Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

virus win7, services will not start

This is a discussion on virus win7, services will not start within the Resolved HJT Threads forums, part of the Tech Support Forum category. Please find paste of dds.txt and attached file attach.txt. Thank you DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.31.2


 
 
Thread Tools Search this Thread
Old 06-05-2015, 12:31 PM   #1
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows 7



Please find paste of dds.txt and attached file attach.txt. Thank you

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.31.2
Run by ghamrick at 14:10:08 on 2015-06-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.11967.9943 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SunplusIT Integrated Camera\Monitor.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Users\ghamrick\AppData\Local\Akamai\netsession_win.exe
C:\Users\ghamrick\AppData\Local\Akamai\netsession_win.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [HP Officejet Pro 8610 (NET)] "C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" -deviceID "CN45LBK1XT:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [Akamai NetSession Interface] "C:\Users\ghamrick\AppData\Local\Akamai\netsession_win.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [DelaypluginInstall] C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
StartupFolder: C:\Users\ghamrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ghamrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\ghamrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\ghamrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENVP~1.LNK - C:\Program Files\OpenVPN\bin\openvpn-gui.exe
StartupFolder: C:\Users\ghamrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PASSWO~1.LNK - D:\Password Safe\pwsafe.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{0C9854BA-E9D7-4606-ABD7-782B8B923BB4} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{61C2F9C5-4B45-415F-9D38-3DB6EB229621} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{796DFF5C-045D-4CCF-B4BC-B9F3CDDFAEA7}\84F4F4655425E45445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{796DFF5C-045D-4CCF-B4BC-B9F3CDDFAEA7}\86F6F6675627E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{796DFF5C-045D-4CCF-B4BC-B9F3CDDFAEA7}\E45445745414256353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CD5734AE-ED61-4179-A6EA-5466204EB18C} : DHCPNameServer = 208.67.222.222 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - <orphaned>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [Integrated Camera_Monitor] C:\Program Files (x86)\SunplusIT Integrated Camera\Monitor.exe
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: WSAMVCUchrome - {086BD280-4613-43B5 - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
Hosts: 192.168.1.1 router.asus.com
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2013-10-17 29512]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-10-17 20024]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2014-1-29 29496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-4-16 283064]
R1 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 IntelHaxm;Intel Haxm;C:\Windows\System32\drivers\IntelHaxm.sys [2013-11-6 89072]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-10-17 59168]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2015-4-17 111048]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-10-17 72992]
R2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-10-17 197408]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2013-10-24 115184]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 124568]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-11-15 65657]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2013-10-17 101888]
R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2014-5-9 11576]
R3 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-6-18 1095616]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-6-18 1333184]
R3 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-6-18 1124288]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-5-21 111104]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-6-9 849408]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-7-9 60928]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-10-24 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-10-17 342528]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-10-17 358456]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-10-17 791608]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-7-26 25528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-19 25816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-5-16 31472]
R3 SPUVCbv;SPUVCb Driver Service;C:\Windows\System32\drivers\SPUVCBv_x64.sys [2015-5-5 688032]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]
R3 tvtvcamd;Camera Plus (VGA Resolution Maximum);C:\Windows\System32\drivers\tvtvcamd.sys [2013-10-17 27432]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-6-20 206744]
S2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-10-17 169432]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-19 1080120]
S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2014-1-9 15768]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2013-10-17 319536]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2015-6-4 43664]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-7-26 35256]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-3-9 272440]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-19 63704]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2013-3-26 32768]
S3 MSSQL$CIMS_DEV;SQL Server (CIMS_DEV);C:\Program Files\Microsoft SQL Server\MSSQL10_50.CIMS_DEV\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-8 284912]
S3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2013-10-17 1668896]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2013-10-17 1664800]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-19 19456]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2010-8-12 748648]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-4-19 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
.
=============== File Associations ===============
.
FileExt: .pif: CryptoPreventPIF="C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
FileExt: .scr: CryptoPreventSCR="C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: VisualStudio.js.12.0 - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
.
=============== Created Last 30 ================
.
2015-06-04 15:37:44 -------- dc----w- C:\FRST
2015-06-04 14:27:51 43664 -c--a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2015-06-04 14:19:43 -------- dc----w- C:\ProgramData\HitmanPro
2015-06-04 12:55:17 -------- dc----w- C:\AdwCleaner
2015-06-04 12:29:21 12214312 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71B21811-CDB6-4E7A-891E-1B8E1B1B0FC1}\mpengine.dll
2015-06-04 12:17:41 24 -c--a-w- C:\Users\ghamrick\AppData\Roaming\appdataFr25.bin
2015-06-03 12:13:20 1187344 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F2BEF488-1E72-409D-8069-5BB343B00906}\gapaengine.dll
2015-06-03 12:12:57 12214312 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-03 01:15:52 34072 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
2015-06-03 01:15:52 229608 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2015-06-03 01:15:52 215040 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
2015-06-01 22:49:24 -------- dc----w- C:\Users\ghamrick\AppData\Local\GWX
2015-05-22 20:16:10 -------- dc----w- C:\Users\ghamrick\.gnupg
2015-05-14 07:05:11 -------- dc----w- C:\Windows\PCHEALTH
2015-05-14 07:03:43 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 07:03:43 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:47:00 328704 ----a-w- C:\Windows\System32\services.exe
2015-05-13 12:45:57 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-05-13 12:45:57 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-05-13 12:45:57 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-05-13 12:45:57 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-05-13 12:45:57 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-05-13 12:45:57 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-05-13 12:45:57 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-05-06 20:57:34 -------- dc----w- C:\Program Files (x86)\SunplusIT Integrated Camera
.
==================== Find3M ====================
.
2015-06-04 13:47:26 136408 -c--a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-04 12:20:38 778416 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-06-04 12:20:38 142512 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-14 07:35:55 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2015-05-14 07:35:52 142336 ----a-w- C:\Windows\System32\poqexec.exe
2015-05-14 07:19:17 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-05-14 07:19:17 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-05-14 07:19:17 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-14 07:19:17 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-05-14 07:17:09 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-05-14 07:17:09 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-05-14 07:17:09 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-05-14 07:17:09 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-05-14 07:16:47 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-05-14 07:16:47 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-05-14 07:16:47 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-05-14 07:09:15 2543104 ----a-w- C:\Windows\System32\wpdshext.dll
2015-05-14 07:09:15 2311168 ----a-w- C:\Windows\SysWow64\wpdshext.dll
2015-05-14 07:02:31 470528 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2015-05-14 07:02:31 309248 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2015-05-14 07:02:31 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2015-05-14 07:02:31 2178560 ----a-w- C:\Windows\apppatch\AcGenral.dll
2015-05-14 07:02:31 103424 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2015-05-05 08:22:14 428064 -c--a-w- C:\Windows\System32\VCamPPage_x64.dll
2015-05-05 08:17:50 81440 -c--a-w- C:\Windows\System32\DextUVCB_x64.ax
2015-05-05 08:17:50 78368 -c--a-w- C:\Windows\SysWow64\DextUVCB.ax
2015-05-05 08:17:50 688032 -c--a-w- C:\Windows\System32\drivers\SPUVCBv_x64.sys
2015-05-05 08:17:50 357920 -c--a-w- C:\Windows\SysWow64\VCamPPage.dll
2015-04-15 07:08:57 404480 ----a-w- C:\Windows\System32\gdi32.dll
2015-04-15 07:08:57 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-04-15 07:03:27 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-04-15 07:03:27 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-04-15 07:03:27 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2015-04-15 07:03:27 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-04-15 07:01:37 754688 ----a-w- C:\Windows\System32\drivers\http.sys
2015-04-15 07:00:34 79360 ----a-w- C:\Windows\System32\clfsw32.dll
2015-04-15 07:00:34 58880 ----a-w- C:\Windows\SysWow64\clfsw32.dll
2015-04-15 07:00:34 367552 ----a-w- C:\Windows\System32\clfs.sys
2015-04-14 13:37:56 63704 -c--a-w- C:\Windows\System32\drivers\mwac.sys
2015-04-14 13:37:46 107736 -c--a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-14 13:37:42 25816 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2015-04-08 15:02:09 53248 -c--a-w- C:\Windows\SysWow64\zlib.dll
2015-03-16 21:36:56 922704 -c--a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2015-03-16 21:35:46 204264 -c--a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2015-03-16 21:35:46 156360 -c--a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2015-03-16 21:35:46 141440 -c--a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2015-03-16 21:35:46 128592 -c--a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2015-03-12 07:15:15 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-03-12 07:15:15 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-03-12 07:15:15 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-03-12 07:15:15 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-03-12 07:15:15 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-03-12 07:15:15 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-03-12 07:15:15 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-03-12 07:15:15 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-03-12 07:15:15 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-03-12 07:15:15 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-03-12 07:13:02 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-03-12 07:13:02 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-03-12 07:13:02 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-03-12 07:12:09 215552 ----a-w- C:\Windows\System32\ubpm.dll
2015-03-12 07:12:09 171520 ----a-w- C:\Windows\SysWow64\ubpm.dll
2015-03-12 07:10:46 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-03-12 07:03:56 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-03-12 07:03:56 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-03-12 07:03:37 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-03-12 07:03:37 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-03-12 07:00:36 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-03-12 07:00:36 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
.
============= FINISH: 14:10:52.77 ===============
Attached Files
File Type: txt attach.txt (18.7 KB, 329 views)
hooverstick is offline  
Sponsored Links
Advertisement
 
Old 06-05-2015, 02:50 PM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello hooverstick. Welcome to TSF.

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

=======================================================

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 06-05-2015, 03:02 PM   #3
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows 7



Hi Tolga and thank you very much for your reply. Please find attached the results of FRST64 scan, 2 files - FRST.txt and Addition.txt
Attached Files
File Type: txt FRST.txt (79.6 KB, 22 views)
File Type: txt Addition.txt (67.3 KB, 199 views)
hooverstick is offline  
Sponsored Links
Advertisement
 
Old 06-05-2015, 04:26 PM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

I notice you've started same thread in BC forum. if you wish to receive help here, You will have to let BC know, you are already being helped here. And close the other thread.
__________________
tekir06 is offline  
Old 06-05-2015, 04:40 PM   #5
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows 7



Done. I requested that the thread be closed
hooverstick is offline  
Old 06-05-2015, 05:57 PM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Thank you. Let's move on.

=====================================================

I see you have P2P software ( Vuze ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please read here

=====================================================

We need to uninstall some programs.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of program to uninstall:

Popcorn Time >>> Please read
Spybot - Search & Destroy

============================================

Please do the following instructions:

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Attached Files
File Type: txt fixlist.txt (14.5 KB, 20 views)
__________________
tekir06 is offline  
Old 06-05-2015, 06:34 PM   #7
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows 7



I deleted the programs requested, Popcorn Time and Spybot Search and Destroy.

Ran FRST.exe with fixlist.txt and rebooted. Some services that were previously disable are now functional. ethernet networking, however, is still disabled.

here is the contents of FixLog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by ghamrick at 2015-06-05 21:20:21 Run:1
Running from H:\
Loaded Profiles: ghamrick (Available Profiles: ghamrick & Default Web Site & DefaultAppPool & ASP.NET v4.0 Classic & Default & ASP.NET v4.0)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKU\S-1-5-21-1627287678-2475260067-789934204-1001\...\MountPoints2: {4cd01a21-c5ac-11e3-a1d8-08d40c06606b} - D:\setup.exe
HKU\S-1-5-21-1627287678-2475260067-789934204-1001\...\MountPoints2: {9da5674a-3ed7-11e3-87ef-08d40c06606b} - D:\setup.exe -a
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1627287678-2475260067-789934204-1001 -> {64852D2A-B616-4BDF-99D6-0767B04F2C94} URL =
Winsock: Missing Catalog9 entry, broken internet access. <===== ATTENTION.
Winsock: Missing Catalog9-x64 entry, broken internet access. <===== ATTENTION.
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
FirewallRules: [{D7974A4A-9D09-4573-B32C-5F52B9E1C4FA}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{8A8FEDE0-9A84-4ABF-9EE7-8FE2E9F24D4B}] => (Allow) C:\Program Files\Vuze\Azureus.exe
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
"HKU\S-1-5-21-1627287678-2475260067-789934204-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cd01a21-c5ac-11e3-a1d8-08d40c06606b}" => key removed successfully
HKCR\CLSID\{4cd01a21-c5ac-11e3-a1d8-08d40c06606b} => key not found.
"HKU\S-1-5-21-1627287678-2475260067-789934204-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9da5674a-3ed7-11e3-87ef-08d40c06606b}" => key removed successfully
HKCR\CLSID\{9da5674a-3ed7-11e3-87ef-08d40c06606b} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1627287678-2475260067-789934204-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64852D2A-B616-4BDF-99D6-0767B04F2C94}" => key removed successfully
HKCR\CLSID\{64852D2A-B616-4BDF-99D6-0767B04F2C94} => key not found.
Winsock: Missing Catalog9 entry, broken internet access. <===== ATTENTION. => Winsock will be renumbered.
Winsock: Missing Catalog9-x64 entry, broken internet access. <===== ATTENTION. => Winsock will be renumbered.
Update service => Service not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\TEMP => ":9A870F8B" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7974A4A-9D09-4573-B32C-5F52B9E1C4FA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A8FEDE0-9A84-4ABF-9EE7-8FE2E9F24D4B} => value removed successfully
EmptyTemp: => 771.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:21:20 ====
hooverstick is offline  
Old 06-05-2015, 07:43 PM   #8
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows 7



I resolved the problem with the missing network adapter and now have network access. Thank you for your help. If you would like to send me an email address linked to a paypal account, I would be happy to send you a small payment for your help. Thank you again
hooverstick is offline  
Old 06-07-2015, 05:57 AM   #9
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

Quote:
I resolved the problem with the missing network adapter and now have network access.
I'm glad to hear that.
Quote:
I would be happy to send you a small payment for your help.
Our service is free. Thank you

======================================================

Your java is out of date.

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed.
Next, download the latest Java, version 8 Update 45 from the following link
Download Free Java Software

Let's remove all tools and logs that we use.

CLEAN UP


Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 06-07-2015, 07:04 AM   #10
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows 7



I updated java, removed the old java binaries, ran MS update and the delfix executable. Again - thank you very much for your help
hooverstick is offline  
Old 06-07-2015, 10:43 PM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Heloo hooverstick,

You're welcome. Thank you for your patience and coorperation.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Memory issue
Hey guys, So I need help figuring out what could be causing this https://content.screencast.com/users/Squeezitgirdle/folders/Jing/media/38bbe494-97b6-46a6-94de-38225d069cf1/2013-11-20_0932.png Just let me know what information I need to post and as long as I know how I'll be happy to...
Squeezit Windows 7 , Windows Vista Support 17 11-28-2013 03:06 AM
Unable to open programs
Good Morning, A friend called me the other night. He was unable to open any programs on his PC. Gets a message like: The specified service does not exist as an installed service. Click help for more information error code 0x80070424". I picked it up from him and tried to install Anti...
mrmuggyd Resolved HJT Threads 28 02-27-2013 02:34 PM
Network/computer hacker
First thing is first network was hacked and claimed by one of my neighbors, I went through trouble getting it back but the problems started there with my first computer same operating system as the one i am using now. Then the yahoo google and bing redirect virus was intensely messing with my...
ktruok Virus/Trojan/Spyware Help 2 11-22-2011 04:39 PM
REMOTE Hacker - Bank Accounts, Email, Facebook and Administration Control
Hello Tech Support Members. This is long, though it is a culmination of past (solved threads, that aren't) information all in one as well as an all around plea to the selfless experts. I am creating this final last ditch thread to help shed some light on a real enigma that has been cloaking my...
fiLmNut Virus/Trojan/Spyware Help 4 01-21-2011 05:33 AM
Need some help. Virus/malware Thanks!
:upset: Tons of popup windows saying this file is infected and that file is infected, do I want to open up my security software (and this isn't my CA security suite doing this). Even if I'm using Firefox random windows in IE will open with (******.com/porno.com/adult.com). Hardly any...
R_Willis Inactive Malware Help Topics 7 01-20-2011 09:50 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:33 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts