aim

Hello ekvin I've done everything mentioned before and thankfully everything in my pc runs ok now. So i guess it's ok to close the thread. Thanks so much for helping me with all this. You are a life saver=) Thanks again and have a good day!

Security Check Log: Results of screen317's Security Check version 0.99.97 Windows 7 x64 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 11.3.300.257 Flash Player out of Date! Adobe Reader XI Mozilla Firefox 27.0.1 Firefox out of Date! Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.115) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` So far there's no problem with my pc. everything runs smoothly now.

OTM log: All processes killed========== FILES ==========c:\users\user\downloads\compressed\222_onet\onet\Onet 2 folder moved successfully.c:\users\user\downloads\compressed\222_onet\onet folder moved successfully.c:\users\user\downloads\compressed\222_onet folder moved successfully.c:\users\user\downloads\programs\5x86-S-drp.exe moved successfully.c:\users\user\downloads\programs\Atheros-FORCED-5x64-drp (1).exe moved successfully.c:\users\user\downloads\programs\Atheros-FORCED-5x64-drp.exe moved successfully.c:\users\user\downloads\programs\Atheros-FORCED-5x64-WiFi_10.0.0.222-drp (1).exe moved successfully.c:\users\user\downloads\programs\Atheros-FORCED-5x64-WiFi_10.0.0.222-drp.exe moved successfully.c:\users\user\downloads\programs\BitTorrent(1).exe moved successfully.c:\users\user\downloads\programs\BitTorrent.exe moved successfully.c:\users\user\downloads\programs\cbsidlm-tr1_13-Atheros_AR5005G_Wireless_Network_Adapter-SEO-150076.exe moved successfully.c:\users\user\downloads\programs\uTorrent.exe moved successfully.c:\programdata\application data\microsoft\security\client\temp\tmp86DF.exe moved successfully.c:\programdata\application data\microsoft\security\client\temp\tmpDEBC.exe moved successfully.File/Folder c:\programdata\microsoft\security\client\temp\tmp86df.exe not found.File/Folder c:\programdata\microsoft\security\client\temp\tmpdebc.exe not found.c:\users\user\appdata\roaming\idm\dwnldata\user\liverged_net_1120\liverged_net moved successfully.c:\users\user\appdata\roaming\uTorrent\share folder moved successfully.c:\users\user\appdata\roaming\uTorrent\dlimagecache folder moved successfully.c:\users\user\appdata\roaming\uTorrent\apps folder moved successfully.c:\users\user\appdata\roaming\uTorrent folder moved successfully.DllUnregisterServer procedure not found in c:\program files (x86)\avira\antivir desktop\apnic.dllFile move failed. c:\program files (x86)\avira\antivir desktop\apnic.dll scheduled to be moved on reboot.File move failed. c:\program files (x86)\avira\antivir desktop\apnstub.exe scheduled to be moved on reboot.File move failed. c:\program files (x86)\avira\antivir desktop\apntoolbarinstaller.exe scheduled to be moved on reboot.File move failed. c:\program files (x86)\avira\antivir desktop\Offercast_AVIRAV7_.exe scheduled to be moved on reboot.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Public->Temp folder emptied: 0 bytes User: user->Temp folder emptied: 5064377 bytes->Temporary Internet Files folder emptied: 910251 bytes->Java cache emptied: 1656879 bytes->FireFox cache emptied: 0 bytes->Google Chrome cache emptied: 10367314 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 17.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 03022015_181838 Files moved on Reboot...File move failed. c:\program files (x86)\avira\antivir desktop\apnic.dll scheduled to be moved on reboot.File move failed. c:\program files (x86)\avira\antivir desktop\apnstub.exe scheduled to be moved on reboot.File move failed. c:\program files (x86)\avira\antivir desktop\apntoolbarinstaller.exe scheduled to be moved on reboot.File move failed. c:\program files (x86)\avira\antivir desktop\Offercast_AVIRAV7_.exe scheduled to be moved on reboot.C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWB9MPN2\desktop.ini not found!File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMJFG8NC\desktop.ini not found!File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQHACCEQ\desktop.ini not found!File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J79ESJZM\desktop.ini not found! Registry entries deleted on Reboot...

hello, here's the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015Ran by user at 2015-03-02 08:31:15 Run:4Running from C:\Users\user\DownloadsLoaded Profiles: user & (Available profiles: user)Boot Mode: Normal============================================== Content of fixlist:*****************startHKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [YWLPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\YlPack\lxsyicur.dllC:\Users\user\AppData\Local\YlPack\lxsyicur.dllHKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [Edstion] => regsvr32.exe C:\Users\user\AppData\Local\Edstion\MMNotes.dll <===== ATTENTIONC:\Users\user\AppData\Local\Edstion\MMNotes.dll 2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\EdstionProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;C:\Users\user\AppData\Local\Temp\APNSetup.exeC:\Users\user\AppData\Local\Temp\avgnt.exeC:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.execmd: C:\ComboFix.txtEmptyTemp:end ***************** HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YWLPack => value deleted successfully."C:\Users\user\AppData\Local\YlPack\lxsyicur.dll" => File/Directory not found.HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Edstion => value deleted successfully."C:\Users\user\AppData\Local\Edstion\MMNotes.dll" => File/Directory not found.C:\Users\user\AppData\Local\YlPack => Moved successfully.C:\Users\user\AppData\Local\Edstion => Moved successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.C:\Users\user\AppData\Local\Temp\APNSetup.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\avgnt.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully. ========= C:\ComboFix.txt ========= ========= End of CMD: ========= EmptyTemp: => Removed 148.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 08:33:26 ====

from herdprotect: Saved date: 2/3/2015 12:30:08 PMFiles detected: 72Files scanned: 8,406Processes scanned: 46Modules scanned: 668ASEPs scanned: 454Downloads scanned: 0Deep analysis: 95/40--------------------------------------------------------------------------------- Files --------------------------------------------------------------------------------- File path: c:\program files (x86)\wordweb\wweb32.exePublisher: Signer: WordWeb SoftwareMD5: 0e44ae22235bcc723c96e05e82f5cb5aSHA-1: d379d4481bc9ccf24438982777158b89257413c8Created: 21/7/2013 10:14:47 PMDetections: 1Determination: Ignore detections (false positive)- NANO AntiVirus as Trojan.Win32.Induc.brmeva (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\yes\connect\gctwimaxserviced.exePublisher: GCT Semiconductor, Inc.MD5: 093a9a9457baa6bd7499894d85d414b8SHA-1: 3cbacbdce036ba7f09b2acb3380e9ec9af4f2cc1Created: 23/6/2014 2:54:20 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as HW32.Laneul (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\gretech\gomplayer\gom.exePublisher: Gretech Corp.Signer: GRETECHMD5: ffb69e8d12bbe543ad0ba77d1397d4c3SHA-1: b2611d2ca10ae1aca482afe7d112cf6f9634b8b9Created: 12/4/2012 3:27:54 PMDetections: 1Determination: Inconclusive- Reason Heuristics as PUP.Optional.Handler.GRETECH.D (Adware) --------------------------------------------------------------------------------- File path: c:\program files (x86)\videolan\vlc\vlc.exePublisher: VideoLAN TeamMD5: 2f3d2879502b17a1ed42bb2dfdda7c9cSHA-1: 0ceacf308e8e77d5f8df61652a757308b8ed3c6bCreated: 13/12/2005 3:54:30 AMDetections: 1Determination: Ignore detections (false positive)- Rising Antivirus as PE:Malware.XPACK/RDM!5.1 --------------------------------------------------------------------------------- File path: c:\users\user\appdata\local\temp\quarantine.exePublisher: MD5: 2f7e1544e68be8cd088eda54d67ccaf5SHA-1: fd6a8c6440e9e37882db263faec9323079a8b09fCreated: 8/11/2014 4:33:34 PMDetections: 1Determination: Ignore detections (false positive)- Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\appdata\local\temp\jrt\nircmd.datPublisher: NirSoftMD5: 466a42aea0abdf4c6b610f0f5e61cfa2SHA-1: 7e7998642babcb567ff7845cfaf4f3636ce209f7Created: 2/3/2015 8:44:44 AMDetections: 1Determination: Ignore detections (false positive)- ViRobot as RiskTool.Nircmd.43520 --------------------------------------------------------------------------------- File path: c:\users\user\downloads\frst64.exePublisher: FarbarMD5: da1fc7abb4846ff12dc76de6ce24f60fSHA-1: 42156fa338811881ed7b53723bb898b17cfaea1aCreated: 28/2/2015 9:03:21 PMDetections: 1Determination: Ignore detections (false positive)- Jiangmin as Trojan/PSW.Autoit.ic (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\compressed\222_onet\onet\onet.exePublisher: CHEN PROGRAM STUDYMD5: 37d35831be38fb62c4d848f35a41335dSHA-1: 5f2a10e6d2e5e6150fba34a5c2960ba069e94febCreated: 14/1/2014 9:08:15 PMDetections: 3Determination: Inconclusive- K7 AntiVirus as Riskware (Undefined)- F-Prot as W32/MalwareF.EBIU (Undefined)- Commtouch SDK as W32/Risk.YQBM-3858 (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\compressed\222_onet\onet\onet 2\onet%202.exePublisher: CHEN PROGRAM STUDYMD5: a8c54d6fe324eecfe508e4f054914fd4SHA-1: 2a210219b2f2b2f17b6e71e10173afdc19559b06Created: 14/1/2014 9:08:26 PMDetections: 8Determination: UndefinedMalware- Bkav FE as W32.Cloddd1.Trojan (Undefined)- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)- Norman as Smalltroj.YAGC (Undefined)- Agnitum Outpost as Trojan.Agent (Undefined)- Zillya! Antivirus as Trojan.Genome.Win32.52230 (Undefined)- Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)- Kingsoft AntiVirus as Win32.Troj.Undef.(kcloud) (Undefined)- Rising Antivirus as PE:Trojan.Win32.Generic.14B3EC13!347335699 (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\frst-olderversion\frst64.exePublisher: FarbarMD5: b81464104336b16a9bc6b2874b16a9c5SHA-1: 97b8f97728990ebe7a4c266941910c8344b7f0c0Created: 28/2/2015 9:03:21 PMDetections: 1Determination: Ignore detections (false positive)- Jiangmin as Trojan/PSW.Autoit.ic (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\5x86-s-drp.exePublisher: Kuzyakov ArturMD5: ec1cb112a5d5a152663222ab391c5700SHA-1: 9b9442957c412792f69d73d125c2bdb4552f2967Created: 12/7/2013 11:20:55 PMDetections: 9Determination: Adware- Malwarebytes as PUP.Optional.Babylon.A (Adware)- K7 Gateway Antivirus as Unwanted-Program (Adware)- K7 AntiVirus as Unwanted-Program (Adware)- avast! as Win32:PUP-gen [PUP] (Adware)- Sophos as Generic PUA IA (Undefined)- Dr.Web as Adware.Babylon.15 (Adware)- Antiy Labs AVL as GrayWare[AdWare:not-a-virus]/Win32.MegaSearch (Adware)- ESET NOD32 as Win32/OpenCandy (variant) (Adware)- Rising Antivirus as PE:PUF.OpenCandy!1.9DE5 (Adware) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\adwcleaner.exePublisher: MD5: 4db5909d450ae68cc11dc865b9b84f71SHA-1: 4e6d1ad4baa129b9a310c211ef511618dd8741eaCreated: 2/3/2015 8:23:55 AMDetections: 1Determination: Ignore detections (false positive)- Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\atheros-forced-5x64-drp (1).exePublisher: Kuzyakov ArturMD5: 5339f48d5f0910d80898f573823098e3SHA-1: 65dbe07973cbdbeb086c7724c968e272dceb4bfaCreated: 12/7/2013 11:10:43 PMDetections: 4Determination: Adware- avast! as Win32:PUP-gen [PUP] (Adware)- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)- ESET NOD32 as Win32/OpenCandy (Adware) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\atheros-forced-5x64-drp.exePublisher: Kuzyakov ArturMD5: 5339f48d5f0910d80898f573823098e3SHA-1: 65dbe07973cbdbeb086c7724c968e272dceb4bfaCreated: 12/7/2013 10:52:25 PMDetections: 4Determination: Adware- avast! as Win32:PUP-gen [PUP] (Adware)- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)- ESET NOD32 as Win32/OpenCandy (Adware) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\atheros-forced-5x64-wifi_10.0.0.222-drp (1).exePublisher: Kuzyakov ArturMD5: e0c0ea3ab12405966f22c9d067c6c54cSHA-1: 1a46cff2fae3f4dc7dc7e4d3a02f2aac41332babCreated: 12/7/2013 11:10:55 PMDetections: 4Determination: Adware- avast! as Win32:PUP-gen [PUP] (Adware)- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)- ESET NOD32 as Win32/OpenCandy (Adware) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\atheros-forced-5x64-wifi_10.0.0.222-drp.exePublisher: Kuzyakov ArturMD5: e0c0ea3ab12405966f22c9d067c6c54cSHA-1: 1a46cff2fae3f4dc7dc7e4d3a02f2aac41332babCreated: 12/7/2013 10:42:30 PMDetections: 4Determination: Adware- avast! as Win32:PUP-gen [PUP] (Adware)- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)- ESET NOD32 as Win32/OpenCandy (Adware) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\bittorrent(1).exePublisher: BitTorrent Inc.Signer: BitTorrent IncMD5: e650003c472935d7f5b01cf67490669cSHA-1: 4e682be2958ceea3013a7c1262fab44d7c88987bCreated: 9/8/2013 12:47:56 AMDetections: 2Determination: Ignore detections (false positive)- VIPRE Antivirus as Conduit (Undefined)- Bkav FE as W32.Clod998.Trojan (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\bittorrent.exePublisher: BitTorrent Inc.Signer: BitTorrent IncMD5: e650003c472935d7f5b01cf67490669cSHA-1: 4e682be2958ceea3013a7c1262fab44d7c88987bCreated: 8/8/2013 11:27:27 PMDetections: 2Determination: Ignore detections (false positive)- VIPRE Antivirus as Conduit (Undefined)- Bkav FE as W32.Clod998.Trojan (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\cbsidlm-tr1_13-atheros_ar5005g_wireless_network_adapter-seo-150076.exePublisher: Signer: CBS InteractiveMD5: d39160ab60a14e420ebda3c478fdf381SHA-1: 8a893fe3c1376f3c1b0f67a9514cbe621b717d98Created: 12/7/2013 10:17:59 PMDetections: 9Determination: Adware- Reason Heuristics as Bundler.PPI.CBSInteractive.l (Undefined)- NANO AntiVirus as Trojan.Win32.Downware.crgjbr (Adware)- Dr.Web as Adware.Downware.398 (Adware)- VIPRE Antivirus as WebInstall (Undefined)- ESET NOD32 as Win32/DownloadAdmin (Undefined)- Rising Antivirus as PE:Malware.XPACK/RDM!5.1- herdProtect (fuzzy) as a variant of 713ef952ac6a358c8abfa39550aa98592ec79d47- Trend Micro House Call as TROJ_GEN.F47V0807 (Undefined)- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\combofix.exePublisher: SwearwareMD5: 6f4e489fc0471fc87da8da187c6b8f8cSHA-1: 1fbca8ec4f88b127bb5c91e4608be555a466593bCreated: 26/2/2015 11:25:46 PMDetections: 5Determination: Ignore detections (false positive)- K7 Gateway Antivirus as Riskware (Undefined)- K7 AntiVirus as Riskware (Undefined)- Sophos as NirCmd- Jiangmin as Trojan/JmGenGeneric.boe (Undefined)- Rising Antivirus as PE:Trojan.Win32.Generic.15632D02!358821122 (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\driveridentifier_setup.exePublisher: DriverIdentifier MD5: acee21f17796436688b8c79672b5f11bSHA-1: 3eb3ad88ea496298e8d60d4ae7d5618d83ed17d9Created: 12/7/2013 10:34:47 PMDetections: 1Determination: Ignore detections (false positive)- Trend Micro House Call as TROJ_GEN.F47V0724 (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\jrt.exePublisher: MD5: af6e966d1f38287ef4d33b246ccc3a33SHA-1: 2a8dc8c652cee1691b165428c6fc14080f9176b5Created: 2/3/2015 8:24:39 AMDetections: 1Determination: Ignore detections (false positive)- Qihoo 360 Security as virus.bat.danger.m (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\rainmeter-2.5.exePublisher: Signer: RainmeterMD5: 05ffdc4640d44ea53b197e1432e045c3SHA-1: 4ac74707099e3f55e398bd60d9a735eb7c691e79Created: 30/3/2013 9:27:49 PMDetections: 1Determination: Ignore detections (false positive)- Rising Antivirus as PE:Malware.XPACK/RDM!5.1 --------------------------------------------------------------------------------- File path: c:\users\user\downloads\programs\utorrent.exePublisher: BitTorrent Inc.Signer: BitTorrent IncMD5: 42a6b5ef0b934efc529d0ee31e62c08eSHA-1: 784baeeff866c62e427754a299703a76262f06adCreated: 27/3/2013 9:50:19 PMDetections: 24Determination: Adware- MicroWorld eScan as Trojan.Generic.9795664 (Undefined)- McAfee as Artemis!C769093B2C7E (Undefined)- Malwarebytes as Trojan.FakeTor (Undefined)- Norman as Troj_Generic.NUGRV (Undefined)- Trend Micro House Call as TROJ_GEN.R0CBC0ELA13 (Undefined)- avast! as Win32:Sality (Undefined)- Bitdefender as Trojan.Generic.9795664 (Undefined)- Lavasoft Ad-Aware as Trojan.Generic.9795664 (Undefined)- Emsisoft Anti-Malware as Trojan.Generic.9795664 (Undefined)- Comodo Security as UnclassifiedMalware (Undefined)- F-Secure as Trojan.Generic.9795664 (Undefined)- Trend Micro as TROJ_GEN.R0CBC0ELA13 (Undefined)- McAfee Web Gateway as Artemis!C769093B2C7E (Undefined)- G Data as Trojan.Generic.9795664 (Undefined)- IKARUS anti.virus as Virus.Win32.Sality (Undefined)- Fortinet FortiGate as Riskware/Torrent (Undefined)- ESET NOD32 as Win32/Bunndle (variant) (Undefined)- The Hacker as Trojan/Downloader.Zurgop.aw (Undefined)- Vba32 AntiVirus as Adware.iBryte (Adware)- Antiy Labs AVL as Trojan/Win32.Agent (Undefined)- Bkav FE as W32.Clodc5c.Trojan (Undefined)- K7 Gateway Antivirus as Riskware (Undefined)- K7 AntiVirus as Riskware (Undefined)- Jiangmin as Trojan/Agent.ivsh (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\desktop\plants vs. zombies\bass.dllPublisher: Un4seen DevelopmentsMD5: 6731f160e001bb85ba930574b8d42776SHA-1: aa2b48c55d9350be1ccf1dce921c33100e627378Created: 6/8/2014 11:42:55 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as HW32.CDB (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\desktop\plants vs. zombies\plantsvszombies.exePublisher: Signer: PopCap GamesMD5: 3c8876147c84735ca540dda5be3c6451SHA-1: bf5c51304b1bade29ba4988cc96bf9c35780793cCreated: 6/8/2014 11:42:57 PMDetections: 2Determination: Ignore detections (false positive)- The Hacker as Trojan/Cosmu.adrs (Undefined)- ViRobot as Trojan.Win32.A.ShipUp.1885896 (Undefined) --------------------------------------------------------------------------------- File path: c:\windows\grep.exePublisher: MD5: 9e05a9c264c8a908a8e79450fcbff047SHA-1: 363b2ee171de15aeea793bd7fdffd68d0feb8ba4Created: 26/2/2015 11:32:13 PMDetections: 1Determination: Ignore detections (false positive)- Rising Antivirus as PE:Malware.XPACK/RDM!5.1 --------------------------------------------------------------------------------- File path: c:\windows\mbr.exePublisher: MD5: 0277c027a26428db64ef4f64f52bb4fdSHA-1: 2f16becf7898ac2f5bdca9f80810c66143500e3eCreated: 26/2/2015 11:32:13 PMDetections: 1Determination: Ignore detections (false positive)- Kingsoft AntiVirus as Win32.HeurC.KVM003.a.(kcloud) (Undefined) --------------------------------------------------------------------------------- File path: c:\windows\pev.exePublisher: MD5: f042ee4c8d66248d9b86dcf52abae416SHA-1: 4cd785c7c3e40c42e3d126086d986c4d4d940bb2Created: 26/2/2015 11:32:13 PMDetections: 2Determination: Ignore detections (false positive)- Bkav FE as HW32.CDB (Undefined)- XVirus List as Win.Detected (Undefined) --------------------------------------------------------------------------------- File path: c:\windows\zip.exePublisher: MD5: 5e832f4faf5f481f2eaf3b3a48f603b8SHA-1: 1d83497f04247bc095ddc1ccd0fef0c029f0ae8dCreated: 26/2/2015 11:32:13 PMDetections: 2Determination: Ignore detections (false positive)- Bkav FE as W32.Clod7f4.Trojan (Undefined)- Rising Antivirus as PE:Malware.XPACK/RDM!5.1 --------------------------------------------------------------------------------- File path: c:\windows\syswow64\iscsicpl.dllPublisher: Microsoft CorporationMD5: f945adcef203e6104aec8ec9c337cfd0SHA-1: 85fe50b2c2fcbec2c09c5039c8f8c1d38523780aCreated: 14/7/2009 7:46:13 AMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as W32.HfsAutoA (Undefined) --------------------------------------------------------------------------------- File path: c:\windows\syswow64\networkmap.dllPublisher: Microsoft CorporationMD5: f9e79fa16bac237b5e635f9fcc2a377cSHA-1: ddfcae2db65bfea608a4f6f6d33bfe588bc0b84eCreated: 14/7/2009 7:53:28 AMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as W32.HfsAutoA (Undefined) --------------------------------------------------------------------------------- File path: c:\windows\syswow64\odbcconf.dllPublisher: Microsoft CorporationMD5: 8e0e2f752987838cde7c8c413ce5c104SHA-1: 3aaf5c229e6e42e43c9d29a9c4519f16d6230b11Created: 14/7/2009 8:12:07 AMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as HW32.CDB (Undefined) --------------------------------------------------------------------------------- File path: c:\windows\syswow64\srvany.exePublisher: MD5: 4635935fc972c582632bf45c26bfcb0eSHA-1: 7c5329229042535fe56e74f1f246c6da8cea3be8Created: 9/3/2013 9:18:30 PMDetections: 1Determination: Ignore detections (false positive)- CMC Antivirus as Malware.Win32.Generic!O (Undefined) --------------------------------------------------------------------------------- File path: c:\programdata\application data\microsoft\security\client\securityhelper.dllPublisher: MD5: a35a93d40230e742ecce9a8a66b4c6c9SHA-1: 4a4d14ed092505b753ea34c135c1da3f4b5006b8Created: 22/2/2015 4:20:53 AMDetections: 1Determination: Inconclusive- ESET NOD32 as Win64/Sathurbot (variant) (Undefined) --------------------------------------------------------------------------------- File path: c:\programdata\application data\microsoft\security\client\temp\tmp86df.exePublisher: MD5: 4cfe6bd4bbd98b108885d79b8f0e9c6cSHA-1: e5c1ad5cc206c19e25d1aba6892c26404a114e36Created: 28/2/2015 6:17:32 PMDetections: 25Determination: UndefinedMalware- MicroWorld eScan as Trojan.GenericKD.2191619 (Undefined)- McAfee as GenericR-DBD!4CFE6BD4BBD9 (Undefined)- Malwarebytes as Trojan.Agent.ED (Undefined)- K7 Gateway Antivirus as Trojan (Undefined)- NANO AntiVirus as Trojan.Win32.Filecoder.dolfyh (Undefined)- Norman as ZBot.NLWN (Undefined)- avast! as Win32:Dropper-gen [Drp] (Undefined)- Kaspersky as Trojan-Dropper.Win32.Injector (Undefined)- Bitdefender as Trojan.GenericKD.2191619 (Undefined)- Lavasoft Ad-Aware as Trojan.GenericKD.2191619 (Undefined)- F-Secure as Trojan.GenericKD.2191619 (Undefined)- Dr.Web as Trojan.Emotet.62 (Undefined)- McAfee Web Gateway as BehavesLike.Win32.Ramnit.cc (Undefined)- Emsisoft Anti-Malware as Trojan.GenericKD.2191619 (Undefined)- Avira AntiVirus as TR/Crypt.Xpack.156344- Antiy Labs AVL as Trojan[Dropper]/Win32.Injector (Undefined)- Microsoft Security Essentials as DDoS:Win32/Nitol.C (Undefined)- G Data as Trojan.GenericKD.2191619 (Undefined)- AhnLab V3 Security as Trojan/Win32.Inject (Undefined)- Baidu Antivirus as Trojan.Win32.Dropper (Undefined)- ESET NOD32 as Win32/Boaxxe.BR (Undefined)- Rising Antivirus as PE:Malware.Obscure/Heur!1.9E03 (Undefined)- Fortinet FortiGate as W32/Boaxxe.BR!tr (Undefined)- AVG as Inject2 (Undefined)- Panda Antivirus as Trj/Genetic.gen (Undefined) --------------------------------------------------------------------------------- File path: c:\programdata\application data\microsoft\security\client\temp\tmpdebc.exePublisher: The Eraser Project Out of StockSigner: ChengDu AoMei Tech Co., LtdMD5: a94e088375d00f1a30d10136e53dedf4SHA-1: c28c4ab568c8104354964a765cc29ace9df7c687Created: 26/2/2015 6:15:13 PMDetections: 2Determination: Inconclusive- Kaspersky as UDS:DangerousObject.Multi.Generic (Undefined)- AhnLab V3 Security as Trojan/Win32.MDA (Undefined) --------------------------------------------------------------------------------- File path: c:\programdata\microsoft\security\client\securityhelper.dllPublisher: MD5: a35a93d40230e742ecce9a8a66b4c6c9SHA-1: 4a4d14ed092505b753ea34c135c1da3f4b5006b8Created: 22/2/2015 4:20:53 AMDetections: 1Determination: Inconclusive- ESET NOD32 as Win64/Sathurbot (variant) (Undefined) --------------------------------------------------------------------------------- File path: c:\programdata\microsoft\security\client\temp\tmp86df.exePublisher: MD5: 4cfe6bd4bbd98b108885d79b8f0e9c6cSHA-1: e5c1ad5cc206c19e25d1aba6892c26404a114e36Created: 28/2/2015 6:17:32 PMDetections: 25Determination: UndefinedMalware- MicroWorld eScan as Trojan.GenericKD.2191619 (Undefined)- McAfee as GenericR-DBD!4CFE6BD4BBD9 (Undefined)- Malwarebytes as Trojan.Agent.ED (Undefined)- K7 Gateway Antivirus as Trojan (Undefined)- NANO AntiVirus as Trojan.Win32.Filecoder.dolfyh (Undefined)- Norman as ZBot.NLWN (Undefined)- avast! as Win32:Dropper-gen [Drp] (Undefined)- Kaspersky as Trojan-Dropper.Win32.Injector (Undefined)- Bitdefender as Trojan.GenericKD.2191619 (Undefined)- Lavasoft Ad-Aware as Trojan.GenericKD.2191619 (Undefined)- F-Secure as Trojan.GenericKD.2191619 (Undefined)- Dr.Web as Trojan.Emotet.62 (Undefined)- McAfee Web Gateway as BehavesLike.Win32.Ramnit.cc (Undefined)- Emsisoft Anti-Malware as Trojan.GenericKD.2191619 (Undefined)- Avira AntiVirus as TR/Crypt.Xpack.156344- Antiy Labs AVL as Trojan[Dropper]/Win32.Injector (Undefined)- Microsoft Security Essentials as DDoS:Win32/Nitol.C (Undefined)- G Data as Trojan.GenericKD.2191619 (Undefined)- AhnLab V3 Security as Trojan/Win32.Inject (Undefined)- Baidu Antivirus as Trojan.Win32.Dropper (Undefined)- ESET NOD32 as Win32/Boaxxe.BR (Undefined)- Rising Antivirus as PE:Malware.Obscure/Heur!1.9E03 (Undefined)- Fortinet FortiGate as W32/Boaxxe.BR!tr (Undefined)- AVG as Inject2 (Undefined)- Panda Antivirus as Trj/Genetic.gen (Undefined) --------------------------------------------------------------------------------- File path: c:\programdata\microsoft\security\client\temp\tmpdebc.exePublisher: The Eraser Project Out of StockSigner: ChengDu AoMei Tech Co., LtdMD5: a94e088375d00f1a30d10136e53dedf4SHA-1: c28c4ab568c8104354964a765cc29ace9df7c687Created: 26/2/2015 6:15:13 PMDetections: 2Determination: Inconclusive- Kaspersky as UDS:DangerousObject.Multi.Generic (Undefined)- AhnLab V3 Security as Trojan/Win32.MDA (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\appdata\roaming\idm\dwnldata\user\liverged_net_1120\liverged_netPublisher: MD5: af91c4d8b0efc5ff6a0c695c84a72bb1SHA-1: d1581434b4f798f0cb56ba83a60e95759b03c27dCreated: 10/9/2014 7:55:34 PMDetections: 9Determination: Adware- Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)- Lavasoft Ad-Aware as Trojan.Downloader.JRBL (Undefined)- avast! as Win32:GenMalicious-HQJ [Trj] (Undefined)- Emsisoft Anti-Malware as Trojan.Downloader.JRBL (Undefined)- F-Secure as Trojan.Downloader.JRBL (Undefined)- Kaspersky as not-a-virus:AdWare.Win32.MultiPlug (Adware)- Norman as Trojan.Downloader.JRBL (Undefined)- AVG as Adware Generic5.BLZQ (Adware)- Sophos as PUA 'MultiPlug' (of type Adware) (Adware) --------------------------------------------------------------------------------- File path: c:\users\user\appdata\roaming\rainmeter\addons\path2ini\path2ini.exePublisher: MD5: a8aed0ca674f91fbd199e862bbba4d4dSHA-1: 03af1583280285287df53d942eea80889ed6ef16Created: 30/3/2013 9:42:28 PMDetections: 1Determination: Ignore detections (false positive)- SUPERAntiSpyware as Trojan.Agent/Gen-Kazy (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\appdata\roaming\rainmeter\addons\rainrgb\rainrgb.exePublisher: MD5: 10d943829d77cccc694ff22ac880d9b6SHA-1: c8fe0b226f98acaacd25ea678514707e71e64302Created: 30/3/2013 9:42:28 PMDetections: 1Determination: Ignore detections (false positive)- The Hacker as Trojan/Autoit.arq (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\appdata\roaming\utorrent\utorrent.exePublisher: BitTorrent Inc.Signer: BitTorrent IncMD5: 42a6b5ef0b934efc529d0ee31e62c08eSHA-1: 784baeeff866c62e427754a299703a76262f06adCreated: 27/3/2013 9:56:49 PMDetections: 24Determination: Adware- MicroWorld eScan as Trojan.Generic.9795664 (Undefined)- McAfee as Artemis!C769093B2C7E (Undefined)- Malwarebytes as Trojan.FakeTor (Undefined)- Norman as Troj_Generic.NUGRV (Undefined)- Trend Micro House Call as TROJ_GEN.R0CBC0ELA13 (Undefined)- avast! as Win32:Sality (Undefined)- Bitdefender as Trojan.Generic.9795664 (Undefined)- Lavasoft Ad-Aware as Trojan.Generic.9795664 (Undefined)- Emsisoft Anti-Malware as Trojan.Generic.9795664 (Undefined)- Comodo Security as UnclassifiedMalware (Undefined)- F-Secure as Trojan.Generic.9795664 (Undefined)- Trend Micro as TROJ_GEN.R0CBC0ELA13 (Undefined)- McAfee Web Gateway as Artemis!C769093B2C7E (Undefined)- G Data as Trojan.Generic.9795664 (Undefined)- IKARUS anti.virus as Virus.Win32.Sality (Undefined)- Fortinet FortiGate as Riskware/Torrent (Undefined)- ESET NOD32 as Win32/Bunndle (variant) (Undefined)- The Hacker as Trojan/Downloader.Zurgop.aw (Undefined)- Vba32 AntiVirus as Adware.iBryte (Adware)- Antiy Labs AVL as Trojan/Win32.Agent (Undefined)- Bkav FE as W32.Clodc5c.Trojan (Undefined)- K7 Gateway Antivirus as Riskware (Undefined)- K7 AntiVirus as Riskware (Undefined)- Jiangmin as Trojan/Agent.ivsh (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\avira\antivir desktop\apnic.dllPublisher: Ask.comSigner: Ask.comMD5: b28c334c03cee7c5e829c43ae75dae5aSHA-1: 71435ddb11e00d0243380c4902324853fe4ece8fCreated: 9/3/2013 6:44:48 PMDetections: 4Determination: Adware- Boost by Reason as Adware.Ask.H- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)- Reason Heuristics as PUP.Ask.H (Adware)- XVirus List as Win.Detected (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\avira\antivir desktop\apnstub.exePublisher: Ask.comSigner: Ask.comMD5: 93a912072351dfef975f12efad18bd9fSHA-1: ffa8b6510d624a55f3eb7ffd6d5221a44944681cCreated: 9/3/2013 6:44:48 PMDetections: 6Determination: Adware- Reason Heuristics as PUP.Ask.H (Adware)- Dr.Web as Trojan.DownLoader7.16675 (Undefined)- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)- Boost by Reason as Optional.Ask.H- Filseclab Twister as W32.Bundled.Toolbar.Ask.lrsp (Undefined)- XVirus List as Win.Detected (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\avira\antivir desktop\apntoolbarinstaller.exePublisher: AskSigner: Ask.comMD5: ad74cca501da08ef395e520d9c258f81SHA-1: 1a3f14c0a66f9af050d1f34fbacbaadc31751a07Created: 9/3/2013 6:44:48 PMDetections: 4Determination: Adware- Reason Heuristics as PUP.Toolbar.Ask.T (Adware)- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)- Antiy Labs AVL as Trojan/Win32.Autoit (Undefined)- XVirus List as Win.Detected (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\avira\antivir desktop\offercast_avirav7_.exePublisher: Ask.comSigner: Ask.comMD5: ae88282d08916c00a324f6a269924ea9SHA-1: 4b553651ef610c0614f8393d6c25aba0a8f09ecaCreated: 2/7/2013 3:27:37 PMDetections: 5Determination: Adware- Reason Heuristics as PUP.Installer.Ask.S (Adware)- Antiy Labs AVL as Packed/Win32.Krap (Undefined)- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)- Filseclab Twister as Packed.Krap.in.fagj- XVirus List as Win32.Detected (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\gretech\gomplayer\dodge.dllPublisher: MD5: d53907f6ee918f736b7ab865fa19089eSHA-1: 89ad3e662ff67610115dafe6cd7c82bc32f154f5Created: 29/11/2007 12:58:14 PMDetections: 3Determination: Inconclusive- Bkav FE as HW32.CDB (Undefined)- CMC Antivirus as Virus.Win32.Sality!O (Undefined)- ByteHero BDV as Virus.Win32.Heur.c --------------------------------------------------------------------------------- File path: c:\program files (x86)\gretech\gomplayer\gomtvstrm.dllPublisher: Signer: GRETECHMD5: 43ef13e7913876a1f2aa3d1d475daa7aSHA-1: 293bf473be95cffdbc9bbf01c70c2a1240775172Created: 17/5/2011 8:49:30 AMDetections: 1Determination: Inconclusive- Reason Heuristics as PUP.Optional.GRETECH.J (Adware) --------------------------------------------------------------------------------- File path: c:\program files (x86)\gretech\gomplayer\gomweb3.dllPublisher: Gretech Corp.Signer: GRETECHMD5: 01fc47255ecd30c8714659ded6f3a5ebSHA-1: f32452057a2968b32a1a900a4e9a3f6af5d80e01Created: 17/5/2011 8:49:32 AMDetections: 1Determination: Inconclusive- Reason Heuristics as PUP.Optional.GRETECH.H (Adware) --------------------------------------------------------------------------------- File path: c:\program files (x86)\gretech\gomplayer\gomwiz.exePublisher: Signer: GRETECHMD5: 093e2579db2533fcc05138507cbb6279SHA-1: 4d0b43b33e0d137c420bafca764751a374d48f7cCreated: 12/4/2012 3:29:56 PMDetections: 1Determination: Inconclusive- Reason Heuristics as PUP.Optional.GRETECH.G (Adware) --------------------------------------------------------------------------------- File path: c:\program files (x86)\gretech\gomplayer\popup.exePublisher: Gretech CorporationSigner: GRETECHMD5: 9fd5cf6eefc965ac2f4dc45f14bd45c5SHA-1: eedd5c2ea5494deed00e25f76283ac8286f81b42Created: 18/4/2012 4:28:22 PMDetections: 1Determination: Inconclusive- Reason Heuristics as PUP.Optional.GRETECH.F (Adware) --------------------------------------------------------------------------------- File path: c:\program files (x86)\gretech\gomplayer\vsutil.dllPublisher: Gretech Corp.Signer: GRETECHMD5: d0af9939daf22e3eba094daedd7c87d0SHA-1: ac92b643e950b29eb8935867af18959a60131252Created: 17/5/2011 8:49:30 AMDetections: 1Determination: Inconclusive- Reason Heuristics as PUP.Optional.GRETECH.G (Adware) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\filters\dcbass\bass_alac.dllPublisher: MaresWEBMD5: e5e6efa3505b93fc0962e9d4ead609e3SHA-1: fb39a571f87b83e8f06dd60a82728acfea85048cCreated: 9/3/2013 7:14:03 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as HW32.CDB (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\filters\ffdshow\ffmpeg.dllPublisher: MD5: ad927ad14ba8cdb4e593647e585009ceSHA-1: f3e7bdc1647d5b3cbf32ad562a1fb0435d085181Created: 9/3/2013 7:13:56 PMDetections: 1Determination: Inconclusive- Emsisoft Anti-Malware as Android.Trojan.GinerMaster.U (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\filters\lav\avfilter-lav-3.dllPublisher: MD5: 3dad504968d0b2a6ff513ce0eb01a720SHA-1: b67ed0a2ac4c1ab4286089263b4e73075cf7981aCreated: 9/3/2013 7:14:00 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as HW32.TsCabk (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\filters\lav\avformat-lav-54.dllPublisher: MD5: 3ad891cdad8e149db843437d9be00bf2SHA-1: 95e7139a9e56d0e382f2c946d7ef7e70da5e1c41Created: 9/3/2013 7:14:00 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as HW32.TsCabk (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\filters\lav\avutil-lav-51.dllPublisher: MD5: da95112cb978cf269d856fbb7258c170SHA-1: 0f522826cc9eab550dc16b4adca3d1ce8e776409Created: 9/3/2013 7:14:00 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as HW32.TsCabk (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\filters\lav\swscale-lav-2.dllPublisher: MD5: d06a9579cf3d19f17dfa434d28c2e859SHA-1: a05491024b0fc4880069f54c8cbced3546e1891dCreated: 9/3/2013 7:14:00 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as HW32.TsCabk (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\icaros\avcodec-ics-54.dllPublisher: MD5: b22bf4198d4424a171114f45dddb9197SHA-1: 3c8669ed8a651b4cb6bd6d9850e1d6e18ccb6cbcCreated: 9/3/2013 7:14:00 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as W32.HfsAutoB (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\icaros\avformat-ics-54.dllPublisher: MD5: 5012a148b69616936bb23571adb9bb8cSHA-1: e20f53a756a8b80cf527f275332ee814be5bf0cdCreated: 9/3/2013 7:14:01 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as W32.HfsAutoB (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\icaros\avutil-ics-51.dllPublisher: MD5: de2ef430b79d150c9294ead1bf883925SHA-1: 514997574ad81893f231e19efe882b5b95f90a2bCreated: 9/3/2013 7:14:01 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as W32.HfsAutoB (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\icaros\swscale-ics-2.dllPublisher: MD5: 7964b2dfe7af5e7cb794bb577f46ff85SHA-1: 72f66fe2c3db3c10b7f2eb9ce29745ac4cd57f1eCreated: 9/3/2013 7:14:01 PMDetections: 1Determination: Ignore detections (false positive)- Bkav FE as W32.HfsAutoB (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\k-lite codec pack\tools\vobsubstrip.exePublisher: MD5: afd4f735108a24d5112ac1fd661bec8bSHA-1: ad4f8fc9683132c5b7b018a9f60821367817d405Created: 9/3/2013 7:14:03 PMDetections: 1Determination: Ignore detections (false positive)- The Hacker as Posible_Worm32 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\spybot - search & destroy 2\borlndmm.dllPublisher: Borland Software CorporationSigner: Safer Networking Ltd.MD5: 88f54314e76eda9f6d1d9d6c40e36636SHA-1: 6d6d95a4850d121a984bed451e6630b974fbfad6Created: 24/2/2015 5:06:33 AMDetections: 1Determination: Ignore detections (false positive)- CMC Antivirus as Packed.Win32.Obfuscated.10!O --------------------------------------------------------------------------------- File path: c:\program files (x86)\spybot - search & destroy 2\av\scan.dllPublisher: BitDefenderSigner: BitDefender SRLMD5: 9b375bb63f99b113c065a5db4e632e23SHA-1: 115edae4e06227fe6f8c66b28557a67b8c3218aaCreated: 24/2/2015 5:06:33 AMDetections: 1Determination: Ignore detections (false positive)- Clam AntiVirus as PUA.Win32.Packer.PrivateExeProte-7 --------------------------------------------------------------------------------- File path: c:\program files (x86)\xilisoft\video converter ultimate\avformat.dllPublisher: MD5: f402e834b82f24efe1281a0fbf5b3206SHA-1: 62a7b652399601887c2f6091ad3d23fc162aefa2Created: 16/6/2008 4:05:00 PMDetections: 2Determination: Ignore detections (false positive)- Emsisoft A-Squared as Virus.Win32.VunSpy!IK (Undefined)- IKARUS anti.virus as Virus.Win32.VunSpy (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\xilisoft\video converter ultimate\avp.exePublisher: MD5: 75802d63ce6460c6661cbebb97a687bfSHA-1: e2075fdbbeb9a059b3d5177d9cd730b1b281ea43Created: 23/6/2008 7:01:52 PMDetections: 1Determination: Inconclusive- McAfee as New Win32.g4 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\xilisoft\video converter ultimate\ctrllibrary.dllPublisher: TODO: <Company name>MD5: d050a9e1be1ae81aab772c40ee67e197SHA-1: 9cca6486653cdd90ab12b016b532d8bf71a111c2Created: 24/6/2008 8:31:24 PMDetections: 1Determination: Ignore detections (false positive)- Sunbelt AntiMalware as Trojan-Downloader.S (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\xilisoft\video converter ultimate\uilang.dllPublisher: MD5: 2f952e1c0ebe7199638b0b63149b2988SHA-1: 2ce03459e81d109e20a29e08b5643cfdf33d5ccaCreated: 24/6/2008 8:31:26 PMDetections: 1Determination: Inconclusive- Emsisoft Anti-Malware as Gen:Variant.Zusy.74011 (Undefined) --------------------------------------------------------------------------------- File path: c:\users\user\appdata\local\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.jsPublisher: MD5: 9cf1f790be8c592b1cabac496ddeaa70SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899Created: 25/2/2015 7:16:23 PMDetections: 1Determination: Inconclusive- Avira AntiVirus as GAME/Casino.Gen (Undefined)

JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.2 (02.02.2015:1)OS: Windows 7 Home Basic x64Ran by user on Mon 02/03/2015 at 8:44:56.73~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\pqyzmn1k.default\prefs.js user_pref("extensions.defaulttab.installdate", 1345453829);user_pref("extensions.defaulttab.useNewTabWhiteList", false);Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\pqyzmn1k.default\minidumps [144 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 02/03/2015 at 8:48:59.77End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi, I've rebooted my pc and there's no "Regsvr32" notification anymore. Yay! Anyway, here's the log for adware: # AdwCleaner v4.111 - Logfile created 02/03/2015 at 08:39:58# Updated 18/02/2015 by Xplode# Database : 2015-02-18.3 [server]# Operating system : Windows 7 Home Basic (x64)# Username : user - USER-PC# Running from : C:\Users\user\Downloads\Programs\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\apnFile Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\user.js ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKLM\SOFTWARE\PerformerSoft ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.7600.16385 -\\ Mozilla Firefox v27.0.1 (en-US) -\\ Google Chrome v40.0.2214.115 ************************* AdwCleaner[R0].txt - [2414 bytes] - [02/03/2015 08:36:41]AdwCleaner[s0].txt - [2371 bytes] - [02/03/2015 08:39:58] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2430 bytes] ##########

Hello, when i ran the FRST, combofix log was shown: ComboFix 15-02-16.01 - user 28/02/2015 19:14:52.2.4 - x64Microsoft Windows 7 Home Basic 6.1.7600.0.1252.60.1033.18.2935.1890 [GMT 8:00]Running from: c:\users\user\Downloads\Programs\ComboFix.exeAV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll..((((((((((((((((((((((((( Files Created from 2015-01-28 to 2015-02-28 )))))))))))))))))))))))))))))))..2015-02-28 11:20 . 2015-02-28 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp2015-02-28 10:17 . 2015-02-28 10:17 151626 ----a-w- c:\programdata\Microsoft\Security\Client\temp\tmp86DF.exe2015-02-23 21:06 . 2013-09-20 02:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe2015-02-23 21:06 . 2015-02-23 21:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy2015-02-23 21:06 . 2015-02-23 21:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 22015-02-23 21:05 . 2015-02-23 21:05 -------- d-----w- c:\users\user\AppData\Local\Programs2015-02-21 20:21 . 2015-02-28 10:18 -------- d-----w- c:\users\user\AppData\Local\Edstion2015-02-21 20:21 . 2015-02-23 05:11 -------- d-----w- c:\users\user\AppData\Local\YlPack2015-02-21 20:20 . 2015-02-21 20:20 2165760 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityHelper.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WordWeb"="c:\program files (x86)\WordWeb\wweb32.exe" [2012-04-21 77064]"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-01-10 3825232]"BitTorrent"="c:\users\user\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-06-08 1242704]"Edstion"="c:\users\user\AppData\Local\Edstion\MMNotes.dll" [2015-02-28 1268736]"YWLPack"="c:\users\user\AppData\Local\YlPack\lxsyicur.dll" [2015-02-21 1250304]"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"Userinit"="userinit.exe".[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.R3 GDMINIT;GCT Initial Device Driver;c:\windows\system32\DRIVERS\gdminit.sys;c:\windows\SYSNATIVE\DRIVERS\gdminit.sys [x]R3 GdmUWm;Yes Go;c:\windows\system32\DRIVERS\gdmuwm.sys;c:\windows\SYSNATIVE\DRIVERS\gdmuwm.sys [x]S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]S2 GCTWiMaxServiceD;Connect Service Daemon;c:\program files (x86)\Yes\Connect\GCTWiMaxServiceD.exe;c:\program files (x86)\Yes\Connect\GCTWiMaxServiceD.exe [x]S2 GdmWmPrt;Yes Go Protocol Driver;c:\windows\system32\DRIVERS\gdmwmprt.sys;c:\windows\SYSNATIVE\DRIVERS\gdmwmprt.sys [x]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2015-02-20 05:29 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2015-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07 14:44].2015-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07 14:44]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WinSecurityProvider]@="{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}"[HKEY_CLASSES_ROOT\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}]2015-02-21 20:20 2622464 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityProvider.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-06 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-06 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-06 415256]"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmDefault_Search_URL = about:blankmDefault_Page_URL = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmmSearch Page = about:blankIE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);.- - - - ORPHANS REMOVED - - - -.BHO-{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - (no file)Notify-SDWinLogon - SDWinLogon.dll...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000_Classes\Wow6432Node\CLSID\{52d62ba8-ee47-456d-8cca-3f2825ff4701}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:0000004f"Therad"=dword:00000015"SpecVersion"=dword:000000c6"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\.[HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):8d,7c,f1,e8,77,53,7b,8a,e8,bf,3a,9c,46,80,92,f7,2d,49,9c,82,b1, dc,93,83,c4,52,32,de,5c,3e,29,c6,86,ab,ef,e2,60,0e,e6,f3,00,00,00,00,00,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Avira\AntiVir Desktop\avguard.exec:\windows\SysWOW64\srvany.exec:\windows\KMService.exec:\windows\SysWOW64\regsvr32.exec:\windows\SysWOW64\regsvr32.exec:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exec:\program files (x86)\Internet Explorer\iexplore.exe.**************************************************************************.Completion time: 2015-02-28 19:27:24 - machine was rebootedComboFix-quarantined-files.txt 2015-02-28 11:27ComboFix2.txt 2015-02-26 15:44.Pre-Run: 14,433,538,048 bytes freePost-Run: 14,205,452,288 bytes free.- - End Of File - - 99793869AB9842A230BD6237799A48D8A36C5E4F47E84449FF07ED3517B43A31 this is the fixlog:Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015Ran by user at 2015-03-02 08:31:15 Run:4Running from C:\Users\user\DownloadsLoaded Profiles: user & (Available profiles: user)Boot Mode: Normal============================================== Content of fixlist:*****************startHKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [YWLPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\YlPack\lxsyicur.dllC:\Users\user\AppData\Local\YlPack\lxsyicur.dllHKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [Edstion] => regsvr32.exe C:\Users\user\AppData\Local\Edstion\MMNotes.dll <===== ATTENTIONC:\Users\user\AppData\Local\Edstion\MMNotes.dll 2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\EdstionProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;C:\Users\user\AppData\Local\Temp\APNSetup.exeC:\Users\user\AppData\Local\Temp\avgnt.exeC:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.execmd: C:\ComboFix.txtEmptyTemp:end ***************** HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YWLPack => value deleted successfully."C:\Users\user\AppData\Local\YlPack\lxsyicur.dll" => File/Directory not found.HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Edstion => value deleted successfully."C:\Users\user\AppData\Local\Edstion\MMNotes.dll" => File/Directory not found.C:\Users\user\AppData\Local\YlPack => Moved successfully.C:\Users\user\AppData\Local\Edstion => Moved successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.C:\Users\user\AppData\Local\Temp\APNSetup.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\avgnt.exe => Moved successfully.C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully. ========= C:\ComboFix.txt ========= ========= End of CMD: ========= EmptyTemp: => Removed 148.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 08:33:26 ====

Hi, i've run mbar, and the diagnostic said that there's no malware found, even though my desktop still shows the "RegSvr32" problems. Here's the log system log: ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.09.1.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 8.0.7600.16385 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.527000 GHzMemory total: 3077238784, free: 1288634368 Downloaded database version: v2015.03.01.04Downloaded database version: v2015.02.25.01Downloaded database version: v2014.12.06.01Initializing...======================------------ Kernel report ------------ 03/02/2015 04:31:46------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\DRIVERS\msahci.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\volsnap.sys\SystemRoot\system32\DRIVERS\stdcfltn.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avkmgr.sys\SystemRoot\system32\DRIVERS\avipbb.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\Accelern.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\avgntflt.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\gdmwmprt.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\idmwfp.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\System32\ATMFD.DLL\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done! Scan startedDatabase versions: main: v2015.03.01.04 rootkit: v2015.02.25.01 <<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80033b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800326e990, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80033b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800326d990, DeviceName: Unknown, DriverName: \Driver\stdcfltn\DevicePointer: 0xfffffa80031654e0, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa80031281f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...Done!Drive 0This is a System driveScanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 1C34AD4E Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 204593152 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 204800000 Numsec = 771971072 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.09.1.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 8.0.7600.16385 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.527000 GHzMemory total: 3077238784, free: 1254817792 ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.09.1.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 8.0.7600.16385 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.527000 GHzMemory total: 3077238784, free: 1698705408 Downloaded database version: v2015.03.01.04Downloaded database version: v2015.02.25.01Downloaded database version: v2014.12.06.01Initializing...======================------------ Kernel report ------------ 03/02/2015 05:20:22------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\DRIVERS\msahci.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\volsnap.sys\SystemRoot\system32\DRIVERS\stdcfltn.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avkmgr.sys\SystemRoot\system32\DRIVERS\avipbb.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\Accelern.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\avgntflt.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\gdmwmprt.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\idmwfp.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done! Scan startedDatabase versions: main: v2015.03.01.04 rootkit: v2015.02.25.01 <<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80033b0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80033b0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80033b0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800326bc80, DeviceName: Unknown, DriverName: \Driver\stdcfltn\DevicePointer: 0xfffffa8003132520, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa80031271f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...Done!Drive 0This is a System driveScanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 1C34AD4E Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 204593152 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 204800000 Numsec = 771971072 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished log:Malwarebytes Anti-Rootkit BETA 1.09.1.1004www.malwarebytes.org Database version: main: v2015.03.01.04 rootkit: v2015.02.25.01 Windows 7 x64 NTFSInternet Explorer 8.0.7600.16385user :: USER-PC [administrator] 2/3/2015 5:21:16 AMmbar-log-2015-03-02 (05-21-16).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 352958Time elapsed: 19 minute(s), 54 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end)

Hi, For C:\Users\user\AppData\Local\YlPack\lxsyicur.dll: SHA256: 4835214b9f5fbb782dc03b77646ec10bc5072ce56b6c0376a2b2abd1c6cd340e File name: lxsyicur.lck Detection ratio: 0 / 57 Analysis date: 2015-03-01 16:20:35 UTC ( 0 minutes ago ) File identificationMD5 c04dffc43f589d9dfc7340bf87348a1dSHA1 5a7923c80be5a821993b3e93f7150e5229489571SHA256 4835214b9f5fbb782dc03b77646ec10bc5072ce56b6c0376a2b2abd1c6cd340essdeep768:5uXcYEaSV1+Mqatc+bWNtTbXPlNA9zrWWuqV7alPJNqYTiUJ:4cjaW+7gWNRbf3AVcU4JNqYTrJFile size 50.0 KB ( 51220 bytes )File type unknownMagic literaldata TrID Unknown! VirusTotal metadataFirst submission 2015-03-01 16:20:35 UTC ( 3 minutes ago )Last submission 2015-03-01 16:20:35 UTC ( 3 minutes ago ) File names lxsyicur.lck for C:\Users\user\AppData\Local\Edstion\MMNotes.dll SHA256: db727719c64cf376dc76fb333b770df637fe85bde248e9efc8809d39d3bda03f File name: MMNotes.lck Detection ratio: 0 / 57 Analysis date: 2015-03-01 16:26:31 UTC ( 0 minutes ago ) File identificationMD5 07ba31a552c1bfa792a233a5eaf43e56SHA1 2e51365f6546b5f106d3e4e85c7a04b4fe093aa6SHA256 db727719c64cf376dc76fb333b770df637fe85bde248e9efc8809d39d3bda03fssdeep6144:9k+0kFQcySzZRpvugNhdlods5XbAugO5JKUKgYl5/rxLaeuqomrW:uVMQU/GgNJo6eOSF9rzueKFile size 231.5 KB ( 237076 bytes )File type unknownMagic literaldata TrID Unknown! VirusTotal metadataFirst submission 2015-03-01 16:26:31 UTC ( 0 minutes ago )Last submission 2015-03-01 16:26:31 UTC ( 0 minutes ago ) File names MMNotes.lck

HI, Here are the two logs: FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015Ran by user (administrator) on USER-PC on 01-03-2015 16:00:56Running from C:\Users\user\DownloadsLoaded Profiles: user (Available profiles: user)Platform: Windows 7 Home Basic (X64) OS Language: English (United States)Internet Explorer Version 8 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe() C:\Program Files (x86)\WordWeb\wweb32.exe(Microsoft Corporation) C:\Windows\System32\regsvr32.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [YWLPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\YlPack\lxsyicur.dllHKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77064 2012-04-21] ()HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2014-01-10] (Tonec Inc.)HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [Edstion] => regsvr32.exe C:\Users\user\AppData\Local\Edstion\MMNotes.dll <===== ATTENTIONHKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [bitTorrent] => "C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZEDStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchBHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO-x32: No Name -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -> No FileBHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\user.jsFF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\abs@avira.com [2014-08-29]FF Extension: DownloadHelper - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]FF Extension: Duck Properties - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{EBC0244A-6BA2-C2B1-09E6-948FC450C25A} [2015-02-22]FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-01-21]FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMozFF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2013-07-21]FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2014-01-10]FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 Chrome: =======CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (ABP ( Adblock Plus )) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnflkjkcebjioagifeaongciheiogj [2015-02-10]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-09]CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-11]CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-01-14]CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-11-09]CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2013-07-21] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)S4 GCTWiMaxServiceD; C:\Program Files (x86)\Yes\Connect\GCTWiMaxServiceD.exe [569464 2013-06-06] (GCT Semiconductor, Inc.) [File not signed]S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-03-09] () [File not signed]S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-04] (Avira Operations GmbH & Co. KG)R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-04] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)S3 GDMINIT; C:\Windows\System32\DRIVERS\gdminit.sys [32768 2013-07-03] (GCT Semiconductor)S3 GdmUWm; C:\Windows\System32\DRIVERS\gdmuwm.sys [111104 2013-07-03] (GCT Semiconductor, Inc.)R2 GdmWmPrt; C:\Windows\System32\DRIVERS\gdmwmprt.sys [32768 2013-07-03] (GCT Semiconductor, Inc.)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-01] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-28] ()S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-01 15:51 - 2015-03-01 15:51 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion2015-03-01 06:57 - 2015-03-01 06:57 - 00000000 ____D () C:\ProgramData\APN2015-03-01 05:31 - 2015-03-01 05:31 - 00279176 _____ () C:\Windows\Minidump\030115-24913-01.dmp2015-03-01 05:20 - 2015-03-01 06:24 - 00001154 _____ () C:\Users\user\Desktop\Fixlist.txt2015-02-28 23:06 - 2015-02-28 23:03 - 00005456 _____ () C:\Users\user\Desktop\RKreport_SCN_02282015_230229.log2015-02-28 22:57 - 2015-02-28 22:57 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys2015-02-28 22:57 - 2015-02-28 22:57 - 00000000 ____D () C:\ProgramData\RogueKiller2015-02-28 22:52 - 2015-02-28 22:52 - 00027093 _____ () C:\Users\user\Desktop\Addition.txt2015-02-28 22:52 - 2015-02-28 22:52 - 00023373 _____ () C:\Users\user\Desktop\FRST.txt2015-02-28 22:51 - 2015-03-01 15:52 - 00026408 _____ () C:\Users\user\Downloads\Addition.txt2015-02-28 22:50 - 2015-03-01 16:01 - 00015405 _____ () C:\Users\user\Downloads\FRST.txt2015-02-28 22:50 - 2015-03-01 16:01 - 00000000 ____D () C:\FRST2015-02-28 21:39 - 2015-02-28 21:39 - 00279176 _____ () C:\Windows\Minidump\022815-23446-01.dmp2015-02-28 21:33 - 2015-02-28 22:58 - 00002727 _____ () C:\Users\user\Desktop\malwarebyte help.txt2015-02-28 21:03 - 2015-03-01 15:51 - 02092544 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe2015-02-28 20:28 - 2015-02-28 20:28 - 00279176 _____ () C:\Windows\Minidump\022815-22557-01.dmp2015-02-28 20:22 - 2015-02-28 20:22 - 00279176 _____ () C:\Windows\Minidump\022815-18064-01.dmp2015-02-28 20:14 - 2015-02-28 20:14 - 00279176 _____ () C:\Windows\Minidump\022815-22869-01.dmp2015-02-28 20:11 - 2015-03-01 05:31 - 00000000 ____D () C:\Windows\Minidump2015-02-28 20:11 - 2015-02-28 20:11 - 00279176 _____ () C:\Windows\Minidump\022815-16645-01.dmp2015-02-28 19:41 - 2015-03-01 06:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-28 19:40 - 2015-02-28 19:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-02-28 19:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-02-28 19:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-02-28 19:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-02-28 19:27 - 2015-02-28 19:27 - 00015519 _____ () C:\ComboFix.txt2015-02-26 23:32 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe2015-02-26 23:32 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe2015-02-26 23:32 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2015-02-26 23:32 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2015-02-26 23:32 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2015-02-26 23:32 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe2015-02-26 23:32 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe2015-02-26 23:32 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe2015-02-26 23:27 - 2015-02-28 19:27 - 00000000 ____D () C:\Qoobox2015-02-26 23:26 - 2015-02-26 23:41 - 00000000 ____D () C:\Windows\erdnt2015-02-26 19:51 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-195132.backup2015-02-26 19:50 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-195036.backup2015-02-26 19:45 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-194553.backup2015-02-26 19:22 - 2015-02-26 19:22 - 00000000 ____D () C:\Users\user\Documents\ProcAlyzer Dumps2015-02-24 23:36 - 2015-02-27 20:11 - 00000000 ____D () C:\Users\user\Desktop\TeMM2015-02-24 10:53 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-105335.backup2015-02-24 06:05 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-060503.backup2015-02-24 05:07 - 2015-02-24 05:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2015-02-24 05:06 - 2015-02-24 05:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2015-02-24 05:06 - 2015-02-24 05:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22015-02-24 05:06 - 2015-02-24 05:06 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2015-02-24 05:06 - 2015-02-24 05:06 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2015-02-24 05:06 - 2015-02-24 05:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22015-02-24 05:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2015-02-23 15:14 - 2015-02-23 15:14 - 00032867 _____ () C:\Users\user\Downloads\Gintama 001-002 - You Jerks! And You Claim to Have Gintama.torrent2015-02-23 14:57 - 2015-02-23 14:57 - 00055068 _____ () C:\Users\user\Downloads\(AnimeOut) Gintama (Season 1-4) (Complete Batch) (480p - 70MB - Encoded).torrent2015-02-23 12:59 - 2015-02-28 20:11 - 00008720 _____ () C:\Windows\PFRO.log2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\Edstion2015-02-10 00:14 - 2015-02-10 00:14 - 00002305 _____ () C:\Users\user\Desktop\Chrome App Launcher.lnk2015-02-10 00:14 - 2015-02-10 00:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-02-05 19:27 - 2015-02-05 22:37 - 00000000 ____D () C:\Users\user\Desktop\BEL 3112015-02-03 18:30 - 2015-03-01 15:59 - 00004734 _____ () C:\Windows\setupact.log2015-02-03 18:30 - 2015-02-03 18:30 - 00000000 _____ () C:\Windows\setuperr.log2015-02-02 02:35 - 2015-02-02 02:35 - 00015708 _____ () C:\Users\user\Downloads\[kickass.so]goliyon.ki.raasleela.ram.leela.2014.1080p.dvdrip.x264team.ddh.rg.torrent2015-01-30 22:40 - 2015-01-30 22:47 - 18485739 _____ () C:\Users\user\Downloads\Nagada Sang Dhol Song - Goliyon Ki Raasleela Ram-leela ft. Deepika Padukone, Ranveer Singh.mp4 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-01 15:59 - 2013-12-07 22:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-01 15:59 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-03-01 15:58 - 2014-08-25 23:33 - 00000000 ____D () C:\Windows\pss2015-03-01 15:58 - 2013-03-09 18:30 - 01432345 _____ () C:\Windows\WindowsUpdate.log2015-03-01 15:56 - 2009-07-14 12:45 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-03-01 15:56 - 2009-07-14 12:45 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-03-01 06:54 - 2014-08-30 11:18 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2015-03-01 06:54 - 2014-08-30 11:18 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2015-03-01 06:54 - 2014-08-30 11:18 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2015-03-01 06:54 - 2014-08-30 11:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-03-01 06:54 - 2014-03-21 22:24 - 00000000 ____D () C:\ProgramData\Oracle2015-03-01 06:54 - 2013-07-05 21:41 - 00000000 ____D () C:\Program Files (x86)\Java2015-03-01 06:43 - 2013-12-07 22:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-01 05:29 - 2014-06-23 14:54 - 00000000 ____D () C:\temp2015-03-01 05:22 - 2013-04-03 18:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache2015-03-01 01:19 - 2014-01-10 21:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM2015-02-28 22:49 - 2013-08-08 23:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent2015-02-28 19:39 - 2014-01-10 21:04 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager2015-02-28 19:22 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini2015-02-28 03:41 - 2014-03-23 00:14 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-26 23:44 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default2015-02-24 02:15 - 2013-06-11 23:17 - 00000000 ___RD () C:\Users\user\Desktop\all2015-02-24 02:03 - 2013-04-03 18:03 - 00000000 ____D () C:\Users\user\Downloads\Video2015-02-23 15:47 - 2013-03-27 21:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent2015-02-21 23:44 - 2013-06-23 16:35 - 00000000 ___RD () C:\Users\user\Documents\Homework2015-02-15 23:55 - 2014-01-10 21:04 - 00000000 ____D () C:\Users\user\Downloads\Compressed2015-02-05 04:38 - 2013-12-07 22:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-05 04:38 - 2013-12-07 22:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-03 05:45 - 2013-03-09 21:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic2015-02-03 05:01 - 2013-04-08 17:20 - 00000000 ____D () C:\Users\user\dwhelper ==================== Files in the root of some directories ======= 2014-07-17 10:47 - 2014-07-17 10:47 - 0006144 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-08-26 20:11 - 2014-08-26 20:15 - 0000000 _____ () C:\Users\user\AppData\Local\{79B9CA41-C31A-434F-A63A-2D2644B63DF4} Some content of TEMP:====================C:\Users\user\AppData\Local\Temp\APNSetup.exeC:\Users\user\AppData\Local\Temp\avgnt.exeC:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-24 14:48 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015Ran by user at 2015-03-01 16:02:11Running from C:\Users\user\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29342 - BitTorrent Inc.)AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.17 - STMicroelectronics)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.257 - Adobe Systems Incorporated)Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) HiddenAvira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)Connect (HKLM-x32\...\{0699889D-F7F8-48BE-8C2E-694599E72F0D}) (Version: 1.9.10.0 - YTL Communications)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1811.7429 - CyberLink Corp.)GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.40.5106 - Gretech Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenIBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)K-Lite Codec Pack 9.0.2 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.0.2 - )Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.5 r1842 - )Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)Validity Sensors DDK (HKLM\...\{661DD62F-D0F2-4573-902B-DBCAAD8229AF}) (Version: 3.1.379 - Validity Sensors, Inc.)VideoLAN VLC media player 0.8.4a (HKLM-x32\...\VLC media player) (Version: 0.8.4a - VideoLAN Team)WEBook3 (HKLM-x32\...\com.adobe.example.WEBook3.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)WEBook3 (x32 Version: 1.0 - UNKNOWN) HiddenWIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 5.0.60.0625 - Xilisoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-02-2015 19:13:15 ComboFix created restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2015-02-28 19:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3B37228C-C85B-480A-886C-2E7C57B5B321} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)Task: {3F7F488F-4912-4746-93C4-7DC99AC972D6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {600CB13C-D8DB-4D52-B7AC-BD6CD345738E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: {636C01A7-02F4-4895-A463-770988CFCF94} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: {C43C20DF-4A38-4F76-963E-EB008F2E02AD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: {DCB30B26-F504-42E8-8C90-7C5B37222581} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)Task: {F17E3BB4-ECC6-4599-BE29-57F2E90A13DC} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3343311198-1188524082-4047472181-1000Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2009-07-01 18:54 - 2009-07-01 18:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll2013-03-09 20:59 - 2010-10-01 09:48 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe2013-07-21 22:14 - 2012-04-21 15:11 - 00077064 ____N () C:\Program Files (x86)\WordWeb\wweb32.exe2014-08-27 14:57 - 2014-08-27 14:57 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll2013-07-21 22:14 - 2012-04-21 11:30 - 02213120 ____N () C:\Windows\wweb32.dll2013-07-21 22:14 - 2012-04-21 11:28 - 00022800 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll2015-03-01 06:35 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll2015-02-24 05:06 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2015-02-24 05:06 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2015-02-24 05:06 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2MSCONFIG\Services: AntiVirSchedulerService => 2MSCONFIG\Services: btwdins => 2MSCONFIG\Services: GCTWiMaxServiceD => 2MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: MBAMScheduler => 2MSCONFIG\Services: MBAMService => 2MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: SDScannerService => 2MSCONFIG\Services: SDUpdateService => 2MSCONFIG\Services: SDWSCService => 2MSCONFIG\Services: vcsFPService => 2MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.StartupMSCONFIG\startupreg: LaunchYTLCM => C:\Program Files (x86)\Yes\Connect\Connect.exeMSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s ==================== Accounts: ============================= Administrator (S-1-5-21-3343311198-1188524082-4047472181-500 - Administrator - Disabled)Guest (S-1-5-21-3343311198-1188524082-4047472181-501 - Limited - Disabled)user (S-1-5-21-3343311198-1188524082-4047472181-1000 - Administrator - Enabled) => C:\Users\user ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (03/01/2015 07:01:09 AM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome Error: (02/28/2015 09:51:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object. Details:Could not query the status of the EventSystem service. System Error:A system shutdown is in progress.. Error: (02/28/2015 09:10:26 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c). Error: (02/28/2015 09:10:23 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c). Error: (02/28/2015 08:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc000041dFault offset: 0x73f74b02Faulting process id: 0x15e0Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (02/28/2015 08:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc000041dFault offset: 0x73f74b02Faulting process id: 0x9a0Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (02/28/2015 07:58:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc000041dFault offset: 0x73f74b02Faulting process id: 0x1b20Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (02/28/2015 07:55:56 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc000041dFault offset: 0x73f74b02Faulting process id: 0xd1cFaulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (02/28/2015 07:54:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: idmBroker.exe, version: 6.18.7.1, time stamp: 0x527a42ddFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc000041dFault offset: 0x73f74b02Faulting process id: 0xd54Faulting application start time: 0xidmBroker.exe0Faulting application path: idmBroker.exe1Faulting module path: idmBroker.exe2Report Id: idmBroker.exe3 Error: (02/28/2015 07:53:46 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc000041dFault offset: 0x73f74b02Faulting process id: 0x12a8Faulting application start time: 0xrundll32.exe0Faulting application path: rundll32.exe1Faulting module path: rundll32.exe2Report Id: rundll32.exe3 System errors:=============Error: (03/01/2015 03:59:21 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "USER-PC :20" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.5 did not allow the name to be claimed bythis computer. Error: (03/01/2015 03:59:21 PM) (Source: Server) (EventID: 2505) (User: )Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D5580B14-D1F1-4B82-8BE3-6F9DAF815B4B} because another computer on the network has the same name. The server could not start. Error: (03/01/2015 03:59:14 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "USER-PC :0" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.5 did not allow the name to be claimed bythis computer. Error: (03/01/2015 03:49:13 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "USER-PC :20" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.5 did not allow the name to be claimed bythis computer. Error: (03/01/2015 03:49:13 PM) (Source: Server) (EventID: 2505) (User: )Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D5580B14-D1F1-4B82-8BE3-6F9DAF815B4B} because another computer on the network has the same name. The server could not start. Error: (03/01/2015 03:49:08 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "USER-PC :0" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.5 did not allow the name to be claimed bythis computer. Error: (03/01/2015 07:04:11 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "USER-PC :0" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.5 did not allow the name to be claimed bythis computer. Error: (03/01/2015 06:34:19 AM) (Source: Server) (EventID: 2505) (User: )Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D5580B14-D1F1-4B82-8BE3-6F9DAF815B4B} because another computer on the network has the same name. The server could not start. Error: (03/01/2015 06:34:13 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "USER-PC :20" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.5 did not allow the name to be claimed bythis computer. Error: (03/01/2015 06:33:31 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "USER-PC :0" could not be registered on the interface with IP address 192.168.1.6.The computer with the IP address 192.168.1.5 did not allow the name to be claimed bythis computer. Microsoft Office Sessions:=========================Error: (03/01/2015 07:01:09 AM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/28/2015 09:51:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )Description: Details:Could not query the status of the EventSystem service. System Error:A system shutdown is in progress. Error: (02/28/2015 09:10:26 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c Error: (02/28/2015 09:10:23 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c Error: (02/28/2015 08:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b0215e001d0534ec4e92162C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown05132150-bf42-11e4-8d58-f04da2ca9ba5 Error: (02/28/2015 08:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b029a001d0534e59861629C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown97cb225e-bf41-11e4-8d58-f04da2ca9ba5 Error: (02/28/2015 07:58:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b021b2001d0534dee26b47eC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown2c8e1644-bf41-11e4-8d58-f04da2ca9ba5 Error: (02/28/2015 07:55:56 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b02d1c01d0534d82c83d37C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownc09817b4-bf40-11e4-8d58-f04da2ca9ba5 Error: (02/28/2015 07:54:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: idmBroker.exe6.18.7.1527a42ddunknown0.0.0.000000000c000041d73f74b02d5401d0534d41249acbC:\Program Files (x86)\Internet Download Manager\idmBroker.exeunknown7ed68c98-bf40-11e4-8d58-f04da2ca9ba5 Error: (02/28/2015 07:53:46 PM) (Source: Application Error) (EventID: 1000) (User: )Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c000041d73f74b0212a801d0534d3501479cC:\Windows\SysWOW64\rundll32.exeunknown72c1435d-bf40-11e4-8d58-f04da2ca9ba5 CodeIntegrity Errors:=================================== Date: 2015-02-28 19:20:15.198 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-28 19:20:15.182 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-28 19:20:15.182 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-28 19:20:15.182 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-26 23:37:12.304 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-26 23:37:12.304 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i5 CPU M 460 @ 2.53GHzPercentage of memory in use: 35%Total physical RAM: 2934.68 MBAvailable physical RAM: 1883.02 MBTotal Pagefile: 5867.52 MBAvailable Pagefile: 4569.68 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:97.56 GB) (Free:12.8 GB) NTFSDrive d: (DATA) (Fixed) (Total:368.1 GB) (Free:45.65 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1C34AD4E)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Hi, I can borrow my friend's pc if i have to, and i do have a flashdrive. I've repeated the above process basically. This time the pc didn't crash, but there's no 2nd log generated anywhere even after i rebooted after changing the msconfig to normal. Can you take a look at the printscreen of my desktop in the attachment- i got new "security alert"- which i assumed is still the trojan running around so here's the first log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01Ran by user at 2015-03-01 06:32:18 Run:3Running from C:\Users\user\DownloadsLoaded Profiles: user (Available profiles: user)Boot Mode: Normal============================================== Content of fixlist:*****************startShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dllCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} URL = http://www.mysearchr...q={searchTerms}SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} URL = http://websearch.ask...FD-ADE0B2A864ACFF SearchEngineOrder.1: Ask.comEmptyTemp:end ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider => Key not found. HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => Key not found. "C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll" => File/Directory not found.HKLM\SOFTWARE\Policies\Google => Key not found. HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google => Key not found. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} => Key not found. HKCR\CLSID\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} => Key not found. HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} => Key not found. HKCR\CLSID\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} => Key not found. Firefox SearchEngineOrder.1 deleted successfully.EmptyTemp: => Removed 107 KB temporary data. The system needed a reboot. ==== End of Fixlog 06:32:33 ====

hello, I've tried rebooting after altering the msconfig to normal startup, and the pc restarted in normal mode. However, before i got to run FRST, the pc crashed and now i'm back to safe mode with networking again...... What should i do? Also, thanks so much for helping me. I really appreciate this.

Hello Kevin, i've run FRST, and it asked to reboot. This is the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01Ran by user at 2015-03-01 05:21:17 Run:1Running from C:\Users\user\DownloadsLoaded Profiles: user (Available profiles: user)Boot Mode: Normal============================================== Content of fixlist:*****************startShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dllCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} URL = http://www.mysearchr...q={searchTerms}SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} URL = http://websearch.ask...FD-ADE0B2A864ACFF SearchEngineOrder.1: Ask.comEmptyTemp:end ***************** "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => Key deleted successfully."HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}" => Key deleted successfully.Could not move "C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll" => Scheduled to move on reboot."HKLM\SOFTWARE\Policies\Google" => Key deleted successfully."HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google" => Key deleted successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully."HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B}" => Key deleted successfully.HKCR\CLSID\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} => Key not found. "HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1}" => Key deleted successfully.HKCR\CLSID\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} => Key not found. Firefox SearchEngineOrder.1 deleted successfully.EmptyTemp: => Removed 128.3 MB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-01 05:23:55)<= C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll => Is moved successfully. ==== End of Fixlog 05:23:55 ==== I'll post the 2nd log after i reboot normally shortly

Hello Kevin, Just finished running the roguekiller tool. Here's the report RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : user [Administrator]Mode : Scan -- Date : 02/28/2015 23:02:29 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 24 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider | (default) : {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -> Found[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601; -> Found[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601; -> Found[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601; -> Found[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601; -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71C3A964-2FA0-441A-88BA-3344E8010A33} | DhcpNameServer : 10.0.7.12 10.0.8.19 [(Private Address) (XX)][(Private Address) (XX)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AC4077E-5434-4122-B7C3-F6E992F1A50C} | DhcpNameServer : 183.78.0.142 183.78.0.145 [MALAYSIA (MY)][MALAYSIA (MY)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{71C3A964-2FA0-441A-88BA-3344E8010A33} | DhcpNameServer : 10.0.7.12 10.0.8.19 [(Private Address) (XX)][(Private Address) (XX)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7AC4077E-5434-4122-B7C3-F6E992F1A50C} | DhcpNameServer : 183.78.0.142 183.78.0.145 [MALAYSIA (MY)][MALAYSIA (MY)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{71C3A964-2FA0-441A-88BA-3344E8010A33} | DhcpNameServer : 10.0.7.12 10.0.8.19 [(Private Address) (XX)][(Private Address) (XX)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7AC4077E-5434-4122-B7C3-F6E992F1A50C} | DhcpNameServer : 183.78.0.142 183.78.0.145 [MALAYSIA (MY)][MALAYSIA (MY)] -> Found[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] 321750dc2c25e7500ed178a32a5ab811[bSP] ee4966fd2367ef4d406bfaff226a9519 : Windows Vista/7/8 MBR CodePartition table:User = LL1 ... OKUser = LL2 ... OK RKreport_SCN_02282015_230229.log