Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trovi and Search Protect, only partially removed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trovi and Search Protect, only partially removed

Unread postby IunnraisF » June 1st, 2015, 3:57 am

ComboFix 15-05-31.01 - Iunnrais 06/01/2015 16:19:08.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4091.2608 [GMT 9:00]
Running from: c:\users\Iunnrais\Desktop\ComboFix.exe
Command switches used :: c:\users\Iunnrais\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2015-05-01 to 2015-06-01 )))))))))))))))))))))))))))))))
.
.
2015-06-01 07:34 . 2015-06-01 07:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-29 16:25 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5189696D-A37F-414A-9B2C-ED4A0168927B}\mpengine.dll
2015-05-26 04:33 . 2015-05-26 04:33 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-05-26 04:31 . 2015-05-26 04:31 -------- d-sh--w- c:\users\Iunnrais\AppData\Local\EmieUserList
2015-05-26 04:31 . 2015-05-26 04:31 -------- d-sh--w- c:\users\Iunnrais\AppData\Local\EmieSiteList
2015-05-26 04:31 . 2015-05-26 04:31 -------- d-sh--w- c:\users\Iunnrais\AppData\Local\EmieBrowserModeList
2015-05-23 04:07 . 2015-05-23 04:07 -------- d-----w- c:\program files (x86)\ESET
2015-05-20 12:32 . 2015-05-27 07:33 -------- d-----w- C:\AdwCleaner
2015-05-20 07:48 . 2015-05-20 07:48 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-05-13 18:19 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:19 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:07 . 2015-04-27 19:23 1254400 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-13 04:05 . 2015-04-08 03:29 1736192 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-05-13 04:03 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-13 04:03 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-13 04:03 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-13 04:03 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-13 04:03 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-13 04:03 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-13 04:03 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-08 13:34 . 2015-05-09 07:24 -------- d-----w- c:\users\Iunnrais\AppData\Roaming\CDisplayEx
2015-05-08 13:33 . 2015-05-08 13:33 -------- d-----w- c:\program files\CDisplayEx
2015-05-07 01:26 . 2015-05-07 01:11 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-07 01:23 . 2015-05-07 01:23 -------- d-----w- c:\program files\7-Zip
2015-05-07 01:11 . 2015-05-07 01:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-05-06 15:11 . 2015-05-06 15:11 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-06 15:11 . 2015-05-06 15:11 43112 ----a-w- c:\windows\avastSS.scr
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\users\Iunnrais\AppData\Roaming\ATI
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\users\Iunnrais\AppData\Local\ATI
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\programdata\ATI
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\programdata\AMD
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\program files (x86)\AMD AVT
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\program files (x86)\AMD APP
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\program files\Common Files\ATI Technologies
2015-05-02 15:53 . 2015-05-02 15:53 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2015-05-02 15:49 . 2015-05-02 15:49 -------- d-----w- c:\program files (x86)\ATI Technologies
2015-05-02 15:48 . 2015-05-02 15:48 -------- d-----w- c:\program files\ATI
2015-05-02 15:48 . 2015-05-02 15:52 -------- d-----w- c:\program files\ATI Technologies
2015-05-02 15:47 . 2015-05-02 15:47 -------- d-----w- C:\AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 18:30 . 2014-07-03 15:02 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-06 15:11 . 2014-07-04 04:14 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-06 15:11 . 2014-07-04 04:14 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-06 15:11 . 2014-07-04 04:14 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-06 15:11 . 2014-07-04 04:14 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-06 15:11 . 2014-07-04 04:14 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-06 15:11 . 2014-07-04 04:14 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-06 15:11 . 2014-07-04 04:14 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-06 15:11 . 2014-07-04 04:14 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-27 19:04 . 2015-05-13 04:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 08:39 . 2014-07-03 12:53 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 08:39 . 2014-07-03 12:53 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 08:39 . 2015-04-15 08:39 18178736 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-03-25 03:24 . 2015-04-15 09:19 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 09:19 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 09:19 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 09:19 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 09:19 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 09:19 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 09:19 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 09:19 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 09:19 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 09:19 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 09:19 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 09:19 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 09:19 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 09:19 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 09:19 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 09:19 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 09:19 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 09:19 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 09:19 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 09:19 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 09:19 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 09:19 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 09:19 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 09:19 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 09:18 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 09:18 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 09:18 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 09:18 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 09:19 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 09:19 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 09:14 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 09:14 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 04:03 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 04:03 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 09:14 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 04:03 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 04:03 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 04:03 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 08:19 1729752 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 08:19 1729752 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 08:19 1729752 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-12 5515496]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-18 1022152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe [2011-6-9 746856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys;SysWOW64\drivers\bmdrvr.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [x]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [x]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 04:36 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-03 08:39]
.
2015-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-16 03:02]
.
2015-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-16 03:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 08:14 2334936 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 08:14 2334936 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 08:14 2334936 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-06 15:11 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Iunnrais\AppData\Roaming\Mozilla\Firefox\Profiles\gvsmzot8.default-1431225827986\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-06-01 16:38:10
ComboFix-quarantined-files.txt 2015-06-01 07:38
ComboFix2.txt 2015-06-01 06:24
.
Pre-Run: 186,093,346,816 bytes free
Post-Run: 185,985,462,272 bytes free
.
- - End Of File - - 3943A50172BA62EA3B375D740B058C14
A36C5E4F47E84449FF07ED3517B43A31


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.45.2
Run by Iunnrais at 16:56:11 on 2015-06-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4091.2190 [GMT 9:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{00A08DB8-653A-496F-8DDA-13DC1A4432CF} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\140707C65602E4564777F627B602032613662666 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\7596E6475627377202E4564777F627B6 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{10C3AEC0-5521-483F-9E14-3D75154CF469}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{D45DF229-41D8-4B4F-9C90-5F000A210921} : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Iunnrais\AppData\Roaming\Mozilla\Firefox\Profiles\gvsmzot8.default-1431225827986\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll
FF - plugin: C:\Users\Iunnrais\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-4 65736]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-4 272248]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-11-18 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-4 1047320]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-7-4 442264]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-9-16 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-30 238080]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-4 29168]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-4 89944]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-5-7 343336]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-5-7 273824]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2014-10-3 479960]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2014-10-3 479960]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2014-10-3 479960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-10-19 1111856]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-5-7 4034896]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-4 137288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-12 124088]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-7-4 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-7-4 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-7-4 171416]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-7-15 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-24 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-19 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-10-19 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-10-19 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-4 1255736]
.
=============== Created Last 30 ================
.
2015-06-01 07:38:18 -------- d-sh--w- C:\$RECYCLE.BIN
2015-06-01 06:03:58 98816 ----a-w- C:\Windows\sed.exe
2015-06-01 06:03:58 256000 ----a-w- C:\Windows\PEV.exe
2015-06-01 06:03:58 208896 ----a-w- C:\Windows\MBR.exe
2015-05-29 16:25:35 12214312 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5189696D-A37F-414A-9B2C-ED4A0168927B}\mpengine.dll
2015-05-26 04:31:33 -------- d-sh--w- C:\Users\Iunnrais\AppData\Local\EmieUserList
2015-05-26 04:31:33 -------- d-sh--w- C:\Users\Iunnrais\AppData\Local\EmieSiteList
2015-05-26 04:31:33 -------- d-sh--w- C:\Users\Iunnrais\AppData\Local\EmieBrowserModeList
2015-05-23 04:07:10 -------- d-----w- C:\Program Files (x86)\ESET
2015-05-20 12:32:09 -------- d-----w- C:\AdwCleaner
2015-05-20 07:48:00 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2015-05-15 02:47:02 34072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
2015-05-15 02:47:02 229608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2015-05-13 18:19:10 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:19:10 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:07:45 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-13 04:05:38 1736192 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2015-05-13 04:03:25 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-05-13 04:03:25 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-05-13 04:03:25 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-05-13 04:03:25 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-05-13 04:03:25 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-05-13 04:03:25 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-05-13 04:03:25 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-05-08 13:34:01 -------- d-----w- C:\Users\Iunnrais\AppData\Roaming\CDisplayEx
2015-05-08 13:33:51 -------- d-----w- C:\Program Files\CDisplayEx
2015-05-07 01:26:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-06 15:11:36 43112 ----a-w- C:\Windows\avastSS.scr
2015-05-02 15:53:56 -------- d-----w- C:\Users\Iunnrais\AppData\Local\ATI
2015-05-02 15:53:28 -------- d-----w- C:\ProgramData\AMD
2015-05-02 15:53:23 -------- d-----w- C:\Program Files (x86)\AMD AVT
2015-05-02 15:53:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2015-05-02 15:53:02 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2015-05-02 15:53:02 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2015-05-02 15:49:04 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2015-05-02 15:48:57 -------- d-----w- C:\Program Files\ATI
2015-05-02 15:48:28 -------- d-----w- C:\Program Files\ATI Technologies
2015-05-02 15:47:31 -------- d-----w- C:\AMD
.
==================== Find3M ====================
.
2015-05-06 15:11:45 137288 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-05-06 15:11:44 89944 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-05-06 15:11:44 65736 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-05-06 15:11:44 29168 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-05-06 15:11:44 272248 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-05-06 15:11:43 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-05-06 15:11:21 1047320 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-15 08:39:42 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 08:39:42 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 08:39:22 18178736 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
.
============= FINISH: 16:56:31.25 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2014 11:49:49 AM
System Uptime: 6/1/2015 3:45:13 PM (1 hours ago)
.
Motherboard: Intel | |
Processor: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz | U2E1 | 2000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 173.312 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 255.919 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_207A161F&REV_12\4&10095087&0&3BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_207A161F&REV_12\4&10095087&0&3BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_207A161F&REV_12\4&10095087&0&3AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_207A161F&REV_12\4&10095087&0&3AF0
Service:
.
==== System Restore Points ===================
.
RP165: 6/1/2015 4:16:57 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
7-Zip 9.22 (x64 edition)
Adobe Flash Player 17 NPAPI
Adobe Photoshop CC
Adobe Premiere Pro CC 2014
Adobe Reader XI (11.0.11)
Adobe Refresh Manager
Adobe Update Management Tool
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.6
AutoHotkey 1.1.19.01
Avast Free Antivirus
Bloggie Software
Bonjour
calibre 64bit
Canon MX320 series MP Drivers
CardWorks Business Card Software
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplayEx 1.10.29
Cheat Engine 6.4
Crusader Kings II
CutePDF Writer 3.0
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2986209) 64-Bit Edition
DVD Flick 1.3.0.7
Epic Games Launcher
ESET Online Scanner v3
Extended Asian Language font pack for Adobe Reader XI
Ezvid
FreeRIP MP3 Converter 4.5.2
GIMP 2.8.14
Google Chrome
Google Earth Plug-in
Google Update Helper
Graphviz
iFunbox (v2.8.2414.748), iFunbox DevTeam
Imperialism II - Age of Exploration
iTunes
Java 8 Update 45
Java Auto Updater
Java(TM) 7 (64-bit)
LAME v3.99.3 (for Windows)
Majesty Gold HD 1.0
Many Faces of Go 12
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Word MUI (English) 2013
Microsoft WSE 3.0 Runtime
Monster Maker
Mozilla Firefox 38.0.1 (x86 en-US)
Mozilla Maintenance Service
Notepad++
NVIDIA PhysX
OpenTTD 1.5.0-beta1
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Settings CC
Pdfedit
Pillars of Eternity
SC4 Launcher
SC4 Mapper 2013
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Security Update for Microsoft Excel 2013 (KB2986216) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2975808) 64-Bit Edition
Security Update for Microsoft PowerPoint 2013 (KB2975816) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB2965307) 64-Bit Edition
Security Update for Skype for Business 2015 (KB3039779) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Shadowrun Returns
Skype™ 7.4
Spybot - Search & Destroy
Steam
Stencyl
The Last Federation
The Movies(TM)
The Movies(TM) 1.1 Patch
The Movies(TM) Stunts & Effects
tools-windows
Unity Web Player
Update for Microsoft Access 2013 (KB2965276) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880487) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881017) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881076) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956152) 64-Bit Edition
Update for Microsoft Office 2013 (KB2956164) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965253) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965259) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965269) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965271) 64-Bit Edition
Update for Microsoft Office 2013 (KB2965277) 64-Bit Edition
Update for Microsoft Office 2013 (KB2975869) 64-Bit Edition
Update for Microsoft Office 2013 (KB2986156) 64-Bit Edition
Update for Microsoft Office 2013 (KB2986171) 64-Bit Edition
Update for Microsoft Office 2013 (KB3054782) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2986244) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2975901) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB3039799) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2013 (KB3039711) 64-Bit Edition
Update for Microsoft Project 2013 (KB2986246) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition
VMware Player
VMware vCenter Converter Standalone
Windows XP Mode
.
==== Event Viewer Messages From Past Week ========
.
6/1/2015 4:38:47 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
6/1/2015 4:34:10 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/31/2015 10:56:51 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/27/2015 9:53:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PETRA-THINK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{10C3AEC0-5521-483F-9E14-3D75154CF469}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
IunnraisF
Active Member
 
Posts: 11
Joined: May 19th, 2015, 1:36 am
Advertisement
Register to Remove

Re: Trovi and Search Protect, only partially removed

Unread postby Blade81 » June 4th, 2015, 6:17 am

Hi,

Sorry for a delayed reply. Please follow instructions here to restore Internet Explorer settings to defaults.

How about Chrome, does it still have issues?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trovi and Search Protect, only partially removed

Unread postby IunnraisF » June 7th, 2015, 2:43 am

Done. And chrome seems okay now, at last.
IunnraisF
Active Member
 
Posts: 11
Joined: May 19th, 2015, 1:36 am

Re: Trovi and Search Protect, only partially removed

Unread postby Blade81 » June 8th, 2015, 6:23 am

Good. Let's see the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


Let's uninstall adwCleaner:
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


Now let's uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

Recommended program to help in keeping the system up-to-date:
Download and run Secunia Personal Software Inspector (PSI) (tutorial can be found here) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade 8)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Trovi and Search Protect, only partially removed

Unread postby Cypher » June 12th, 2015, 11:08 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 380 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware