10-14 01:50 - 00022016 ____N (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-27 19:22 - 2014-10-14 01:49 - 00096768 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-27 19:22 - 2014-10-03 02:11 - 00680960 ____N (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-27 19:22 - 2014-10-03 02:11 - 00296448 ____N (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-27 19:18 - 2014-11-06 03:43 - 02884096 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-27 19:18 - 2014-11-06 03:05 - 02277376 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-27 19:18 - 2014-11-06 02:17 - 02365440 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-27 19:18 - 2014-11-06 02:04 - 01550336 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-27 19:18 - 2014-11-06 01:52 - 01892864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-27 19:18 - 2014-11-06 01:48 - 01310208 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-27 19:18 - 2014-08-21 06:43 - 01882624 ____N (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-27 19:18 - 2014-08-21 06:40 - 00002048 ____N (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-27 19:16 - 2014-10-18 02:05 - 00861696 ____N (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-27 19:16 - 2014-10-18 01:33 - 00571904 ____N (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-27 19:15 - 2014-09-19 09:42 - 00342016 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-27 19:15 - 2014-09-19 09:42 - 00314880 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-27 19:15 - 2014-09-19 09:42 - 00309760 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-27 19:15 - 2014-09-19 09:42 - 00210944 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-27 19:15 - 2014-09-19 09:42 - 00086528 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-27 19:15 - 2014-09-19 09:42 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-27 19:15 - 2014-09-19 09:23 - 00017408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-27 18:42 - 2014-11-27 18:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-27 18:04 - 2014-12-03 22:05 - 00000000 ____D () C:\53df2783115667dffc17e65c
2014-11-27 17:56 - 2014-11-27 17:56 - 00352256 ____T () C:\ProgramData\CBB68958.dot
2014-11-11 22:06 - 2014-11-11 22:06 - 00235520 _____ (VMware, Inc.) C:\ProgramData\85986BBC.cpp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 21:21 - 2009-07-14 05:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-08 21:18 - 2013-11-30 10:15 - 00000000 ____D () C:\ProgramData\Big Fish
2014-12-08 21:18 - 2013-11-30 10:08 - 00000000 ____D () C:\BigFishCache
2014-12-08 21:17 - 2012-08-13 18:04 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\BitTorrent
2014-12-08 21:17 - 2011-10-06 15:11 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\uTorrent
2014-12-08 20:56 - 2011-05-30 12:13 - 00000000 ____D () C:\Users\Christine\AppData\Local\CrashDumps
2014-12-08 20:55 - 2013-03-18 21:02 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 20:55 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-08 20:55 - 2009-07-14 04:51 - 00134679 _____ () C:\Windows\setupact.log
2014-12-03 22:46 - 2011-01-12 08:45 - 01626284 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 22:45 - 2009-07-14 04:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 22:45 - 2009-07-14 04:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 22:33 - 2013-11-30 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-12-03 22:33 - 2013-06-04 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-12-03 22:33 - 2013-04-17 12:11 - 00000000 ____D () C:\Program Files (x86)\WhiteSmoke_New
2014-12-03 22:33 - 2013-03-29 19:11 - 00000000 ____D () C:\Program Files (x86)\Yontoo
2014-12-03 22:33 - 2013-03-18 21:06 - 00000000 ____D () C:\Program Files\Google
2014-12-03 22:33 - 2013-03-18 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-03 22:33 - 2013-03-18 21:00 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-03 22:33 - 2012-08-13 18:06 - 00000000 ____D () C:\Program Files (x86)\BitTorrent
2014-12-03 22:33 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-03 22:32 - 2014-08-19 19:28 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\WSE_Astromenda
2014-12-03 22:32 - 2014-08-19 19:26 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Astromenda
2014-12-03 22:32 - 2014-05-19 16:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-03 22:32 - 2013-04-17 12:12 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Systweak
2014-12-03 22:32 - 2013-03-29 19:25 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\player
2014-12-03 22:32 - 2013-03-29 19:11 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Yontoo
2014-12-03 22:32 - 2013-03-29 19:10 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Delta
2014-12-03 22:32 - 2012-09-18 20:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-03 22:32 - 2012-08-19 19:15 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Skype
2014-12-03 22:32 - 2011-05-20 14:58 - 00000000 ____D () C:\Users\Christine
2014-12-03 22:32 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-12-03 22:32 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-03 22:28 - 2014-08-19 19:28 - 00000306 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-12-03 22:18 - 2013-11-30 21:21 - 00001992 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-12-03 22:18 - 2013-04-17 12:56 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-03 22:18 - 2012-11-22 16:14 - 00001932 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-12-03 22:06 - 2013-03-29 19:25 - 00000000 ____D () C:\Program Files (x86)\Tuguu SL
2014-12-03 22:05 - 2014-10-30 17:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-03 22:05 - 2014-10-30 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 22:05 - 2014-10-30 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 21:55 - 2011-10-06 15:12 - 00000000 ____D () C:\Users\Christine\AppData\Local\Google

Some content of TEMP:
====================
C:\Users\Christine\AppData\Local\Temp\11014uninstall.exe
C:\Users\Christine\AppData\Local\Temp\install_flashplayer14x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\Christine\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christine\AppData\Local\Temp\Sqlite3.dll
C:\Users\Christine\AppData\Local\Temp\uttDB70.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-23 09:58

==================== End Of Log ============================

I hope the above is presented correctly and the zip file is ok.
Attached Files
File Type: zip attach.zip (13.3 KB, 72 views)
Hotcod1 is offline  
Old 12-08-2014, 05:17 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Hotcod1.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F} URL = https://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtBtAtCtDtBtDyB0D0Ezy0EtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzztB0B0AtD0E0BtGyB0EyCyBtG0F0DtD0EtGzz0AtCyDtGtBzztC0D0C0CyBzy0BtA0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0A0AyBtA0C0AtGtCtB0CtCtG0B0B0A0FtG0AtB0E0EtGyC0D0FtB0C0E0EzztB0FyC0C2Q&cr=75228055&ir=
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
    SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = https://www.delta-search.com/?q={searchTerms}&affID=120519&tt=190313_wo3&babsrc=SP_ss&mntrId=4AA6AC8112310207
    SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F} URL = https://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtBtAtCtDtBtDyB0D0Ezy0EtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzztB0B0AtD0E0BtGyB0EyCyBtG0F0DtD0EtGzz0AtCyDtGtBzztC0D0C0CyBzy0BtA0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0A0AyBtA0C0AtGtCtB0CtCtG0B0B0A0FtG0AtB0E0EtGyC0D0FtB0C0E0EzztB0FyC0C2Q&cr=75228055&ir=
    BHO-x32: No Name -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> No File
    BHO-x32: No Name -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> No File
    Toolbar: HKLM-x32 - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
    S1 dumzycxb; \??\C:\Windows\system32\drivers\dumzycxb.sys [X]
    U3 kglcyuow; \??\C:\Users\CHRIST~1\AppData\Local\Temp\kglcyuow.sys [X]
    C:\Windows\system32\drivers\dumzycxb.sys
    2014-12-08 21:17 - 2012-08-13 18:04 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\BitTorrent
    2014-12-08 21:17 - 2011-10-06 15:11 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\uTorrent
    2014-12-03 22:33 - 2013-04-17 12:11 - 00000000 ____D () C:\Program Files (x86)\WhiteSmoke_New
    2014-12-03 22:32 - 2013-04-17 12:12 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Systweak
    2014-12-03 22:32 - 2013-03-29 19:25 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\player
    2014-12-03 22:32 - 2013-03-29 19:11 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Yontoo
    2014-12-03 22:32 - 2013-03-29 19:10 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Delta
    2014-12-03 22:33 - 2012-08-13 18:06 - 00000000 ____D () C:\Program Files (x86)\BitTorrent
    2014-12-03 22:32 - 2014-08-19 19:28 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\WSE_Astromenda
    2014-12-03 22:32 - 2014-08-19 19:26 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Astromenda
    2014-12-03 22:28 - 2014-08-19 19:28 - 00000306 _____ () C:\Windows\Tasks\WSE_Astromenda.job
    Task: {318F782F-D3C1-4363-92F2-3CD5D06CDEB7} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
    Task: {6759008C-DEDD-47DC-91DA-6A8AF121817F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    C:\Program Files (x86)\MyPC Backup
    Task: {EDC0F9F7-AA71-4703-869A-595EB5E0549B} - System32\Tasks\WSE_Astromenda => C:\Users\Christine\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-08-19] () <==== ATTENTION
    Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\CHRIST~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    C:\Users\CHRIST~1\AppData\Roaming\WSE_AS~1
    AlternateDataStreams: C:\ProgramData\Temp:6A285F23
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-09-2014, 05:45 AM   #13
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2


Hi Chemist, so after copying all that txt to fixlist.txt I should run frst64.exe right? ... will it automatically process the fix list ?
Hotcod1 is offline  
Old 12-09-2014, 06:35 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Yes, just click Fix after running FRST64.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-09-2014, 11:47 AM   #15
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2



Sorry fella, dumb question ... didn't see the whole post when I checked in on my phone at lunchtime ... Doh ... lol :-)
Hotcod1 is offline  
Old 12-09-2014, 01:29 PM   #16
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2



Hi Chemist,

Odd things going on, couldn't see the fixlog.txt file in the directory where frst was run but found it via "search" ... hope it makes sense ...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2014
Ran by Christine at 2014-12-09 19:40:57 Run:1
Running from C:\Users\Christine\Desktop\frst64
Loaded Profile: Christine (Available profiles: Christine)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F} URL = https://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtBtAtCtDtBtDyB0D0Ezy0EtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzztB0B0AtD0E0BtGyB0EyCyBtG0F0DtD0EtGzz0AtCyDtGtBzztC0D0C0CyBzy0BtA0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0A0AyBtA0C0AtGtCtB0CtCtG0B0B0A0FtG0AtB0E0EtGyC0D0FtB0C0E0EzztB0FyC0C2Q&cr=75228055&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = https://www.delta-search.com/?q={searchTerms}&affID=120519&tt=190313_wo3&babsrc=SP_ss&mntrId=4AA6AC8112310207
SearchScopes: HKU\S-1-5-21-1902443910-2598751035-2463263663-1000 -> {B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F} URL = https://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtBtAtCtDtBtDyB0D0Ezy0EtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzztB0B0AtD0E0BtGyB0EyCyBtG0F0DtD0EtGzz0AtCyDtGtBzztC0D0C0CyBzy0BtA0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0A0AyBtA0C0AtGtCtB0CtCtG0B0B0A0FtG0AtB0E0EtGyC0D0FtB0C0E0EzztB0FyC0C2Q&cr=75228055&ir=
BHO-x32: No Name -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> No File
BHO-x32: No Name -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> No File
Toolbar: HKLM-x32 - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
S1 dumzycxb; \??\C:\Windows\system32\drivers\dumzycxb.sys [X]
U3 kglcyuow; \??\C:\Users\CHRIST~1\AppData\Local\Temp\kglcyuow.sys [X]
C:\Windows\system32\drivers\dumzycxb.sys
2014-12-08 21:17 - 2012-08-13 18:04 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\BitTorrent
2014-12-08 21:17 - 2011-10-06 15:11 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\uTorrent
2014-12-03 22:33 - 2013-04-17 12:11 - 00000000 ____D () C:\Program Files (x86)\WhiteSmoke_New
2014-12-03 22:32 - 2013-04-17 12:12 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Systweak
2014-12-03 22:32 - 2013-03-29 19:25 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\player
2014-12-03 22:32 - 2013-03-29 19:11 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Yontoo
2014-12-03 22:32 - 2013-03-29 19:10 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Delta
2014-12-03 22:33 - 2012-08-13 18:06 - 00000000 ____D () C:\Program Files (x86)\BitTorrent
2014-12-03 22:32 - 2014-08-19 19:28 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\WSE_Astromenda
2014-12-03 22:32 - 2014-08-19 19:26 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Astromenda
2014-12-03 22:28 - 2014-08-19 19:28 - 00000306 _____ () C:\Windows\Tasks\WSE_Astromenda.job
Task: {318F782F-D3C1-4363-92F2-3CD5D06CDEB7} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {6759008C-DEDD-47DC-91DA-6A8AF121817F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: {EDC0F9F7-AA71-4703-869A-595EB5E0549B} - System32\Tasks\WSE_Astromenda => C:\Users\Christine\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-08-19] () <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\CHRIST~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\CHRIST~1\AppData\Roaming\WSE_AS~1
AlternateDataStreams: C:\ProgramData\Temp:6A285F23
EmptyTemp:
end
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F}" => Key deleted successfully.
"HKCR\CLSID\{B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
"HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
"HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key not found.
HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value deleted successfully.
"HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
"HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found.
"HKU\S-1-5-21-1902443910-2598751035-2463263663-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F}" => Key deleted successfully.
"HKCR\CLSID\{B0F2FBE6-0FE0-4D3B-B50B-1DB5A4BA048F}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}" => Key not found.
dumzycxb => Service deleted successfully.
kglcyuow => Service not found.
"C:\Windows\system32\drivers\dumzycxb.sys" => File/Directory not found.
C:\Users\Christine\AppData\Roaming\BitTorrent => Moved successfully.
C:\Users\Christine\AppData\Roaming\uTorrent => Moved successfully.
C:\Program Files (x86)\WhiteSmoke_New => Moved successfully.
C:\Users\Christine\AppData\Roaming\Systweak => Moved successfully.
C:\Users\Christine\AppData\Roaming\player => Moved successfully.
C:\Users\Christine\AppData\Roaming\Yontoo => Moved successfully.
C:\Users\Christine\AppData\Roaming\Delta => Moved successfully.
C:\Program Files (x86)\BitTorrent => Moved successfully.
C:\Users\Christine\AppData\Roaming\WSE_Astromenda => Moved successfully.
C:\Users\Christine\AppData\Roaming\Astromenda => Moved successfully.
C:\Windows\Tasks\WSE_Astromenda.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{318F782F-D3C1-4363-92F2-3CD5D06CDEB7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{318F782F-D3C1-4363-92F2-3CD5D06CDEB7}" => Key deleted successfully.
C:\Windows\System32\Tasks\BitGuard => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6759008C-DEDD-47DC-91DA-6A8AF121817F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6759008C-DEDD-47DC-91DA-6A8AF121817F}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDC0F9F7-AA71-4703-869A-595EB5E0549B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDC0F9F7-AA71-4703-869A-595EB5E0549B}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Astromenda => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => Key deleted successfully.
C:\Windows\Tasks\WSE_Astromenda.job not found.
"C:\Users\CHRIST~1\AppData\Roaming\WSE_AS~1" => File/Directory not found.
C:\ProgramData\Temp => ":6A285F23" ADS removed successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Hotcod1 is offline  
Old 12-09-2014, 02:32 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Hotcod1. How is the machine behaving?

Do you have more control now? Do you still get the popup on startup?

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

VAFPlayer<<<<Please read this

Also delete the following Folders if they still exist:

C:\Program Files (x86)\Tuguu SL

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Yontoo<<Please read here

Also delete the following Folder if it still exists:

C:\Program Files (x86)\Yontoo

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-10-2014, 11:33 AM   #18
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2



Hi Chemist,

seems a lot better, thank you. No sign of the pop-up as yet and the machine seems to be working fine.

I can't remove Vafplayer using the method above, or the uninstaller supplied with the software. I initially get an error message in Spanish (i think), followed by another in English which says "The installation source for this product is not available. Verify that the source exists and that you can access it."

I've downloaded the other programs as requested, but will wait for your ok before I run them.

Look forward to hearing from you
Hotcod1 is offline  
Old 12-10-2014, 12:12 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



OK. Just continue with the rest of the instructions and we'll take care of that later.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-11-2014, 02:13 PM   #20
Registered Member
 
Join Date: Nov 2012
Posts: 44
OS: xp sp2



Hi Chemist,

Log files as requested ...

# AdwCleaner v4.105 - Report created 11/12/2014 at 19:49:21
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Christine - CHRISTINE-HP
# Running from : C:\Users\Christine\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Users\Christine\AppData\Local\Conduit
Folder Deleted : C:\Users\Christine\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Christine\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Christine\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Christine\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Christine\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\Christine\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Christine\AppData\Roaming\BabMaint.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\d
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\5f578fdfe069e514
Key Deleted : HKLM\SOFTWARE\5f578fdfe069e514
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\tuguu sl
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v37.0.2062.124

[C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtBtAtCtDtBtDyB0D0Ezy0EtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzztB0B0AtD0E0BtGyB0EyCyBtG0F0DtD0EtGzz0AtCyDtGtBzztC0D0C0CyBzy0BtA0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0A0AyBtA0C0AtGtCtB0CtCtG0B0B0A0FtG0AtB0E0EtGyC0D0FtB0C0E0EzztB0FyC0C2Q&cr=75228055&ir=

*************************

AdwCleaner[R0].txt - [10260 octets] - [11/12/2014 19:28:16]
AdwCleaner[S0].txt - [9807 octets] - [11/12/2014 19:49:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9867 octets] ##########

ComboFix 14-12-10.03 - Christine 11/12/2014 20:48:45.2.1 - x64
Running from: c:\users\Christine\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\85986BBC.cpp
c:\programdata\CBB68958.dot
c:\windows\SysWow64\X86
.
.
((((((((((((((((((((((((( Files Created from 2014-11-11 to 2014-12-11 )))))))))))))))))))))))))))))))
.
.
2014-12-11 22:00 . 2014-12-11 22:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-12-11 22:00 . 2014-12-11 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-11 22:00 . 2014-12-11 22:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-12-11 21:08 . 2014-12-11 21:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92AAC855-73E4-479F-895C-92A9017E39CA}\offreg.dll
2014-12-11 19:28 . 2014-12-11 19:49 -------- d-----w- C:\AdwCleaner
2014-12-10 19:17 . 2014-12-10 19:17 -------- d-sh--w- c:\users\Christine\AppData\Local\EmieBrowserModeList
2014-12-08 22:48 . 2014-12-09 20:52 -------- d-----w- C:\FRST
2014-12-03 22:40 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92AAC855-73E4-479F-895C-92A9017E39CA}\mpengine.dll
2014-11-27 19:22 . 2014-11-11 03:08 728064 ------w- c:\windows\system32\kerberos.dll
2014-11-27 19:22 . 2014-10-14 02:12 1460736 ------w- c:\windows\system32\lsasrv.dll
2014-11-27 19:22 . 2014-11-11 03:08 241152 ------w- c:\windows\system32\pku2u.dll
2014-11-27 19:22 . 2014-10-14 01:50 22016 ------w- c:\windows\SysWow64\secur32.dll
2014-11-27 19:22 . 2014-10-14 01:49 96768 ------w- c:\windows\SysWow64\sspicli.dll
2014-11-27 19:22 . 2014-10-03 02:11 680960 ------w- c:\windows\system32\audiosrv.dll
2014-11-27 19:22 . 2014-10-03 02:11 296448 ------w- c:\windows\system32\AudioSes.dll
2014-11-27 19:18 . 2014-11-06 02:04 1550336 ------w- c:\windows\system32\urlmon.dll
2014-11-27 19:18 . 2014-11-06 01:48 742400 ------w- c:\program files\Internet Explorer\ieproxy.dll
2014-11-27 19:18 . 2014-11-06 03:43 2884096 ------w- c:\windows\system32\iertutil.dll
2014-11-27 19:18 . 2014-11-06 01:52 1892864 ------w- c:\windows\SysWow64\wininet.dll
2014-11-27 19:18 . 2014-11-06 02:17 2365440 ------w- c:\windows\system32\wininet.dll
2014-11-27 19:18 . 2014-08-21 06:43 1882624 ------w- c:\windows\system32\msxml3.dll
2014-11-27 19:18 . 2014-08-21 06:40 2048 ------w- c:\windows\system32\msxml3r.dll
2014-11-27 19:16 . 2014-10-18 02:05 861696 ------w- c:\windows\system32\oleaut32.dll
2014-11-27 19:16 . 2014-10-18 01:33 571904 ------w- c:\windows\SysWow64\oleaut32.dll
2014-11-27 19:15 . 2014-09-19 09:42 342016 ------w- c:\windows\system32\schannel.dll
2014-11-27 19:15 . 2014-09-19 09:42 309760 ------w- c:\windows\system32\ncrypt.dll
2014-11-27 19:15 . 2014-09-19 09:42 210944 ------w- c:\windows\system32\wdigest.dll
2014-11-27 19:15 . 2014-09-19 09:42 314880 ------w- c:\windows\system32\msv1_0.dll
2014-11-27 19:15 . 2014-09-19 09:42 86528 ------w- c:\windows\system32\TSpkg.dll
2014-11-27 19:15 . 2014-09-19 09:42 22016 ------w- c:\windows\system32\credssp.dll
2014-11-27 19:15 . 2014-09-19 09:23 17408 ------w- c:\windows\SysWow64\credssp.dll
2014-11-27 18:42 . 2014-11-27 18:42 -------- d-----w- c:\programdata\Oracle
2014-11-27 18:04 . 2014-12-03 22:05 -------- d-----w- C:\53df2783115667dffc17e65c
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-09 21:33 . 2012-09-18 20:45 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-10-10 02:05 . 2014-10-20 18:57 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-10 02:05 . 2014-10-20 18:57 507392 ----a-w- c:\windows\system32\aepdu.dll
2014-10-10 02:00 . 2014-10-20 18:57 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-10-07 02:54 . 2014-10-20 18:56 378552 ----a-w- c:\windows\system32\iedkcs32.dll
2014-10-02 14:53 . 2011-05-25 10:34 278152 ----a-w- c:\windows\system32\MpSigStub.exe
2014-10-01 07:51 . 2012-09-18 20:49 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-01 07:51 . 2011-10-06 10:27 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-29 00:58 . 2014-10-20 18:59 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-09-25 22:50 . 2014-10-20 18:56 13619200 ----a-w- c:\windows\system32\ieframe.dll
2014-09-25 22:32 . 2014-10-20 18:56 2017280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31 . 2014-10-20 18:56 2108416 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-25 02:08 . 2014-10-01 08:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 08:08 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-19 02:25 . 2014-10-20 18:56 23631360 ----a-w- c:\windows\system32\mshtml.dll
2014-09-19 01:56 . 2014-10-20 18:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 01:55 . 2014-10-20 18:56 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:41 . 2014-10-20 18:56 2796032 ----a-w- c:\windows\system32\iertutil(165).dll
2014-09-19 01:40 . 2014-10-20 18:56 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-09-19 01:40 . 2014-10-20 18:56 547328 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 01:39 . 2014-10-20 18:56 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-09-19 01:38 . 2014-10-20 18:56 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-19 01:36 . 2014-10-20 18:56 5829632 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 01:31 . 2014-10-20 18:56 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-09-19 01:30 . 2014-10-20 18:57 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-09-19 01:27 . 2014-10-20 18:56 595968 ----a-w- c:\windows\system32\ieui.dll
2014-09-19 01:26 . 2014-10-20 18:56 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 01:25 . 2014-10-20 18:56 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-09-19 01:25 . 2014-10-20 18:56 4201472 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-09-19 01:25 . 2014-10-20 18:56 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-09-19 01:18 . 2014-10-20 18:56 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 01:14 . 2014-10-20 18:56 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-09-19 01:14 . 2014-10-20 18:56 446464 ----a-w- c:\windows\system32\dxtmsft.dll
2014-09-19 01:06 . 2014-10-20 18:56 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 01:02 . 2014-10-20 18:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-09-19 01:01 . 2014-10-20 18:56 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-09-19 01:01 . 2014-10-20 18:56 195584 ----a-w- c:\windows\system32\msrating.dll
2014-09-19 01:01 . 2014-10-20 18:57 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 01:00 . 2014-10-20 18:56 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-09-19 00:59 . 2014-10-20 18:56 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:58 . 2014-10-20 18:56 289280 ----a-w- c:\windows\system32\dxtrans.dll
2014-09-19 00:55 . 2014-10-20 18:56 2187264 ----a-w- c:\windows\SysWow64\iertutil(186).dll
2014-09-19 00:50 . 2014-10-20 18:56 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49 . 2014-10-20 18:57 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:42 . 2014-10-20 18:56 731136 ----a-w- c:\windows\system32\msfeeds.dll
2014-09-19 00:42 . 2014-10-20 18:57 710656 ----a-w- c:\windows\system32\ie4uinit.exe
2014-09-19 00:40 . 2014-10-20 18:56 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-09-19 00:36 . 2014-10-20 18:56 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33 . 2014-10-20 18:56 2309632 ----a-w- c:\windows\system32\wininet(184).dll
2014-09-19 00:18 . 2014-10-20 18:56 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-09-19 00:14 . 2014-10-20 18:56 1447936 ----a-w- c:\windows\system32\urlmon(180).dll
2014-09-18 23:59 . 2014-10-20 18:56 775168 ----a-w- c:\windows\system32\ieapfltr.dll
2014-09-18 23:59 . 2014-10-20 18:56 1810944 ----a-w- c:\windows\SysWow64\wininet(191).dll
2014-09-18 23:53 . 2014-10-20 18:57 1190400 ----a-w- c:\windows\SysWow64\urlmon(190).dll
2014-09-18 02:00 . 2014-10-20 18:54 3241472 ----a-w- c:\windows\system32\msi.dll
2014-09-18 01:32 . 2014-10-20 18:54 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-09-13 01:58 . 2014-10-20 18:52 77312 ----a-w- c:\windows\system32\packager.dll
2014-09-13 01:40 . 2014-10-20 18:52 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21652064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-10-04 2933184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-12 4085896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GoGear SA3MXX Device Manager.lnk - c:\program files (x86)\Philips\GoGear SA3MXX Device Manager\main.exe [2012-8-13 125160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-01 07:50 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-07 07:51]
.
2014-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18 21:01]
.
2014-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18 21:01]
.
2014-12-11 c:\windows\Tasks\HPCeeScheduleForChristine.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-11 17:40 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 09:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 09:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 09:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 09:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 09:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 09:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-23 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/?gfe_rd=cr&...YCQ&gws_rd=ssl
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-11 22:05:23
ComboFix-quarantined-files.txt 2014-12-11 22:05
.
Pre-Run: 53,367,631,872 bytes free
Post-Run: 53,050,863,616 bytes free
.
- - End Of File - - 0B45F8735D64F10CEAC0B46B91398EE0
Hotcod1 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Black Screen Issues and Troubleshooting
The procedure below is to be carried out once you have addressed any Software, Driver, Malware/Virus or Blue Screen of Death (BSOD) issues or if your laptop does not power on at all. If previous BSOD issues had occured then carry out the following in this link - BSOD Posting Instructions. There...
night_shift Laptop Support 1 10-22-2014 03:52 PM
Toshiba laptop screen randomly broke...
I was using my Toshiba doing my coursework and everything was fine put it down and closed it while I went to do something, came back and the screen was gone... I took it to Staples where I got it from and they said Toshiba wont do anything cuz they will say it's my fault cuz it looks like it's been...
ajrimmer169 Laptop Support 38 03-03-2014 03:29 PM
[SOLVED] Slow Windows XP Splash Screen
My problem is that in the middle of having some virus problems, my computer suddenly started booting significantly slower. It never took very long to boot before, like 10 seconds, but now it takes over a minute on the splash screen. I've already been through the Virus/Trojan/Spyware Help forum's...
aphtershox Windows XP Support 50 09-05-2011 05:00 PM
IE8 open generates XL error
While IE8 is open and I move an XL2007 cell's contents, I get an 'Cannot empty the Clipboard'. Any fixes? Reinstall IE8? Thanks
cnestg8r Internet Explorer & Edge Forum 8 07-30-2011 03:20 AM
[SOLVED] Laptop turns off during startup after using Arctic Silver 5
Hi complete noob over here in need of help. I just applied arctic silver 5 to the cpu, gpu and another chip on my Gateway M-152XL. Prior to applying arctic silver 5, my laptop was overheating. I would watch a youtube video and my gpu would soar to over 80C. I also couldn't watch movies since my...
adca14 Motherboards, Bios|UEFI & CPU 10 06-25-2011 10:23 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:43 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts