Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trovi and Search Protect, only partially removed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trovi and Search Protect, only partially removed

Unread postby IunnraisF » May 19th, 2015, 1:55 am

This is a second hand laptop, but up until recently I've managed to keep it pretty clean. I downloaded a freeware program (CDisplayEx), and made sure to uncheck all the "install trovi search" and toolbars and other crap boxes, but I either missed one or the installer ignored my efforts and installed the malware anyway.

I've spent a couple days trying to remove it on my own, and I've... gotten pretty far, I think. Running Spybot and Avast in Safe Mode did a lot, and I was able to manually delete the SearchProtect folder in safe mode as well. I manually reset my firefox settings. Avast warned me something was trying to set my homepage back to trovi.com again a few times, but after some more Avast sweeps, that's stopped.

I'd say I was clean except that firefox is now crashing on a semi regular basis. I believe that this malware still has its hooks in my browser somewhere, but since I've deleted the files and folders it's looking for, it crashes the browser instead. Also, I just tried switching the chrome for the interim, since the crashing is getting obnoxious, but chrome seems to think I'm located in germany for some reason, keeps setting my language to german, uses the german google, and puts "/?trackid=sp-006" after every search, which appears to mean that chrome is infected as well and wasn't cleared nearly as well as firefox was.

Here are my DDS logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.45.2
Run by Iunnrais at 14:18:22 on 2015-05-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4091.2642 [GMT 9:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?trackid=sp-006
uSearch Bar = hxxps://www.google.com/?trackid=sp-006
uSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{00A08DB8-653A-496F-8DDA-13DC1A4432CF} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\140707C65602E4564777F627B602032613662666 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\7596E6475627377202E4564777F627B6 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{D45DF229-41D8-4B4F-9C90-5F000A210921} : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Iunnrais\AppData\Roaming\Mozilla\Firefox\Profiles\gvsmzot8.default-1431225827986\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll
FF - plugin: C:\Users\Iunnrais\AppData\Local\Hola\firefox\app\vlc\npvlc.dll
FF - plugin: C:\Users\Iunnrais\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-4 65736]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-4 272248]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-11-18 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-4 1047320]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-7-4 442264]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-9-16 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-30 238080]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-4 29168]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-4 89944]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-4 137288]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-5-7 343336]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-7-4 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-7-4 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-7-4 171416]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-5-7 273824]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2014-10-3 479960]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2014-10-3 479960]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2014-10-3 479960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-10-19 1111856]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-12 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-5-7 4034896]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-7-15 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-24 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-19 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-10-19 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-10-19 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-4 1255736]
.
=============== Created Last 30 ================
.
2015-05-18 03:41:15 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9EED64BA-CCA0-4239-B450-C326F3CA36F5}\offreg.dll
2015-05-16 02:30:03 12032440 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9EED64BA-CCA0-4239-B450-C326F3CA36F5}\mpengine.dll
2015-05-13 18:19:10 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:19:10 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:07:45 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-13 04:05:38 1736192 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2015-05-13 04:03:25 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-05-13 04:03:25 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-05-13 04:03:25 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-05-13 04:03:25 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-05-13 04:03:25 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-05-13 04:03:25 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-05-13 04:03:25 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-05-10 02:13:44 -------- d-----w- C:\Program Files (x86)\SearchProtect
2015-05-08 13:34:01 -------- d-----w- C:\Users\Iunnrais\AppData\Roaming\CDisplayEx
2015-05-08 13:33:51 -------- d-----w- C:\Program Files\CDisplayEx
2015-05-07 01:26:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-06 15:11:36 43112 ----a-w- C:\Windows\avastSS.scr
2015-05-02 15:53:56 -------- d-----w- C:\Users\Iunnrais\AppData\Local\ATI
2015-05-02 15:53:28 -------- d-----w- C:\ProgramData\AMD
2015-05-02 15:53:23 -------- d-----w- C:\Program Files (x86)\AMD AVT
2015-05-02 15:53:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2015-05-02 15:53:02 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2015-05-02 15:53:02 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2015-05-02 15:49:04 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2015-05-02 15:48:57 -------- d-----w- C:\Program Files\ATI
2015-05-02 15:48:28 -------- d-----w- C:\Program Files\ATI Technologies
2015-05-02 15:47:31 -------- d-----w- C:\AMD
2015-04-28 06:23:31 -------- d-----w- C:\Users\Iunnrais\AppData\Roaming\Python-Eggs
2015-04-23 11:23:11 -------- d-----w- C:\Users\Iunnrais\AppData\Local\SKIDROW
2015-04-22 08:27:18 26815168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-04-22 08:27:18 112455352 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-04-22 08:22:36 3645120 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2015-04-22 08:22:22 112455352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-04-22 08:22:18 37380288 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-04-21 05:48:56 -------- d-----w- C:\Users\Iunnrais\AppData\Roaming\Crusader Kings II
.
==================== Find3M ====================
.
2015-05-06 15:11:45 137288 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-05-06 15:11:44 89944 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-05-06 15:11:44 65736 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-05-06 15:11:44 29168 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-05-06 15:11:44 272248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-05-06 15:11:43 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-05-06 15:11:21 1047320 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-28 07:32:02 263952 ----a-w- C:\Windows\apppatch\AppPatch64\VCLdr64.dll
2015-04-28 07:32:02 223504 ----a-w- C:\Windows\apppatch\nbin\VC32Loader.dll
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-15 08:39:42 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 08:39:42 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 08:39:22 18178736 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
.
============= FINISH: 14:22:39.07 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2014 11:49:49 AM
System Uptime: 5/19/2015 2:11:33 PM (0 hours ago)
.
Motherboard: Intel | |
Processor: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz | U2E1 | 2000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 20.822 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 257.461 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_207A161F&REV_12\4&10095087&0&3BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_207A161F&REV_12\4&10095087&0&3BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_207A161F&REV_12\4&10095087&0&3AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_207A161F&REV_12\4&10095087&0&3AF0
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.22 (x64 edition)
Adobe Flash Player 17 NPAPI
Adobe Photoshop CC
Adobe Premiere Pro CC 2014
Adobe Reader XI (11.0.11)
Adobe Refresh Manager
Adobe Update Management Tool
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.6
AutoHotkey 1.1.19.01
Avast Free Antivirus
Bloggie Software
Bonjour
calibre 64bit
Canon MX320 series MP Drivers
CardWorks Business Card Software
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplayEx 1.10.29
Cheat Engine 6.4
Crusader Kings II
CutePDF Writer 3.0
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2986209) 64-Bit Edition
DVD Flick 1.3.0.7
Epic Games Launcher
Extended Asian Language font pack for Adobe Reader XI
Ezvid
FreeRIP MP3 Converter 4.5.2
GIMP 2.8.14
Google Chrome
Google Earth Plug-in
Google Update Helper
Graphviz
iFunbox (v2.8.2414.748), iFunbox DevTeam
Imperialism II - Age of Exploration
iTunes
Java 8 Update 45
Java Auto Updater
Java(TM) 7 (64-bit)
LAME v3.99.3 (for Windows)
Majesty Gold HD 1.0
Many Faces of Go 12
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Word MUI (English) 2013
Microsoft WSE 3.0 Runtime
Monster Maker
Mozilla Firefox 38.0.1 (x86 en-US)
Mozilla Maintenance Service
Network Addon Mod
Notepad++
NVIDIA PhysX
OpenTTD 1.5.0-beta1
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Settings CC
Pdfedit
Pillars of Eternity
SC4 Launcher
SC4 Mapper 2013
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Security Update for Microsoft Excel 2013 (KB2986216) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2975808) 64-Bit Edition
Security Update for Microsoft PowerPoint 2013 (KB2975816) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB2965307) 64-Bit Edition
Security Update for Skype for Business 2015 (KB3039779) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Shadowrun Returns
Skype™ 7.2
Spybot - Search & Destroy
Steam
Stencyl
The Last Federation
The Movies(TM)
The Movies(TM) 1.1 Patch
The Movies(TM) Stunts & Effects
tools-windows
Unity Web Player
Update for Microsoft Access 2013 (KB2965276) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880487) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881017) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881076) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956152) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956164) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965253) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965259) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965269) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965271) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965277) 64-Bit Edition
Update for Microsoft Office 2013 (KB2975869) 64-Bit Edition
Update for Microsoft Office 2013 (KB2986156) 64-Bit Edition
Update for Microsoft Office 2013 (KB2986171) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054782) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2986244) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2975901) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB3039799) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2013 (KB3039711) 64-Bit Edition
Update for Microsoft Project 2013 (KB2986246) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition
VMware Player
VMware vCenter Converter Standalone
Windows XP Mode
.
==== End Of File ===========================
IunnraisF
Active Member
 
Posts: 11
Joined: May 19th, 2015, 1:36 am
Advertisement
Register to Remove

Re: Trovi and Search Protect, only partially removed

Unread postby Blade81 » May 20th, 2015, 6:38 am

Hi,

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trovi and Search Protect, only partially removed

Unread postby IunnraisF » May 20th, 2015, 8:39 am

I clicked scan, and the progressbar completed, but no logfile appeared, and no file showed up in the C:\ folder either. Scan is greyed out now, and there's a message reading "Waiting for action. Please uncheck elements you want to keep."

I clicked "Logfile", and the following file popped up. It is named AdwCleaner[R0].txt and I don't know where it is saved, because it's not saved to C:\

# AdwCleaner v4.204 - Logfile created 20/05/2015 at 21:32:23
# Updated 12/05/2015 by Xplode
# Database : 2015-05-20.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Iunnrais - IUNNRAIS-PC
# Running from : C:\Users\Iunnrais\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\apppatch\apppatch64\vcldr64.dll
File Found : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\Windows\AppPatch\nbin\VC32Loader.dll
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Users\Iunnrais\AppData\Local\Hola

***** [ Scheduled tasks ] *****

Task Found : avabvyxvdy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Key Found : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v42.0.2311.152

[C:\Users\Iunnrais\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : bmkckgpgekmanipelfidlhmkfcjicion
[C:\Users\Iunnrais\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006",
"usage_count": 0
}
},
"extensions": {
"settings": {
"aapocclcgogkmnckokdopfmhonfmgoek": {
"ack_external": true,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "zs",
"commands": {

},
"content_settings": [ ],
"creation_flags": 137,
"events": [ ],
"extension_can_script_all_urls": true,
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"initial_keybindings_set": true,
"install_time": "13067936128931343",
"lastpingday": "13076405997276447",
"location": 1,
"manifest": {
"api_console_project_id": "889782162350",
"app": {
"launch": {
"local_path": "main.html"
}
},
"container": "GOOGLE_DRIVE",
"current_locale": "en_US",
"default_locale": "en_US",
"description": "Create and edit presentations ",
"icons": {
"128": "icon_128.png",
"16": "icon_16.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLOGW2Hoztw8m2z6SmCjm7y4Oe2o6aRqO+niYKCXhZab572by7acqFIFF0On3e3a967SwNijsTx2n+7Mt3KqWzEKtnwUZqzHYSsdZZK64vWIHIduawP0EICWRMf2RGIBEdDC6I1zErtcDiSrJWeRlnb0DHWXDXlt1YseM7RiON9wIDAQAB",
"manifest_version": 2,
"name": "Google Slides",
"offline_enabled": true,
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "0.9"
},
"page_ordinal": "n",
"path": "aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0",
"preferences": {

},
"regular_only_preferences": {

},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"ahfgeienlihckogmohjhadlkjgocpleb": {
"active_permissions": {
"api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "t",
"commands": {

},
"content_settings": [ ],
"creation_flags": 1,
"ephemeral_app": false,
"events": [ ],
"extension_can_script_all_urls": true,
"from_bookmark": false,
"from_webstore": false,
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"install_time": "13057144518477460",
"location": 5,
"manifest": {
"app": {
"launch": {
"web_url": "hxxps://chrome.google.com/webstore"
},
"urls": [ "hxxps://chrome.google.com/webstore" ]
},
"description": "Chrome Web Store",
"icons": {
"128": "webstore_icon_128.png",
"16": "webstore_icon_16.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
"name": "Store",
"permissions": [ "webstorePrivate", "management" ],
"version": "0.2"
},
"page_ordinal": "n",
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\37.0.2062.124\\resources\\web_store",
"preferences": {

},
"regular_only_preferences": {

},
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"aohghmighlieiainnegkcijnfilokake": {
"ack_external": true,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "w",
"commands": {

},
"content_settings": [ ],
"creation_flags": 137,
"events": [ ],
"extension_can_script_all_urls": true,
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"initial_keybindings_set": true,
"install_time": "13067936139649343",
"lastpingday": "13076405997276447",
"location": 1,
"manifest": {
"api_console_project_id": "619683526622",
"app": {
"launch": {
"local_path": "main.html"
}
},
"container": "GOOGLE_DRIVE",
"current_locale": "en_US",
"default_locale": "en_US",
"description": "Create and edit documents ",
"icons": {
"128": "icon_128.png",
"16": "icon_16.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB",
"manifest_version": 2,
"name": "Google Docs",
"offline_enabled": true,
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "0.9"
},
"page_ordinal": "n",
"path": "aohghmighlieiainnegkcijnfilokake\\0.9_0",
"preferences": {

},
"regular_only_preferences": {

},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"apdfllckaahabafndbhieahigkjlhalf": {
"ack_external": true,
"active_permissions": {
"api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "y",
"commands": {

},
"content_settings": [ ],
"creation_flags": 137,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"install_time": "13067936134598343",
"lastpingday": "13076405997276447",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxps://drive.google.com/?usp=chrome_app"
},
"urls": [ "hxxp://docs.google.com/", "hxxp://drive.google.com/", "hxxps://docs.google.com/", "hxxps://drive.google.com/" ]
},
"background": {
"allow_js_access": false
},
"current_locale": "en_US",
"default_locale": "en_US",
"description": "Google Drive: create, share and keep all your stuff in one place.",
"icons": {
"128": "128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB",
"manifest_version": 2,
"name": "Google Drive",
"offline_enabled": true,
"options_page": "hxxps://drive.google.com/settings",
"permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "6.4"
},
"page_ordinal": "n",
"path": "apdfllckaahabafndbhieahigkjlhalf\\6.4_0",
"preferences": {

},
"regular_only_preferences": {

},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"bepbmhgboaologfdajaanbcjmnhjmhfn": {
"disable_reasons": 1,
"state": 0
},
"blpcfgokakmgnkcojhhkbfbldkacnbeo": {
"ack_external": true,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "yn",
"commands": {

},
"content_settings": [ ],
"creation_flags": 153,
"events": [ ],
"from_bookmark": true,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"install_time": "13067936137042343",
"lastpingday": "13076405997276447",
"location": 1,
"manifest": {
"app": {
"launch": {
"container": "tab",
"web_url": "hxxp://www.youtube.com/?feature=ytca"
},
"web_content": {
"enabled": true,
"origin": "hxxp://www.youtube.com"
}
},
"current_locale": "en_US",
"default_locale": "en",
"description": "The world's most popular online video community.",
"icons": {
"128": "128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB",
"manifest_version": 2,
"name": "YouTube",
"update_url": "hxxp://clients2.google.com/service/update2/crx",
"version": "4.2.7"
},
"page_ordinal": "n",
"path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0",
"preferences": {

},
"regular_only_preferences": {

},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"bmkckgpgekmanipelfidlhmkfcjicion": {
"ack_external": true,
"active_permissions": {
"api": [ "cookies", "management", "searchProvider" ],
"explicit_host": [ "hxxp://*.bing.com/*", "hxxp://g.ceipmsn.com/*" ],
"manifest_permissions": [ ]
},
"commands": {

},
"content_settings": [ ],
"creation_flags": 9,
"disable_reasons": 8192,
"events": [ ],
"extension_can_script_all_urls": true,
"from_bookmark": false,
"from_webstore": true,
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"initial_keybindings_set": true,
"install_parameter": "SKY2",
"install_time": "13072624666512064",
"lastpingday": "13076405997276447",
"location": 6,
"manifest": {
"background": {
"persistent": false,
"scripts": [ "background.js" ]
},
"chrome_settings_overrides": {
"search_provider": {
"encoding": "UTF-8",
"favicon_url": "hxxp://www.bing.com/favicon.ico",
"is_default": true,
"keyword": "bing.com",
"name": "Bing",
"search_url": "hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}"
}
},
"description": "Set Bing as your default search provider",
"icons": {
"128": "Logo_128.ico",
"16": "Logo.png",
"48": "Logo_48.ico"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcghCH3e0n9fefpKZCA8kkwbE4Ow092umkJC4AIdnzdEpYQqZR1Rc3OZ4fbKYfID95KGfhTAohNQoVi4TH/2skder1PUwRDw/hyLzsEniZ0DOLTUa6nh6jzi4q1xV8yb2oZGZFtiEyqABoriA4ZVHP2C8R1/pA56dMGU0DybM4bzuV+5rY4kLOmzBjNQjYO3vyTqiO6lz1rlCxfbfDS7dDb4yahq+q3KyzjB2thpCoyhdaj+857X935xQL1fsmfXy/N7Ba1124u/gzRIF3cPObKTf2uXEj/EnOCZgJN5x172Mch4Msv1DMZ4YixEM5VhSlfXMwYMlDMcFJ9B7j+yyQIDAQAB",
"manifest_version": 2,
"name": "Bing Search Engine",
"permissions": [ "hxxp://g.ceipmsn.com/*", "hxxp://*.bing.com/*", "cookies", "management" ],
"short_name": "Bing Search Engine",
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "0.0.0.5"
},
"path": "bmkckgpgekmanipelfidlhmkfcjicion\\0.0.0.5_0",
"preferences": {

},
"regular_only_preferences": {

},
"state": 2,
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"coobgpohoikkiipiblmjeljniedjpjpf": {
"ack_external": true,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "z",
"commands": {

},
"content_settings": [ ],
"creation_flags": 153,
"events": [ ],
"from_bookmark": true,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"install_time": "13072624671915064",
"lastpingday": "13076405997276447",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxp://www.google.com/webhp?source=search_app"
},
"urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ]
},
"current_locale": "en_US",
"default_locale": "en",
"description": "The fastest way to search the web.

*************************

AdwCleaner[R0].txt - [18720 bytes] - [20/05/2015 21:32:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18780 bytes] ##########
IunnraisF
Active Member
 
Posts: 11
Joined: May 19th, 2015, 1:36 am

Re: Trovi and Search Protect, only partially removed

Unread postby Blade81 » May 21st, 2015, 8:11 am

Hi,

That's ok. It seems the file is in C:\AdwCleaner folder and not in C: root (C:\).

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[S1].txt as well.

Also, re-run DDS and post back contents of its logs.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trovi and Search Protect, only partially removed

Unread postby IunnraisF » May 21st, 2015, 10:51 am

Okay, done. Question: is AdwCleaner something safe enough that someone with fair computer skills could consider using it if ever infected again? Or is it dangerous enough to require more extensive training in its use?

Here's AdwCleaner[S1].txt. I'll re-run DDS in the next post. (EDIT: Next post is awaiting moderator approval for some reason)

# AdwCleaner v4.204 - Logfile created 21/05/2015 at 23:36:14
# Updated 12/05/2015 by Xplode
# Database : 2015-05-20.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Iunnrais - IUNNRAIS-PC
# Running from : C:\Users\Iunnrais\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\Iunnrais\AppData\Local\Hola
File Deleted : C:\Windows\apppatch\apppatch64\vcldr64.dll
File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Deleted : C:\Windows\AppPatch\nbin\VC32Loader.dll

***** [ Scheduled tasks ] *****

Task Deleted : avabvyxvdy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v43.0.2357.65

[C:\Users\Iunnrais\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bmkckgpgekmanipelfidlhmkfcjicion
[C:\Users\Iunnrais\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

*************************

AdwCleaner[R0].txt - [18876 bytes] - [20/05/2015 21:32:23]
AdwCleaner[S0].txt - [2496 bytes] - [21/05/2015 23:36:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2555 bytes] ##########
IunnraisF
Active Member
 
Posts: 11
Joined: May 19th, 2015, 1:36 am

Re: Trovi and Search Protect, only partially removed

Unread postby IunnraisF » May 21st, 2015, 10:52 am

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.45.2
Run by Iunnrais at 23:42:53 on 2015-05-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4091.2698 [GMT 9:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?trackid=sp-006
uSearch Bar = hxxps://www.google.com/?trackid=sp-006
uSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{00A08DB8-653A-496F-8DDA-13DC1A4432CF} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\140707C65602E4564777F627B602032613662666 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\7596E6475627377202E4564777F627B6 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{D45DF229-41D8-4B4F-9C90-5F000A210921} : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Iunnrais\AppData\Roaming\Mozilla\Firefox\Profiles\gvsmzot8.default-1431225827986\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll
FF - plugin: C:\Users\Iunnrais\AppData\Local\Hola\firefox\app\vlc\npvlc.dll
FF - plugin: C:\Users\Iunnrais\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2015-05-20 12:32:09 -------- d-----w- C:\AdwCleaner
2015-05-20 07:48:00 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2015-05-19 19:50:52 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23F98D2E-E004-4278-B445-AA91FD6A9F45}\offreg.3664.dll
2015-05-19 19:47:39 12214312 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23F98D2E-E004-4278-B445-AA91FD6A9F45}\mpengine.dll
2015-05-13 18:19:10 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:19:10 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:07:45 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-13 04:05:38 1736192 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2015-05-13 04:03:25 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-05-13 04:03:25 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-05-13 04:03:25 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-05-13 04:03:25 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-05-13 04:03:25 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-05-13 04:03:25 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-05-13 04:03:25 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-05-08 13:34:01 -------- d-----w- C:\Users\Iunnrais\AppData\Roaming\CDisplayEx
2015-05-08 13:33:51 -------- d-----w- C:\Program Files\CDisplayEx
2015-05-07 01:26:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-06 15:11:36 43112 ----a-w- C:\Windows\avastSS.scr
2015-05-02 15:53:56 -------- d-----w- C:\Users\Iunnrais\AppData\Local\ATI
2015-05-02 15:53:28 -------- d-----w- C:\ProgramData\AMD
2015-05-02 15:53:23 -------- d-----w- C:\Program Files (x86)\AMD AVT
2015-05-02 15:53:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2015-05-02 15:53:02 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2015-05-02 15:53:02 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2015-05-02 15:49:04 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2015-05-02 15:48:57 -------- d-----w- C:\Program Files\ATI
2015-05-02 15:48:28 -------- d-----w- C:\Program Files\ATI Technologies
2015-05-02 15:47:31 -------- d-----w- C:\AMD
2015-04-28 06:23:31 -------- d-----w- C:\Users\Iunnrais\AppData\Roaming\Python-Eggs
2015-04-23 11:23:11 -------- d-----w- C:\Users\Iunnrais\AppData\Local\SKIDROW
2015-04-22 08:27:18 26815168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-04-22 08:27:18 112455352 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-04-22 08:22:36 3645120 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2015-04-22 08:22:22 112455352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-04-22 08:22:18 37380288 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
.
==================== Find3M ====================
.
2015-05-06 15:11:45 137288 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-05-06 15:11:44 89944 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-05-06 15:11:44 65736 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-05-06 15:11:44 29168 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-05-06 15:11:44 272248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-05-06 15:11:43 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-05-06 15:11:21 1047320 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-15 08:39:42 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 08:39:42 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 08:39:22 18178736 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
.
============= FINISH: 23:46:42.09 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2014 11:49:49 AM
System Uptime: 5/21/2015 11:38:44 PM (0 hours ago)
.
Motherboard: Intel | |
Processor: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz | U2E1 | 2000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 7.771 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 257.461 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_207A161F&REV_12\4&10095087&0&3BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_207A161F&REV_12\4&10095087&0&3BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_207A161F&REV_12\4&10095087&0&3AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_207A161F&REV_12\4&10095087&0&3AF0
Service:
.
==== System Restore Points ===================
.
RP125: 3/4/2015 3:09:22 PM - Removed Temple of Elemental Evil
RP126: 3/8/2015 1:31:41 PM - Installed Extended Asian Language font pack for Adobe Reader XI.
RP127: 3/11/2015 6:01:04 PM - Windows Update
RP128: 3/12/2015 3:01:02 AM - Windows Update
RP129: 3/17/2015 10:46:24 AM - Installed The Movies(TM)
RP130: 3/17/2015 11:00:53 AM - Installed The Movies(TM) 1.1 Patch
RP131: 3/17/2015 11:05:13 AM - Installed The Movies(TM) Stunts & Effects
RP132: 3/18/2015 11:40:15 AM - Windows Update
RP133: 3/21/2015 2:25:54 PM - Windows Update
RP134: 3/25/2015 9:17:46 AM - Windows Update
RP135: 3/26/2015 9:05:04 AM - Windows Update
RP136: 3/26/2015 1:21:57 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
RP137: 3/26/2015 1:22:57 PM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
RP138: 3/26/2015 1:24:00 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP139: 3/26/2015 1:24:52 PM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
RP140: 3/26/2015 1:26:54 PM - Installed DirectX
RP141: 4/1/2015 1:16:05 PM - Windows Update
RP142: 4/4/2015 4:20:58 PM - Windows Update
RP143: 4/5/2015 10:52:39 AM - Windows Update
RP144: 4/8/2015 11:12:00 AM - Windows Update
RP145: 4/11/2015 1:30:42 PM - Windows Update
RP146: 4/14/2015 7:04:54 PM - Windows Update
RP147: 4/16/2015 10:31:57 AM - Windows Update
RP148: 4/17/2015 11:13:18 AM - Windows Update
RP149: 4/21/2015 2:51:03 PM - avast! antivirus system restore point
RP150: 4/22/2015 12:20:48 PM - Windows Update
RP151: 4/25/2015 4:46:31 PM - Windows Update
RP152: 5/1/2015 4:13:17 PM - Windows Update
RP153: 5/5/2015 4:46:19 PM - Windows Update
RP154: 5/7/2015 12:09:14 AM - avast! antivirus system restore point
RP155: 5/7/2015 10:25:00 AM - Removed Java 7 Update 67
RP156: 5/7/2015 10:26:27 AM - Removed Java 8 Update 25
RP157: 5/9/2015 4:26:59 PM - C
RP158: 5/13/2015 7:30:52 AM - Windows Update
RP159: 5/14/2015 3:01:09 AM - Windows Update
RP160: 5/18/2015 11:27:02 AM - Windows Update
RP161: 5/19/2015 2:03:58 PM - Removed The Sims Medieval
.
==== Installed Programs ======================
.
7-Zip 9.22 (x64 edition)
Adobe Flash Player 17 NPAPI
Adobe Photoshop CC
Adobe Premiere Pro CC 2014
Adobe Reader XI (11.0.11)
Adobe Refresh Manager
Adobe Update Management Tool
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.6
AutoHotkey 1.1.19.01
Avast Free Antivirus
Bloggie Software
Bonjour
calibre 64bit
Canon MX320 series MP Drivers
CardWorks Business Card Software
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplayEx 1.10.29
Cheat Engine 6.4
Crusader Kings II
CutePDF Writer 3.0
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2986209) 64-Bit Edition
DVD Flick 1.3.0.7
Epic Games Launcher
Extended Asian Language font pack for Adobe Reader XI
Ezvid
FreeRIP MP3 Converter 4.5.2
GIMP 2.8.14
Google Chrome
Google Earth Plug-in
Google Update Helper
Graphviz
iFunbox (v2.8.2414.748), iFunbox DevTeam
Imperialism II - Age of Exploration
iTunes
Java 8 Update 45
Java Auto Updater
Java(TM) 7 (64-bit)
LAME v3.99.3 (for Windows)
Majesty Gold HD 1.0
Many Faces of Go 12
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Word MUI (English) 2013
Microsoft WSE 3.0 Runtime
Monster Maker
Mozilla Firefox 38.0.1 (x86 en-US)
Mozilla Maintenance Service
Network Addon Mod
Notepad++
NVIDIA PhysX
OpenTTD 1.5.0-beta1
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Settings CC
Pdfedit
Pillars of Eternity
SC4 Launcher
SC4 Mapper 2013
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Security Update for Microsoft Excel 2013 (KB2986216) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2975808) 64-Bit Edition
Security Update for Microsoft PowerPoint 2013 (KB2975816) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB2965307) 64-Bit Edition
Security Update for Skype for Business 2015 (KB3039779) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Shadowrun Returns
Skype™ 7.2
Spybot - Search & Destroy
Steam
Stencyl
The Last Federation
The Movies(TM)
The Movies(TM) 1.1 Patch
The Movies(TM) Stunts & Effects
tools-windows
Unity Web Player
Update for Microsoft Access 2013 (KB2965276) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880487) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881017) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881076) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956152) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956164) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965253) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965259) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965269) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965271) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965277) 64-Bit Edition
Update for Microsoft Office 2013 (KB2975869) 64-Bit Edition
Update for Microsoft Office 2013 (KB2986156) 64-Bit Edition
Update for Microsoft Office 2013 (KB2986171) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054782) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2986244) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2975901) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB3039799) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2013 (KB3039711) 64-Bit Edition
Update for Microsoft Project 2013 (KB2986246) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition
VMware Player
VMware vCenter Converter Standalone
Windows XP Mode
.
==== Event Viewer Messages From Past Week ========
.
5/21/2015 8:58:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
5/21/2015 8:58:06 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2015 11:44:47 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/21/2015 11:40:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
5/21/2015 11:40:23 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2015 11:37:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
5/21/2015 11:36:34 PM, Error: Service Control Manager [7034] - The VMware vCenter Converter Standalone Worker service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:32 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/21/2015 11:36:32 PM, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/21/2015 11:36:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
5/21/2015 11:36:32 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7034] - The VMware vCenter Converter Standalone Agent service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:17 PM, Error: Service Control Manager [7034] - The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:17 PM, Error: Service Control Manager [7034] - The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:17 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The VMware vCenter Converter Standalone Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2015 11:36:11 PM, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/21/2015 11:36:10 PM, Error: Service Control Manager [7031] - The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2015 11:36:09 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:09 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:09 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2015 11:36:08 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
5/20/2015 8:19:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
5/20/2015 8:19:26 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/20/2015 4:48:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware vCenter Converter Standalone Agent service to connect.
5/20/2015 4:48:48 PM, Error: Service Control Manager [7000] - The VMware vCenter Converter Standalone Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/20/2015 1:18:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PETRA-THINK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{10C3AEC0-5521-483F-9E14-3D75154CF469}. The master browser is stopping or an election is being forced.
5/19/2015 3:04:34 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
5/19/2015 10:23:15 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
5/15/2015 4:06:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
5/15/2015 4:06:37 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/15/2015 4:06:37 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/15/2015 4:06:37 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/14/2015 4:18:29 AM, Error: Service Control Manager [7023] -
.
==== End Of File ===========================
IunnraisF
Active Member
 
Posts: 11
Joined: May 19th, 2015, 1:36 am

Re: Trovi and Search Protect, only partially removed

Unread postby Blade81 » May 22nd, 2015, 4:03 pm

is AdwCleaner something safe enough that someone with fair computer skills could consider using it if ever infected again? Or is it dangerous enough to require more extensive training in its use?

It should be relatively safe (removed findings are quarantined and can be restored if some "false positive" finding is accidentally flagged and removed). However, in such case logs should be saved so that those can be provided to helper when needed. I personally recommend creating topic and getting help from trained helper instead of trying different fixes first and asking for help just after that. If tools are used, they have removed something and output logs are not saved it will be difficult for helper to get a clue what infection has been present.

Anyway, let's do some more scanning.

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trovi and Search Protect, only partially removed

Unread postby IunnraisF » May 23rd, 2015, 8:48 am

Eset scan results:

C:\AdwCleaner\Quarantine\C\Windows\apppatch\apppatch64\vcldr64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\apppatch\nbin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Documents and Settings\Iunnrais\Documents\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Program Files (x86)\NCH Software\CardWorks\cardworks.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\NCH Software\CardWorks\cardworkssetup_v1.14.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Iunnrais\Documents\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application


My chrome installation is still doing the trackid=sp-006 thing. Firefox hasn't crashed yet today, but sometimes it takes a while for that symptom to appear, so I'll keep you posted as time goes on while we fix chrome.

EDIT: 10 minutes after I first posted this, Firefox crashed. Now, I will accept there is a possibility that Firefox crashing all the time is an unrelated coincidence to my accidentally installing malware, but it still seems very probable to me that it's not unrelated.
IunnraisF
Active Member
 
Posts: 11
Joined: May 19th, 2015, 1:36 am

Re: Trovi and Search Protect, only partially removed

Unread postby Blade81 » May 25th, 2015, 2:24 am

Hi,

Have you tried to reinstall both Firefox and Chrome?

ESET findings can be ignored.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trovi and Search Protect, only partially removed

Unread postby IunnraisF » May 26th, 2015, 12:47 am

I've now reinstalled Firefox and Chrome. Not enough time to report on Firefox's crashing yet, but my brand new installation of chrome is now doing "https://www.google.com/webhp?ie=UTF-8&rct=j" or something similar for all searches, which a google search suggests is still malware related?
IunnraisF
Active Member
 
Posts: 11
Joined: May 19th, 2015, 1:36 am

Re: Trovi and Search Protect, only partially removed

Unread postby Blade81 » May 26th, 2015, 5:25 am

Hi,

Please run adwCleaner again (with scan option) and post back the output log. After that run also DDS again and post back its logs.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trovi and Search Protect, only partially removed

Unread postby IunnraisF » May 27th, 2015, 3:44 am

EDIT (a day later): Incidentally, Firefox hasn't crashed since I've reinstalled, so... that's good news!

# AdwCleaner v4.205 - Logfile created 27/05/2015 at 16:32:19
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Iunnrais - IUNNRAIS-PC
# Running from : C:\Users\Iunnrais\Desktop\adwcleaner_4.205.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v43.0.2357.81

[C:\Users\Iunnrais\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Iunnrais\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [18876 bytes] - [20/05/2015 21:32:23]
AdwCleaner[R1].txt - [1021 bytes] - [27/05/2015 16:32:19]
AdwCleaner[S0].txt - [2643 bytes] - [21/05/2015 23:36:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1139 bytes] ##########


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.45.2
Run by Iunnrais at 16:40:27 on 2015-05-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4091.1876 [GMT 9:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
D:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Iunnrais\Desktop\adwcleaner_4.205.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?trackid=sp-006
uSearch Bar = hxxps://www.google.com/?trackid=sp-006
uSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [20150107] C:\Program Files\AVAST Software\Avast\setup\emupdate\1b66f849-5a3b-45bf-9a13-a1d881cff5e8.exe /check
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{00A08DB8-653A-496F-8DDA-13DC1A4432CF} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\140707C65602E4564777F627B602032613662666 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\7596E6475627377202E4564777F627B6 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{D45DF229-41D8-4B4F-9C90-5F000A210921} : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Iunnrais\AppData\Roaming\Mozilla\Firefox\Profiles\gvsmzot8.default-1431225827986\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll
FF - plugin: C:\Users\Iunnrais\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-4 65736]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-4 272248]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-11-18 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-4 1047320]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-7-4 442264]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-9-16 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-30 238080]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-4 29168]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-4 89944]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-5-7 343336]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-7-4 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-7-4 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-7-4 171416]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-5-7 273824]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2014-10-3 479960]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2014-10-3 479960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-10-19 1111856]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-4 137288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-12 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2014-10-3 479960]
S3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-5-7 4034896]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-7-15 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-24 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-19 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-10-19 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-10-19 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-4 1255736]
.
=============== Created Last 30 ================
.
2015-05-27 06:48:12 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A0682C7-6C7F-40A5-9677-C7E2BA9A8762}\offreg.1552.dll
2015-05-27 06:13:34 12214312 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A0682C7-6C7F-40A5-9677-C7E2BA9A8762}\mpengine.dll
2015-05-26 04:31:33 -------- d-sh--w- C:\Users\Iunnrais\AppData\Local\EmieUserList
2015-05-26 04:31:33 -------- d-sh--w- C:\Users\Iunnrais\AppData\Local\EmieSiteList
2015-05-26 04:31:33 -------- d-sh--w- C:\Users\Iunnrais\AppData\Local\EmieBrowserModeList
2015-05-23 04:07:10 -------- d-----w- C:\Program Files (x86)\ESET
2015-05-20 12:32:09 -------- d-----w- C:\AdwCleaner
2015-05-20 07:48:00 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2015-05-15 02:47:02 34072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
2015-05-15 02:47:02 229608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2015-05-13 18:19:10 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:19:10 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:07:45 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-13 04:05:38 1736192 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2015-05-13 04:03:25 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-05-13 04:03:25 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-05-13 04:03:25 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-05-13 04:03:25 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-05-13 04:03:25 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-05-13 04:03:25 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-05-13 04:03:25 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-05-08 13:34:01 -------- d-----w- C:\Users\Iunnrais\AppData\Roaming\CDisplayEx
2015-05-08 13:33:51 -------- d-----w- C:\Program Files\CDisplayEx
2015-05-07 01:26:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-06 15:11:36 43112 ----a-w- C:\Windows\avastSS.scr
2015-05-02 15:53:56 -------- d-----w- C:\Users\Iunnrais\AppData\Local\ATI
2015-05-02 15:53:28 -------- d-----w- C:\ProgramData\AMD
2015-05-02 15:53:23 -------- d-----w- C:\Program Files (x86)\AMD AVT
2015-05-02 15:53:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2015-05-02 15:53:02 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2015-05-02 15:53:02 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2015-05-02 15:49:04 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2015-05-02 15:48:57 -------- d-----w- C:\Program Files\ATI
2015-05-02 15:48:28 -------- d-----w- C:\Program Files\ATI Technologies
2015-05-02 15:47:31 -------- d-----w- C:\AMD
2015-04-28 06:23:31 -------- d-----w- C:\Users\Iunnrais\AppData\Roaming\Python-Eggs
.
==================== Find3M ====================
.
2015-05-06 15:11:45 137288 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-05-06 15:11:44 89944 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-05-06 15:11:44 65736 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-05-06 15:11:44 29168 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-05-06 15:11:44 272248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-05-06 15:11:43 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-05-06 15:11:21 1047320 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-15 08:39:42 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 08:39:42 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 08:39:22 18178736 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
.
============= FINISH: 16:42:04.22 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2014 11:49:49 AM
System Uptime: 5/22/2015 7:32:52 PM (117 hours ago)
.
Motherboard: Intel | |
Processor: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz | U2E1 | 2000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 27.407 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 257.451 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_207A161F&REV_12\4&10095087&0&3BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_207A161F&REV_12\4&10095087&0&3BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_207A161F&REV_12\4&10095087&0&3AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_207A161F&REV_12\4&10095087&0&3AF0
Service:
.
==== System Restore Points ===================
.
RP128: 3/12/2015 3:01:02 AM - Windows Update
RP129: 3/17/2015 10:46:24 AM - Installed The Movies(TM)
RP130: 3/17/2015 11:00:53 AM - Installed The Movies(TM) 1.1 Patch
RP131: 3/17/2015 11:05:13 AM - Installed The Movies(TM) Stunts & Effects
RP132: 3/18/2015 11:40:15 AM - Windows Update
RP133: 3/21/2015 2:25:54 PM - Windows Update
RP134: 3/25/2015 9:17:46 AM - Windows Update
RP135: 3/26/2015 9:05:04 AM - Windows Update
RP136: 3/26/2015 1:21:57 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
RP137: 3/26/2015 1:22:57 PM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
RP138: 3/26/2015 1:24:00 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP139: 3/26/2015 1:24:52 PM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
RP140: 3/26/2015 1:26:54 PM - Installed DirectX
RP141: 4/1/2015 1:16:05 PM - Windows Update
RP142: 4/4/2015 4:20:58 PM - Windows Update
RP143: 4/5/2015 10:52:39 AM - Windows Update
RP144: 4/8/2015 11:12:00 AM - Windows Update
RP145: 4/11/2015 1:30:42 PM - Windows Update
RP146: 4/14/2015 7:04:54 PM - Windows Update
RP147: 4/16/2015 10:31:57 AM - Windows Update
RP148: 4/17/2015 11:13:18 AM - Windows Update
RP149: 4/21/2015 2:51:03 PM - avast! antivirus system restore point
RP150: 4/22/2015 12:20:48 PM - Windows Update
RP151: 4/25/2015 4:46:31 PM - Windows Update
RP152: 5/1/2015 4:13:17 PM - Windows Update
RP153: 5/5/2015 4:46:19 PM - Windows Update
RP154: 5/7/2015 12:09:14 AM - avast! antivirus system restore point
RP155: 5/7/2015 10:25:00 AM - Removed Java 7 Update 67
RP156: 5/7/2015 10:26:27 AM - Removed Java 8 Update 25
RP157: 5/9/2015 4:26:59 PM - C
RP158: 5/13/2015 7:30:52 AM - Windows Update
RP159: 5/14/2015 3:01:09 AM - Windows Update
RP160: 5/18/2015 11:27:02 AM - Windows Update
RP161: 5/19/2015 2:03:58 PM - Removed The Sims Medieval
RP162: 5/22/2015 3:17:52 PM - Windows Update
RP163: 5/27/2015 3:11:43 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.22 (x64 edition)
Adobe Flash Player 17 NPAPI
Adobe Photoshop CC
Adobe Premiere Pro CC 2014
Adobe Reader XI (11.0.11)
Adobe Refresh Manager
Adobe Update Management Tool
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.6
AutoHotkey 1.1.19.01
Avast Free Antivirus
Bloggie Software
Bonjour
calibre 64bit
Canon MX320 series MP Drivers
CardWorks Business Card Software
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplayEx 1.10.29
Cheat Engine 6.4
Crusader Kings II
CutePDF Writer 3.0
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2986209) 64-Bit Edition
DVD Flick 1.3.0.7
Epic Games Launcher
ESET Online Scanner v3
Extended Asian Language font pack for Adobe Reader XI
Ezvid
FreeRIP MP3 Converter 4.5.2
GIMP 2.8.14
Google Chrome
Google Earth Plug-in
Google Update Helper
Graphviz
iFunbox (v2.8.2414.748), iFunbox DevTeam
Imperialism II - Age of Exploration
iTunes
Java 8 Update 45
Java Auto Updater
Java(TM) 7 (64-bit)
LAME v3.99.3 (for Windows)
Majesty Gold HD 1.0
Many Faces of Go 12
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Word MUI (English) 2013
Microsoft WSE 3.0 Runtime
Monster Maker
Mozilla Firefox 38.0.1 (x86 en-US)
Mozilla Maintenance Service
Network Addon Mod
Notepad++
NVIDIA PhysX
OpenTTD 1.5.0-beta1
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Settings CC
Pdfedit
Pillars of Eternity
SC4 Launcher
SC4 Mapper 2013
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Security Update for Microsoft Excel 2013 (KB2986216) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2975808) 64-Bit Edition
Security Update for Microsoft PowerPoint 2013 (KB2975816) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB2965307) 64-Bit Edition
Security Update for Skype for Business 2015 (KB3039779) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Shadowrun Returns
Skype™ 7.4
Spybot - Search & Destroy
Steam
Stencyl
The Last Federation
The Movies(TM)
The Movies(TM) 1.1 Patch
The Movies(TM) Stunts & Effects
tools-windows
Unity Web Player
Update for Microsoft Access 2013 (KB2965276) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880487) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881017) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881076) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956152) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956164) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965253) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965259) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965269) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965271) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965277) 64-Bit Edition
Update for Microsoft Office 2013 (KB2975869) 64-Bit Edition
Update for Microsoft Office 2013 (KB2986156) 64-Bit Edition
Update for Microsoft Office 2013 (KB2986171) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054782) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2986244) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2975901) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB3039799) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2013 (KB3039711) 64-Bit Edition
Update for Microsoft Project 2013 (KB2986246) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition
VMware Player
VMware vCenter Converter Standalone
Windows XP Mode
.
==== Event Viewer Messages From Past Week ========
.
5/27/2015 2:49:20 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/22/2015 7:34:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware vCenter Converter Standalone Agent service to connect.
5/22/2015 7:34:22 PM, Error: Service Control Manager [7000] - The VMware vCenter Converter Standalone Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2015 6:09:51 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy36.
5/21/2015 8:58:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
5/21/2015 8:58:06 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2015 11:40:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
5/21/2015 11:40:23 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2015 11:37:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
5/21/2015 11:36:34 PM, Error: Service Control Manager [7034] - The VMware vCenter Converter Standalone Worker service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:32 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/21/2015 11:36:32 PM, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/21/2015 11:36:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
5/21/2015 11:36:32 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7034] - The VMware vCenter Converter Standalone Agent service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:17 PM, Error: Service Control Manager [7034] - The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:17 PM, Error: Service Control Manager [7034] - The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:17 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The VMware vCenter Converter Standalone Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2015 11:36:17 PM, Error: Service Control Manager [7031] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2015 11:36:11 PM, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/21/2015 11:36:10 PM, Error: Service Control Manager [7031] - The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2015 11:36:09 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:09 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2015 11:36:09 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2015 11:36:08 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
5/20/2015 8:19:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
5/20/2015 8:19:26 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/20/2015 1:18:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PETRA-THINK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{10C3AEC0-5521-483F-9E14-3D75154CF469}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
IunnraisF
Active Member
 
Posts: 11
Joined: May 19th, 2015, 1:36 am

Re: Trovi and Search Protect, only partially removed

Unread postby Blade81 » May 28th, 2015, 8:49 am

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review:

C:\ComboFix.txt
New dds log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trovi and Search Protect, only partially removed

Unread postby IunnraisF » June 1st, 2015, 2:28 am

Sorry for the delay, I was busy this weekend. Here are the logs:

ComboFix 15-05-31.01 - Iunnrais 06/01/2015 15:06:58.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4091.2390 [GMT 9:00]
Running from: c:\users\Iunnrais\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-05-01 to 2015-06-01 )))))))))))))))))))))))))))))))
.
.
2015-06-01 06:20 . 2015-06-01 06:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-29 17:39 . 2015-05-29 17:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5189696D-A37F-414A-9B2C-ED4A0168927B}\offreg.1552.dll
2015-05-29 16:25 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5189696D-A37F-414A-9B2C-ED4A0168927B}\mpengine.dll
2015-05-26 04:33 . 2015-05-26 04:33 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-05-26 04:31 . 2015-05-26 04:31 -------- d-sh--w- c:\users\Iunnrais\AppData\Local\EmieUserList
2015-05-26 04:31 . 2015-05-26 04:31 -------- d-sh--w- c:\users\Iunnrais\AppData\Local\EmieSiteList
2015-05-26 04:31 . 2015-05-26 04:31 -------- d-sh--w- c:\users\Iunnrais\AppData\Local\EmieBrowserModeList
2015-05-23 04:07 . 2015-05-23 04:07 -------- d-----w- c:\program files (x86)\ESET
2015-05-20 12:32 . 2015-05-27 07:33 -------- d-----w- C:\AdwCleaner
2015-05-20 07:48 . 2015-05-20 07:48 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-05-13 18:19 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:19 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:07 . 2015-04-27 19:23 1254400 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-13 04:05 . 2015-04-08 03:29 1736192 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-05-13 04:03 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-13 04:03 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-13 04:03 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-13 04:03 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-13 04:03 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-13 04:03 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-13 04:03 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-08 13:34 . 2015-05-09 07:24 -------- d-----w- c:\users\Iunnrais\AppData\Roaming\CDisplayEx
2015-05-08 13:33 . 2015-05-08 13:33 -------- d-----w- c:\program files\CDisplayEx
2015-05-07 01:26 . 2015-05-07 01:11 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-07 01:23 . 2015-05-07 01:23 -------- d-----w- c:\program files\7-Zip
2015-05-07 01:11 . 2015-05-07 01:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-05-06 15:11 . 2015-05-06 15:11 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-06 15:11 . 2015-05-06 15:11 43112 ----a-w- c:\windows\avastSS.scr
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\users\Iunnrais\AppData\Roaming\ATI
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\users\Iunnrais\AppData\Local\ATI
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\programdata\ATI
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\programdata\AMD
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\program files (x86)\AMD AVT
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\program files (x86)\AMD APP
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\program files\Common Files\ATI Technologies
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2015-05-02 15:49 . 2015-05-02 15:49 -------- d-----w- c:\program files (x86)\ATI Technologies
2015-05-02 15:48 . 2015-05-02 15:48 -------- d-----w- c:\program files\ATI
2015-05-02 15:48 . 2015-05-02 15:52 -------- d-----w- c:\program files\ATI Technologies
2015-05-02 15:47 . 2015-05-02 15:47 -------- d-----w- C:\AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 18:30 . 2014-07-03 15:02 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-06 15:11 . 2014-07-04 04:14 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-06 15:11 . 2014-07-04 04:14 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-06 15:11 . 2014-07-04 04:14 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-06 15:11 . 2014-07-04 04:14 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-06 15:11 . 2014-07-04 04:14 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-06 15:11 . 2014-07-04 04:14 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-06 15:11 . 2014-07-04 04:14 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-06 15:11 . 2014-07-04 04:14 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-27 19:04 . 2015-05-13 04:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 08:39 . 2014-07-03 12:53 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 08:39 . 2014-07-03 12:53 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 08:39 . 2015-04-15 08:39 18178736 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-03-25 03:24 . 2015-04-15 09:19 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 09:19 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 09:19 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 09:19 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 09:19 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 09:19 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 09:19 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 09:19 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 09:19 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 09:19 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 09:19 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 09:19 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 09:19 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 09:19 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 09:19 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 09:19 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 09:19 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 09:19 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 09:19 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 09:19 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 09:19 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 09:19 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 09:19 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 09:19 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 09:18 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 09:18 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 09:18 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 09:18 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 09:19 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 09:19 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 09:14 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 09:14 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 04:03 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 04:03 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 09:14 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 04:03 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 04:03 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 04:03 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 08:19 1729752 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 08:19 1729752 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 08:19 1729752 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-12 5515496]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-18 1022152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20150107"="c:\program files\AVAST Software\Avast\setup\emupdate\1b66f849-5a3b-45bf-9a13-a1d881cff5e8.exe" [2015-05-25 183232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe [2011-6-9 746856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys;SysWOW64\drivers\bmdrvr.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [x]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 04:36 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-03 08:39]
.
2015-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-16 03:02]
.
2015-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-16 03:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 08:14 2334936 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 08:14 2334936 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 08:14 2334936 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-06 15:11 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Iunnrais\AppData\Roaming\Mozilla\Firefox\Profiles\gvsmzot8.default-1431225827986\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Network Addon Mod - c:\users\Iunnrais\Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-06-01 15:24:34
ComboFix-quarantined-files.txt 2015-06-01 06:24
.
Pre-Run: 32,983,040,000 bytes free
Post-Run: 33,125,031,936 bytes free
.
- - End Of File - - D086F9EC4E7EE053690EA5C23DEE45E9
A36C5E4F47E84449FF07ED3517B43A31


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2014 11:49:49 AM
System Uptime: 5/22/2015 7:32:52 PM (236 hours ago)
.
Motherboard: Intel | |
Processor: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz | U2E1 | 2000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 30.953 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 255.919 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_207A161F&REV_12\4&10095087&0&3BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_207A161F&REV_12\4&10095087&0&3BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_207A161F&REV_12\4&10095087&0&3AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_207A161F&REV_12\4&10095087&0&3AF0
Service:
.
==== System Restore Points ===================
.
RP132: 3/18/2015 11:40:15 AM - Windows Update
RP133: 3/21/2015 2:25:54 PM - Windows Update
RP134: 3/25/2015 9:17:46 AM - Windows Update
RP135: 3/26/2015 9:05:04 AM - Windows Update
RP136: 3/26/2015 1:21:57 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
RP137: 3/26/2015 1:22:57 PM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
RP138: 3/26/2015 1:24:00 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP139: 3/26/2015 1:24:52 PM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
RP140: 3/26/2015 1:26:54 PM - Installed DirectX
RP141: 4/1/2015 1:16:05 PM - Windows Update
RP142: 4/4/2015 4:20:58 PM - Windows Update
RP143: 4/5/2015 10:52:39 AM - Windows Update
RP144: 4/8/2015 11:12:00 AM - Windows Update
RP145: 4/11/2015 1:30:42 PM - Windows Update
RP146: 4/14/2015 7:04:54 PM - Windows Update
RP147: 4/16/2015 10:31:57 AM - Windows Update
RP148: 4/17/2015 11:13:18 AM - Windows Update
RP149: 4/21/2015 2:51:03 PM - avast! antivirus system restore point
RP150: 4/22/2015 12:20:48 PM - Windows Update
RP151: 4/25/2015 4:46:31 PM - Windows Update
RP152: 5/1/2015 4:13:17 PM - Windows Update
RP153: 5/5/2015 4:46:19 PM - Windows Update
RP154: 5/7/2015 12:09:14 AM - avast! antivirus system restore point
RP155: 5/7/2015 10:25:00 AM - Removed Java 7 Update 67
RP156: 5/7/2015 10:26:27 AM - Removed Java 8 Update 25
RP157: 5/9/2015 4:26:59 PM - C
RP158: 5/13/2015 7:30:52 AM - Windows Update
RP159: 5/14/2015 3:01:09 AM - Windows Update
RP160: 5/18/2015 11:27:02 AM - Windows Update
RP161: 5/19/2015 2:03:58 PM - Removed The Sims Medieval
RP162: 5/22/2015 3:17:52 PM - Windows Update
RP163: 5/27/2015 3:11:43 PM - Windows Update
RP164: 6/1/2015 3:04:03 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
7-Zip 9.22 (x64 edition)
Adobe Flash Player 17 NPAPI
Adobe Photoshop CC
Adobe Premiere Pro CC 2014
Adobe Reader XI (11.0.11)
Adobe Refresh Manager
Adobe Update Management Tool
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.6
AutoHotkey 1.1.19.01
Avast Free Antivirus
Bloggie Software
Bonjour
calibre 64bit
Canon MX320 series MP Drivers
CardWorks Business Card Software
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplayEx 1.10.29
Cheat Engine 6.4
Crusader Kings II
CutePDF Writer 3.0
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2986209) 64-Bit Edition
DVD Flick 1.3.0.7
Epic Games Launcher
ESET Online Scanner v3
Extended Asian Language font pack for Adobe Reader XI
Ezvid
FreeRIP MP3 Converter 4.5.2
GIMP 2.8.14
Google Chrome
Google Earth Plug-in
Google Update Helper
Graphviz
iFunbox (v2.8.2414.748), iFunbox DevTeam
Imperialism II - Age of Exploration
iTunes
Java 8 Update 45
Java Auto Updater
Java(TM) 7 (64-bit)
LAME v3.99.3 (for Windows)
Majesty Gold HD 1.0
Many Faces of Go 12
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Word MUI (English) 2013
Microsoft WSE 3.0 Runtime
Monster Maker
Mozilla Firefox 38.0.1 (x86 en-US)
Mozilla Maintenance Service
Notepad++
NVIDIA PhysX
OpenTTD 1.5.0-beta1
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Settings CC
Pdfedit
Pillars of Eternity
SC4 Launcher
SC4 Mapper 2013
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Security Update for Microsoft Excel 2013 (KB2986216) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2975808) 64-Bit Edition
Security Update for Microsoft PowerPoint 2013 (KB2975816) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB2965307) 64-Bit Edition
Security Update for Skype for Business 2015 (KB3039779) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Shadowrun Returns
Skype™ 7.4
Spybot - Search & Destroy
Steam
Stencyl
The Last Federation
The Movies(TM)
The Movies(TM) 1.1 Patch
The Movies(TM) Stunts & Effects
tools-windows
Unity Web Player
Update for Microsoft Access 2013 (KB2965276) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880487) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881017) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881076) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956152) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956164) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965253) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965259) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965269) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965271) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965277) 64-Bit Edition
Update for Microsoft Office 2013 (KB2975869) 64-Bit Edition
Update for Microsoft Office 2013 (KB2986156) 64-Bit Edition
Update for Microsoft Office 2013 (KB2986171) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054782) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2986244) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2975901) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB3039799) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2013 (KB3039711) 64-Bit Edition
Update for Microsoft Project 2013 (KB2986246) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition
VMware Player
VMware vCenter Converter Standalone
Windows XP Mode
.
==== Event Viewer Messages From Past Week ========
.
6/1/2015 3:20:47 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/31/2015 10:56:51 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/27/2015 9:53:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PETRA-THINK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{10C3AEC0-5521-483F-9E14-3D75154CF469}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.45.2
Run by Iunnrais at 15:26:47 on 2015-06-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4091.1878 [GMT 9:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?trackid=sp-006
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [20150107] C:\Program Files\AVAST Software\Avast\setup\emupdate\1b66f849-5a3b-45bf-9a13-a1d881cff5e8.exe /check
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{00A08DB8-653A-496F-8DDA-13DC1A4432CF} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\140707C65602E4564777F627B602032613662666 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\7596E6475627377202E4564777F627B6 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{D45DF229-41D8-4B4F-9C90-5F000A210921} : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Iunnrais\AppData\Roaming\Mozilla\Firefox\Profiles\gvsmzot8.default-1431225827986\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll
FF - plugin: C:\Users\Iunnrais\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-4 65736]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-4 272248]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-11-18 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-4 1047320]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-7-4 442264]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-9-16 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-30 238080]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-4 29168]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-4 89944]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-5-7 343336]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-5-7 273824]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2014-10-3 479960]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2014-10-3 479960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-10-19 1111856]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-4 137288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-12 124088]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-7-4 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-7-4 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-7-4 171416]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2014-10-3 479960]
S3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-5-7 4034896]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-7-15 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-24 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-19 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-10-19 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-10-19 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-4 1255736]
.
=============== Created Last 30 ================
.
2015-06-01 06:24:51 -------- d-sh--w- C:\$RECYCLE.BIN
2015-06-01 06:03:58 98816 ----a-w- C:\Windows\sed.exe
2015-06-01 06:03:58 256000 ----a-w- C:\Windows\PEV.exe
2015-06-01 06:03:58 208896 ----a-w- C:\Windows\MBR.exe
2015-05-29 17:39:51 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5189696D-A37F-414A-9B2C-ED4A0168927B}\offreg.1552.dll
2015-05-29 16:25:35 12214312 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5189696D-A37F-414A-9B2C-ED4A0168927B}\mpengine.dll
2015-05-26 04:31:33 -------- d-sh--w- C:\Users\Iunnrais\AppData\Local\EmieUserList
2015-05-26 04:31:33 -------- d-sh--w- C:\Users\Iunnrais\AppData\Local\EmieSiteList
2015-05-26 04:31:33 -------- d-sh--w- C:\Users\Iunnrais\AppData\Local\EmieBrowserModeList
2015-05-23 04:07:10 -------- d-----w- C:\Program Files (x86)\ESET
2015-05-20 12:32:09 -------- d-----w- C:\AdwCleaner
2015-05-20 07:48:00 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2015-05-15 02:47:02 34072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
2015-05-15 02:47:02 229608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2015-05-13 18:19:10 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:19:10 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:07:45 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-13 04:05:38 1736192 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2015-05-13 04:03:25 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-05-13 04:03:25 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-05-13 04:03:25 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-05-13 04:03:25 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-05-13 04:03:25 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-05-13 04:03:25 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-05-13 04:03:25 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-05-08 13:34:01 -------- d-----w- C:\Users\Iunnrais\AppData\Roaming\CDisplayEx
2015-05-08 13:33:51 -------- d-----w- C:\Program Files\CDisplayEx
2015-05-07 01:26:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-06 15:11:36 43112 ----a-w- C:\Windows\avastSS.scr
2015-05-02 15:53:56 -------- d-----w- C:\Users\Iunnrais\AppData\Local\ATI
2015-05-02 15:53:28 -------- d-----w- C:\ProgramData\AMD
2015-05-02 15:53:23 -------- d-----w- C:\Program Files (x86)\AMD AVT
2015-05-02 15:53:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2015-05-02 15:53:02 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2015-05-02 15:53:02 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2015-05-02 15:49:04 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2015-05-02 15:48:57 -------- d-----w- C:\Program Files\ATI
2015-05-02 15:48:28 -------- d-----w- C:\Program Files\ATI Technologies
2015-05-02 15:47:31 -------- d-----w- C:\AMD
.
==================== Find3M ====================
.
2015-05-06 15:11:45 137288 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-05-06 15:11:44 89944 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-05-06 15:11:44 65736 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-05-06 15:11:44 29168 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-05-06 15:11:44 272248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-05-06 15:11:43 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-05-06 15:11:21 1047320 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-15 08:39:42 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 08:39:42 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 08:39:22 18178736 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
.
============= FINISH: 15:27:04.09 ===============
IunnraisF
Active Member
 
Posts: 11
Joined: May 19th, 2015, 1:36 am

Re: Trovi and Search Protect, only partially removed

Unread postby Blade81 » June 1st, 2015, 2:53 am

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
DDS::
uStart Page = hxxps://www.google.com/?trackid=sp-006
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=s ... 006&q= {searchTerms}



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log + fresh dds.txt log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware