Jump to content

Ad show up on bottom left corner


Recommended Posts

Hello everybody,

 

since a week or so i encounter some annoying ad showing up on the bottom left corner. This occurs on almost every website i visit and i also got re-directed from time to time.

 

I atteched a printscreen of the pop-up and the re-directed website. But in general the pop-up also show up on Facebook, forums etc etc.

 

I tried to use:

Ccleaner

adwcleaner

malwarebytes anti-rootkit

ad-aware

microsoft essentials

combofix

spyhunter

maybe some more but i forgot.

 

And i noticed my host file was changed so i changed that back but nothing seem to help.

It really driving me crazy! I would really like some help and i hope i gave enough information.

Regards,

 

Oscar from The Netherlands.

 

 

 

post-159762-0-33771500-1396351025_thumb.

Link to post
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then....please start HERE <-------- (may not run on W8)

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.01.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Oscar :: OSCAR-PC [administrator]

4/1/2014 9:57:11 PM
mbam-log-2014-04-01 (21-57-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222706
Time elapsed: 13 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 11.0.2
Run by Oscar at 22:20:25 on 2014-04-01
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3072.1921 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
D:\Files\Alcohol120\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\DeltaIITray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
D:\Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre8\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre8\bin\jp2ssv.dll
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] d:\files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll


TCP: NameServer = 192.168.1.1
TCP: Interfaces\{866A9371-752B-4FD3-A003-259BAD6D0D8D} : NameServer = 94.242.222.66,8.8.8.8
TCP: Interfaces\{866A9371-752B-4FD3-A003-259BAD6D0D8D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FD5D72CA-E5BB-480F-87F3-C748576E94EA} : NameServer = 94.242.222.66,8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2014-3-29 64288]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104264]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-12-27 14658848]
R2 StarWindServiceAE;StarWind AE Service;d:\files\alcohol120\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2009-7-27 302472]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-3-23 40776]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1169232]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2013-12-27 1494304]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2013-10-25 25856]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2013-10-25 23168]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2013-10-25 27776]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-27 108032]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-27 34080]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-6-23 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-6-23 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-9-14 1343400]
.
=============== Created Last 30 ================
.
2014-04-01 19:54:30 -------- d-----w- c:\users\oscar\appdata\roaming\Malwarebytes
2014-04-01 19:54:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-01 19:53:49 -------- d-----w- c:\users\oscar\appdata\local\Programs
2014-04-01 10:28:49 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eefeb30b-02aa-4ebd-bef0-813cfd3ac667}\gapaengine.dll
2014-04-01 10:27:48 7969936 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9d60ec2e-7b59-4477-9a65-cf9c813e29d5}\mpengine.dll
2014-03-31 22:27:44 7969936 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-03-31 22:26:31 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-31 22:13:36 98816 ----a-w- c:\windows\sed.exe
2014-03-31 22:13:36 256000 ----a-w- c:\windows\PEV.exe
2014-03-31 22:13:36 208896 ----a-w- c:\windows\MBR.exe
2014-03-31 22:01:31 96664 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-31 21:52:23 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 21:52:23 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-31 21:17:44 -------- d-----w- c:\users\oscar\appdata\local\temp
2014-03-30 21:29:52 135168 ----a-w- c:\windows\system32\igfxres.dll
2014-03-30 18:46:59 -------- d-----w- c:\users\oscar\appdata\roaming\Belastingdienst
2014-03-30 10:22:08 15688 ----a-w- c:\windows\system32\lsdelete.exe
2014-03-29 20:16:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-29 20:15:43 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2014-03-29 19:55:18 -------- dc-h--w- c:\programdata\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}
2014-03-29 19:55:00 -------- d-----w- c:\program files\Lavasoft
2014-03-28 17:52:51 -------- d-----w- c:\users\oscar\appdata\local\DOSBox
2014-03-28 17:37:18 -------- d-----w- c:\program files\Oldgames
2014-03-28 16:06:34 -------- d-----w- C:\AdwCleaner
2014-03-27 11:56:27 -------- d-----w- c:\windows\Migration
2014-03-27 10:05:13 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-03-27 10:05:13 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-03-27 10:05:12 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-03-27 10:05:12 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-03-27 10:05:11 428032 ----a-w- c:\windows\system32\secproc.dll
2014-03-27 10:05:11 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-03-27 10:05:10 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-03-27 10:05:10 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-03-27 10:05:10 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-03-23 14:36:22 -------- d-----w- c:\users\oscar\appdata\roaming\Flash
2014-03-23 10:06:19 -------- d-----w- c:\programdata\Malwarebytes
2014-03-23 10:06:07 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-23 10:05:34 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-23 09:52:27 388096 ----a-r- c:\users\oscar\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2014-03-17 15:56:21 -------- d-----w- c:\programdata\Oracle
2014-03-14 20:08:14 -------- d-----w- c:\users\oscar\appdata\roaming\MusicNet
2014-03-10 17:25:28 -------- d-----w- c:\windows\en
2014-03-10 17:24:32 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-03-10 17:16:18 89944 -c--a-w- c:\program files\common files\windows live\.cache\6ebb59b01cf3c8405\DSETUP.dll
2014-03-10 17:16:18 537432 -c--a-w- c:\program files\common files\windows live\.cache\6ebb59b01cf3c8405\DXSETUP.exe
2014-03-10 17:16:18 1801048 -c--a-w- c:\program files\common files\windows live\.cache\6ebb59b01cf3c8405\dsetup32.dll
2014-03-10 17:15:55 537432 -c--a-w- c:\program files\common files\windows live\.cache\61ade9f91cf3c8402\DXSETUP.exe
2014-03-10 17:15:54 89944 -c--a-w- c:\program files\common files\windows live\.cache\61ade9f91cf3c8402\DSETUP.dll
2014-03-10 17:15:54 1801048 -c--a-w- c:\program files\common files\windows live\.cache\61ade9f91cf3c8402\dsetup32.dll
2014-03-10 17:15:41 525656 -c--a-w- c:\program files\common files\windows live\.cache\594ce44d1cf3c8401\DXSETUP.exe
2014-03-10 17:15:40 94040 -c--a-w- c:\program files\common files\windows live\.cache\594ce44d1cf3c8401\DSETUP.dll
2014-03-10 17:15:40 1691480 -c--a-w- c:\program files\common files\windows live\.cache\594ce44d1cf3c8401\dsetup32.dll
2014-03-10 17:15:28 -------- d-----w- c:\users\oscar\appdata\local\Windows Live
2014-03-10 17:15:03 -------- d-----w- c:\program files\common files\Windows Live
2014-03-08 13:11:19 -------- d-----w- c:\users\oscar\.dvdcss
.
==================== Find3M  ====================
.
2014-03-11 07:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-01-24 23:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-10 12:31:32 322240 ----a-w- c:\windows\WLXPGSS.SCR
.
============= FINISH: 22:21:51.03 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 6/23/2013 12:32:00 AM
System Uptime: 4/1/2014 9:39:50 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 085Ch
Processor: Intel® Pentium® 4 CPU 2.80GHz | XU1 PROCESSOR | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 120.536 GiB free.
D: is FIXED (NTFS) - 57 GiB total, 40.783 GiB free.
E: is FIXED (NTFS) - 19 GiB total, 11.234 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is FIXED (FAT32) - 931 GiB total, 355.975 GiB free.
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1244EBE3&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1244EBE3&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP148: 4/1/2014 12:05:17 AM - ComboFix created restore point
RP149: 4/1/2014 12:37:54 PM - Windows Update
.
==== Installed Programs ======================
.
Ad-Aware
Adobe Audition 1.5
Adobe Audition 3.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 13 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader XI (11.0.06)
Adobe Stock Photos 1.0
CCleaner
D3DX10
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
DJ OldGames Package: Z
FileHippo.com Update Checker
FL Studio 6
GeForce Experience NvStream Client Components
HiJackThis
HP SetRefresh
Image Resizer Powertoy Clone for Windows
Intel® Extreme Graphics 2 Driver
Java 8
Java Auto Updater
LG United Mobile Driver
M-Audio Delta Driver 6.0.2 (x86)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft LifeCam
Microsoft Lync MUI (English) 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word MUI (English) 2013
Movie Maker
MSVCRT
MSVCRT110
NVIDIA GeForce Experience 1.8.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 10.11.15
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
OJOsoft Total Video Converter
Outils de vérification linguistique 2013 de Microsoft Office - Français
Photo Common
Photo Gallery
PS3 Media Server
Robin Hood: The Legend Of Sherwood
ScummVM 1.2.1
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2768005) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2850064) 32-Bit Edition
Security Update for Microsoft Word 2013 (KB2827224) 32-Bit Edition
Security Update for Microsoft Word 2013 (KB2863834) 32-Bit Edition
SHIELD Streaming
Skype™ 6.11
Speccy
SpyHunter
StepMania (remove only)
SubSync
System Requirements Lab for Intel
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition
VLC media player 2.0.8
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 5.01 (32-bit)
Zod Engine
.
==== Event Viewer Messages From Past Week ========
.
4/1/2014 9:49:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2929733).
4/1/2014 9:49:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2912390).
4/1/2014 9:49:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2872339).
4/1/2014 9:49:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2864202).
4/1/2014 9:49:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2862330).
4/1/2014 9:49:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2847077).
4/1/2014 9:49:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2868626).
4/1/2014 9:49:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2868038).
4/1/2014 9:49:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2898857).
4/1/2014 9:49:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2861698).
4/1/2014 9:49:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2868116).
4/1/2014 9:49:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2853952).
4/1/2014 9:49:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2862152).
4/1/2014 9:49:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2901112).
4/1/2014 9:49:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2900986).
4/1/2014 9:49:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2913431).
4/1/2014 9:49:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2846960).
4/1/2014 9:49:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2876331).
4/1/2014 9:49:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2863240).
4/1/2014 9:49:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Internet Explorer 11 for Windows 7 (KB2909210).
4/1/2014 9:49:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2929755).
4/1/2014 9:49:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2852386).
4/1/2014 9:49:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2930275).
4/1/2014 9:49:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2887069).
4/1/2014 9:49:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2911501).
4/1/2014 9:49:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2918077).
4/1/2014 9:49:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2904266).
4/1/2014 9:49:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2876284).
4/1/2014 9:49:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2847311).
4/1/2014 9:49:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2861191).
4/1/2014 9:49:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2913152).
4/1/2014 9:49:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2916036).
4/1/2014 9:49:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2893294).
4/1/2014 9:49:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2892074).
4/1/2014 9:49:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB2925418).
4/1/2014 9:49:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2919469).
4/1/2014 9:49:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2893519).
4/1/2014 9:49:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2891804).
4/1/2014 9:49:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2836943).
4/1/2014 9:49:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2929961).
4/1/2014 9:49:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2884256).
4/1/2014 9:49:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2868725).
4/1/2014 9:49:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2864058).
4/1/2014 9:49:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2862973).
4/1/2014 9:49:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2862335).
4/1/2014 9:46:36 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
4/1/2014 9:38:59 PM, Error: Service Control Manager [7043]  - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
4/1/2014 9:38:25 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
4/1/2014 12:39:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430).
4/1/2014 12:39:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688).
4/1/2014 12:25:03 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/31/2014 9:22:11 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
3/31/2014 11:57:58 PM, Error: Service Control Manager [7034]  - The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
3/29/2014 8:55:42 PM, Error: Service Control Manager [7030]  - The Lavasoft Ad-Aware Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/29/2014 7:59:35 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/29/2014 10:04:42 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/28/2014 6:25:02 PM, Error: Service Control Manager [7000]  - The Adobe Flash Player Update Service service failed to start due to the following error:  Access is denied.
3/28/2014 5:12:17 PM, Error: Service Control Manager [7038]  - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/28/2014 5:12:17 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not start due to a logon failure.
3/28/2014 5:12:16 PM, Error: Service Control Manager [7038]  - The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/28/2014 5:12:16 PM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not start due to a logon failure.
3/28/2014 5:11:47 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/28/2014 5:11:46 PM, Error: Service Control Manager [7034]  - The StarWind AE Service service terminated unexpectedly.  It has done this 1 time(s).
3/28/2014 5:11:46 PM, Error: Service Control Manager [7034]  - The MSCamSvc service terminated unexpectedly.  It has done this 1 time(s).
3/28/2014 5:11:46 PM, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
3/28/2014 5:11:46 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/28/2014 5:11:46 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/28/2014 5:11:46 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

Link to post
Share on other sites

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Oscar [Admin rights]
Mode : Scan -- Date : 04/01/2014 22:35:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{866A9371-752B-4FD3-A003-259BAD6D0D8D} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{FD5D72CA-E5BB-480F-87F3-C748576E94EA} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{866A9371-752B-4FD3-A003-259BAD6D0D8D} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{FD5D72CA-E5BB-480F-87F3-C748576E94EA} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{866A9371-752B-4FD3-A003-259BAD6D0D8D} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{FD5D72CA-E5BB-480F-87F3-C748576E94EA} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[iRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x8526C1F8)
[Address] IRP[iRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x8526C1F8)
[Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x8526C1F8)
[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x8526C1F8)
[Address] IRP[iRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x8526C1F8)
[Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x8526C1F8)
[Address] IRP[iRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x8526C1F8)
[Address] IAT @explorer.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Windows\system32\apphelp.dll @ 0x7592FFF6)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747009AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F49A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74720731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F6395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747008ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F94AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F6A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74713B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747235E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F53E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F51BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F4EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F63E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FFCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74722FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747206CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F4BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747004BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74700473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74722E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747005DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74700FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FCD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FF8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FBF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F7C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74722932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74722412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FFF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747223B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F86E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747006E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FCDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74722350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74713FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74703611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747039D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747222E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74723172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74713274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7472301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747229C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74722BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7472320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74722B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F2D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FF992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74701081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FDF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74703CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FF869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F2E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FF785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F60AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7472312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F85B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F73D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74713D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74723296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74700134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746FB176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7472068D)
[Address] EAT @explorer.exe (DllGetClassObject) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428CF8D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DFF0)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E019)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E039)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DD1A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EA8A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EAAD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EAD0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E9C3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E9E6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EA0F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EA61)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EA38)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D835)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E99A)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D812)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D992)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D858)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D8CA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DC64)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E9C3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DBF5)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DB77)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DB4E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D992)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DB22)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DBCC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DBA3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DD1A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D87E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D8CA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D8A7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D9B5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EAF3)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DFA7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DAF6)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DA07)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D9D5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DACD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DA61)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D7EC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DC15)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DCEE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D812)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DC38)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DC15)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D7EC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D90D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E971)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DC64)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DC87)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EB65)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D79A)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D7C3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E948)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DC15)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E99A)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D87E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E971)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D8ED)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DC15)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DCB7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D547)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D570)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D6AA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D6D6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D646)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D61D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D51E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D67B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D4C9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D491)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D456)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D41E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D5C2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D6FC)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxôæóµðZø"BÿÿÿÿüZtD7æóµG) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D722)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D4F5)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DACD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D771)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D748)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D599)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DC15)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D7EC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DFA7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D812)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E039)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D7EC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D8CA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DFCA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D95C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D87E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D835)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D992)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EB65)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D933)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D812)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D90D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EAF3)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DD40)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EB16)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DD40)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DD63)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DDA8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DF7D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DE7C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428EB42)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D01B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E60D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D0DC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D2D0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428D207)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E062)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428E1A4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7428DD89)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) MAXTOR STM3160215A ATA Device +++++
--- User ---
[MBR] 5318f458e78968e4a9a049b969adf820
[bSP] 3ec6a61d232f62d026a2877668b6bcf1 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Maxtor 6Y080P0 ATA Device +++++
--- User ---
[MBR] b0695af1b63ca69c1e8639dfa9ed1a69
[bSP] 6dce205054ffe344046901c94d236368 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 58634 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 120083040 | Size: 19527 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) WD 10EADS External USB Device +++++
--- User ---
[MBR] a65cf760d43b336347fb57bc883ace24
[bSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_04012014_223532.txt >>

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

So i pasted the FRST log and attached the addition log. Is there some reason i must attach the Addition log?

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Oscar (administrator) on OSCAR-PC on 01-04-2014 22:57:16
Running from D:\Files\Anti virus en spy tools
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Rocket Division Software) D:\Files\Alcohol120\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\System32\DeltaIITray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [M-Audio Taskbar Icon] - C:\Windows\system32\DeltaIITray.exe [236040 2009-07-27] ()
HKLM\...\Run: [igfxhkcmd] - C:\Windows\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\Windows\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - D:\Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE39A6CAA66FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{866A9371-752B-4FD3-A003-259BAD6D0D8D}: [NameServer]94.242.222.66,8.8.8.8
Tcpip\..\Interfaces\{FD5D72CA-E5BB-480F-87F3-C748576E94EA}: [NameServer]94.242.222.66,8.8.8.8

========================== Services (Whitelisted) =================

S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1169232 2009-09-24] (Lavasoft)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)
R2 StarWindServiceAE; D:\Files\Alcohol120\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
R3 DELTAII; C:\Windows\System32\DRIVERS\MAudioDelta.sys [302472 2009-07-27] (Avid Technology, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2009-09-23] (Lavasoft AB)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl56b37c2f; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D60EC2E-7B59-4477-9A65-CF9C813E29D5}\MpKsl56b37c2f.sys [39464 2014-04-01] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-10-03] (Duplex Secure Ltd.)
U3 aj4ayizu; C:\Windows\system32\Drivers\aj4ayizu.sys [0 ] (Advanced Micro Devices)
S3 Ad-Watch Connect Filter; \??\C:\Windows\system32\drivers\NSDriver.sys [X]
S3 Ad-Watch Real-Time Scanner; \??\C:\Windows\system32\drivers\AWRTPD.sys [X]
S3 Ad-Watch Registry Filter; \??\C:\Windows\system32\drivers\AWRTRD.sys [X]
S3 catchme; \??\C:\Users\Oscar\AppData\Local\Temp\catchme.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\Oscar\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-01 22:57 - 2014-04-01 22:57 - 00000000 ____D () C:\FRST
2014-04-01 22:35 - 2014-04-01 22:35 - 00030615 _____ () C:\Users\Oscar\Desktop\RKreport[0]_S_04012014_223532.txt
2014-04-01 22:30 - 2014-04-01 22:35 - 00000000 ____D () C:\Users\Oscar\Desktop\RK_Quarantine
2014-04-01 22:29 - 2014-04-01 22:30 - 03972608 _____ () C:\Users\Oscar\Desktop\RogueKiller.exe
2014-04-01 22:22 - 2014-04-01 22:22 - 00021380 _____ () C:\Users\Oscar\Desktop\attach.txt
2014-04-01 22:22 - 2014-04-01 22:21 - 00013944 _____ () C:\Users\Oscar\Desktop\dds.txt
2014-04-01 22:19 - 2014-04-01 22:19 - 00688992 ____R (Swearware) C:\Users\Oscar\Desktop\dds.scr
2014-04-01 21:54 - 2014-04-01 21:54 - 00000713 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 21:54 - 2014-04-01 21:54 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Malwarebytes
2014-04-01 21:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 19:33 - 2014-04-01 21:42 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
2014-04-01 19:33 - 2014-04-01 21:42 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
2014-04-01 19:33 - 2014-04-01 21:42 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
2014-04-01 19:33 - 2014-04-01 21:42 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
2014-04-01 13:24 - 2014-04-01 13:24 - 00267249 _____ () C:\Users\Oscar\Desktop\Computer.txt
2014-04-01 12:39 - 2014-04-01 12:39 - 00434598 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-01 12:38 - 2014-04-01 12:38 - 00434282 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-01 00:54 - 2014-04-01 21:40 - 00000224 _____ () C:\Windows\setupact.log
2014-04-01 00:54 - 2014-04-01 00:54 - 00003310 _____ () C:\Windows\PFRO.log
2014-04-01 00:54 - 2014-04-01 00:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-01 00:27 - 2014-04-01 00:27 - 00013918 _____ () C:\ComboFix.txt
2014-04-01 00:13 - 2014-04-01 00:27 - 00000000 ____D () C:\Qoobox
2014-04-01 00:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-01 00:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-01 00:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-01 00:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-01 00:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-01 00:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-01 00:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-01 00:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-01 00:11 - 2014-04-01 00:12 - 05192353 ____R (Swearware) C:\Users\Oscar\Desktop\ComboFix.exe
2014-04-01 00:03 - 2014-04-01 00:03 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-01 00:01 - 2014-04-01 00:01 - 00264600 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-01 00:01 - 2014-04-01 00:01 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-01 00:01 - 2014-04-01 00:01 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-01 00:01 - 2014-04-01 00:01 - 00096664 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-31 23:52 - 2014-04-01 22:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-31 23:52 - 2014-03-31 23:52 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-31 23:52 - 2014-03-31 23:52 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 23:41 - 2014-03-31 23:41 - 00000938 _____ () C:\Users\Oscar\Desktop\Update Checker.lnk
2014-03-31 22:59 - 2014-04-01 00:13 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 18:48 - 2014-03-31 18:48 - 00000733 _____ () C:\Users\Oscar\Desktop\Zod Engine.lnk
2014-03-31 18:48 - 2014-03-31 18:48 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zod Engine
2014-03-30 23:29 - 2005-09-20 10:31 - 00135168 _____ (Intel Corporation) C:\Windows\system32\igfxres.dll
2014-03-30 21:42 - 2014-03-30 21:42 - 00000738 _____ () C:\Users\Oscar\Desktop\Z.lnk
2014-03-30 20:46 - 2014-03-30 20:49 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Belastingdienst
2014-03-30 20:46 - 2014-03-30 20:46 - 00000000 ____D () C:\Users\Oscar\Documents\Belastingdienst
2014-03-30 12:46 - 2014-04-01 21:40 - 00001268 _____ () C:\aaw7boot.log
2014-03-30 12:22 - 2009-09-03 11:17 - 00015688 _____ () C:\Windows\system32\lsdelete.exe
2014-03-29 22:16 - 2014-03-29 22:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-29 22:15 - 2009-09-23 14:55 - 00064288 _____ (Lavasoft AB) C:\Windows\system32\Drivers\Lbd.sys
2014-03-29 22:01 - 2014-03-23 16:37 - 00001639 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-03-29 21:55 - 2014-03-29 21:55 - 00001100 _____ () C:\Users\Public\Desktop\Ad-Aware.lnk
2014-03-29 21:55 - 2014-03-29 21:55 - 00000000 __HDC () C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}
2014-03-29 21:55 - 2014-03-29 21:55 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-28 19:52 - 2014-03-28 19:52 - 00000000 __RSH () C:\MSDOS.SYS
2014-03-28 19:52 - 2014-03-28 19:52 - 00000000 __RSH () C:\IO.SYS
2014-03-28 19:52 - 2014-03-28 19:52 - 00000000 ____D () C:\Users\Oscar\AppData\Local\DOSBox
2014-03-28 19:37 - 2014-03-28 19:37 - 00000000 ____D () C:\Program Files\Oldgames
2014-03-28 18:06 - 2014-03-28 18:11 - 00000000 ____D () C:\AdwCleaner
2014-03-28 11:58 - 2014-03-23 23:41 - 01038974 _____ (Thisisu) C:\Users\Oscar\Desktop\JRT_NEW.exe
2014-03-27 12:05 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-27 12:05 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-27 12:05 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-27 12:05 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-27 12:05 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-27 12:05 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-27 12:05 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-27 12:05 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-27 12:05 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-27 02:53 - 2014-03-29 22:13 - 00001161 _____ () C:\Windows\system32\Drivers\etc\hosts.new
2014-03-23 16:37 - 2014-03-31 22:35 - 00000763 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-03-23 16:36 - 2014-03-28 13:28 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Flash
2014-03-23 12:06 - 2014-03-23 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 12:05 - 2014-04-01 21:53 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-23 11:52 - 2014-03-23 11:52 - 00002969 _____ () C:\Users\Oscar\Desktop\HiJackThis.lnk
2014-03-23 11:52 - 2014-03-23 11:52 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-21 11:36 - 2014-03-21 11:36 - 00000639 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-17 21:46 - 2014-03-20 17:09 - 00000000 ____D () C:\Program Files\Recuva
2014-03-17 17:56 - 2014-04-01 00:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-14 22:08 - 2014-03-14 22:08 - 00000000 ____D () C:\Users\Oscar\Documents\My Received Files
2014-03-14 22:08 - 2014-03-14 22:08 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\MusicNet
2014-03-10 19:24 - 2014-03-10 19:24 - 00000020 _____ () C:\Windows\ óU
2014-03-10 19:24 - 2014-03-10 19:24 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-03-10 19:22 - 2014-03-10 19:24 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-10 19:15 - 2014-03-10 19:31 - 00000000 ____D () C:\Users\Oscar\AppData\Local\Windows Live
2014-03-10 19:15 - 2014-03-10 19:15 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-03-08 15:11 - 2014-03-20 17:09 - 00000000 ____D () C:\Users\Oscar\.dvdcss

==================== One Month Modified Files and Folders =======

2014-04-01 22:57 - 2014-04-01 22:57 - 00000000 ____D () C:\FRST
2014-04-01 22:35 - 2014-04-01 22:35 - 00030615 _____ () C:\Users\Oscar\Desktop\RKreport[0]_S_04012014_223532.txt
2014-04-01 22:35 - 2014-04-01 22:30 - 00000000 ____D () C:\Users\Oscar\Desktop\RK_Quarantine
2014-04-01 22:30 - 2014-04-01 22:29 - 03972608 _____ () C:\Users\Oscar\Desktop\RogueKiller.exe
2014-04-01 22:27 - 2014-03-31 23:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-01 22:22 - 2014-04-01 22:22 - 00021380 _____ () C:\Users\Oscar\Desktop\attach.txt
2014-04-01 22:21 - 2014-04-01 22:22 - 00013944 _____ () C:\Users\Oscar\Desktop\dds.txt
2014-04-01 22:19 - 2014-04-01 22:19 - 00688992 ____R (Swearware) C:\Users\Oscar\Desktop\dds.scr
2014-04-01 22:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-01 21:54 - 2014-04-01 21:54 - 00000713 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-01 21:54 - 2014-04-01 21:54 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Malwarebytes
2014-04-01 21:53 - 2014-03-23 12:05 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-01 21:52 - 2013-06-23 09:25 - 01610622 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 21:47 - 2013-06-28 14:16 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\BitTorrent
2014-04-01 21:42 - 2014-04-01 19:33 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
2014-04-01 21:42 - 2014-04-01 19:33 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
2014-04-01 21:42 - 2014-04-01 19:33 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
2014-04-01 21:42 - 2014-04-01 19:33 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
2014-04-01 21:40 - 2014-04-01 00:54 - 00000224 _____ () C:\Windows\setupact.log
2014-04-01 21:40 - 2014-03-30 12:46 - 00001268 _____ () C:\aaw7boot.log
2014-04-01 21:40 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 19:43 - 2013-06-23 00:37 - 00799038 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 13:28 - 2009-07-14 06:34 - 00019680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 13:28 - 2009-07-14 06:34 - 00019680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 13:24 - 2014-04-01 13:24 - 00267249 _____ () C:\Users\Oscar\Desktop\Computer.txt
2014-04-01 12:53 - 2013-06-23 02:23 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-04-01 12:52 - 2013-06-23 02:22 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-01 12:39 - 2014-04-01 12:39 - 00434598 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-01 12:38 - 2014-04-01 12:38 - 00434282 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-01 00:54 - 2014-04-01 00:54 - 00003310 _____ () C:\Windows\PFRO.log
2014-04-01 00:54 - 2014-04-01 00:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-01 00:27 - 2014-04-01 00:27 - 00013918 _____ () C:\ComboFix.txt
2014-04-01 00:27 - 2014-04-01 00:13 - 00000000 ____D () C:\Qoobox
2014-04-01 00:25 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-01 00:13 - 2014-03-31 22:59 - 00000000 ____D () C:\Windows\erdnt
2014-04-01 00:12 - 2014-04-01 00:11 - 05192353 ____R (Swearware) C:\Users\Oscar\Desktop\ComboFix.exe
2014-04-01 00:03 - 2014-04-01 00:03 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-01 00:03 - 2014-03-17 17:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-01 00:01 - 2014-04-01 00:01 - 00264600 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-01 00:01 - 2014-04-01 00:01 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-01 00:01 - 2014-04-01 00:01 - 00176024 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-01 00:01 - 2014-04-01 00:01 - 00096664 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-01 00:01 - 2013-06-23 13:24 - 00000000 ____D () C:\Program Files\Java
2014-03-31 23:52 - 2014-03-31 23:52 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-31 23:52 - 2014-03-31 23:52 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 23:48 - 2013-07-19 11:49 - 00000000 ____D () C:\Program Files\Adobe
2014-03-31 23:48 - 2013-06-28 17:30 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-31 23:48 - 2013-06-28 17:30 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-31 23:41 - 2014-03-31 23:41 - 00000938 _____ () C:\Users\Oscar\Desktop\Update Checker.lnk
2014-03-31 23:17 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-03-31 23:17 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-03-31 22:35 - 2014-03-23 16:37 - 00000763 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-03-31 20:36 - 2013-06-25 20:24 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\vlc
2014-03-31 18:48 - 2014-03-31 18:48 - 00000733 _____ () C:\Users\Oscar\Desktop\Zod Engine.lnk
2014-03-31 18:48 - 2014-03-31 18:48 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zod Engine
2014-03-30 21:42 - 2014-03-30 21:42 - 00000738 _____ () C:\Users\Oscar\Desktop\Z.lnk
2014-03-30 20:49 - 2014-03-30 20:46 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Belastingdienst
2014-03-30 20:46 - 2014-03-30 20:46 - 00000000 ____D () C:\Users\Oscar\Documents\Belastingdienst
2014-03-29 22:55 - 2014-03-29 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-29 22:55 - 2013-08-25 18:53 - 00000000 ____D () C:\ProgramData\PMS
2014-03-29 22:13 - 2014-03-27 02:53 - 00001161 _____ () C:\Windows\system32\Drivers\etc\hosts.new
2014-03-29 21:55 - 2014-03-29 21:55 - 00001100 _____ () C:\Users\Public\Desktop\Ad-Aware.lnk
2014-03-29 21:55 - 2014-03-29 21:55 - 00000000 __HDC () C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}
2014-03-29 21:55 - 2014-03-29 21:55 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-29 21:55 - 2013-10-05 22:14 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-28 19:52 - 2014-03-28 19:52 - 00000000 __RSH () C:\MSDOS.SYS
2014-03-28 19:52 - 2014-03-28 19:52 - 00000000 __RSH () C:\IO.SYS
2014-03-28 19:52 - 2014-03-28 19:52 - 00000000 ____D () C:\Users\Oscar\AppData\Local\DOSBox
2014-03-28 19:37 - 2014-03-28 19:37 - 00000000 ____D () C:\Program Files\Oldgames
2014-03-28 18:11 - 2014-03-28 18:06 - 00000000 ____D () C:\AdwCleaner
2014-03-28 17:34 - 2009-07-14 06:53 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 14:19 - 2013-06-23 09:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-28 14:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\IME
2014-03-28 13:28 - 2014-03-23 16:36 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Flash
2014-03-27 22:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-03-27 14:32 - 2014-01-04 19:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-27 14:14 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2014-03-27 14:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-27 13:33 - 2013-10-03 13:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 12:58 - 2013-08-31 13:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-27 12:51 - 2013-06-23 10:50 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-03-25 20:21 - 2013-10-13 17:55 - 00000000 ____D () C:\Windows\pss
2014-03-25 19:56 - 2013-09-14 20:08 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Skype
2014-03-25 19:30 - 2013-10-04 14:33 - 00001204 _____ () C:\Users\Public\Desktop\SpyHunter.lnk
2014-03-23 23:41 - 2014-03-28 11:58 - 01038974 _____ (Thisisu) C:\Users\Oscar\Desktop\JRT_NEW.exe
2014-03-23 16:37 - 2014-03-29 22:01 - 00001639 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-03-23 13:04 - 2013-06-23 02:23 - 00111920 _____ () C:\Users\Oscar\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 13:04 - 2009-07-14 06:33 - 00435152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-23 12:06 - 2014-03-23 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 11:52 - 2014-03-23 11:52 - 00002969 _____ () C:\Users\Oscar\Desktop\HiJackThis.lnk
2014-03-23 11:52 - 2014-03-23 11:52 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-22 19:40 - 2013-06-23 11:12 - 00000937 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-03-22 19:39 - 2013-06-23 11:12 - 00000000 ____D () C:\Program Files\Speccy
2014-03-21 18:48 - 2013-06-23 10:21 - 00000000 ____D () C:\Windows\Panther
2014-03-21 18:46 - 2013-09-14 11:19 - 00000000 ____D () C:\Windows\Minidump
2014-03-21 11:36 - 2014-03-21 11:36 - 00000639 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-20 17:13 - 2013-06-23 00:37 - 00000000 ____D () C:\Users\Oscar
2014-03-20 17:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-20 17:10 - 2013-06-24 20:23 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\Winamp
2014-03-20 17:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-20 17:09 - 2014-03-17 21:46 - 00000000 ____D () C:\Program Files\Recuva
2014-03-20 17:09 - 2014-03-08 15:11 - 00000000 ____D () C:\Users\Oscar\.dvdcss
2014-03-20 17:09 - 2014-02-11 19:16 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\dvdcss
2014-03-20 17:09 - 2013-12-27 01:52 - 00000000 ____D () C:\Users\Oscar\AppData\Local\NVIDIA
2014-03-20 17:09 - 2013-06-25 20:48 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-20 17:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-03-20 17:00 - 2013-10-04 14:33 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-20 16:30 - 2013-06-23 02:28 - 00007605 _____ () C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
2014-03-14 22:08 - 2014-03-14 22:08 - 00000000 ____D () C:\Users\Oscar\Documents\My Received Files
2014-03-14 22:08 - 2014-03-14 22:08 - 00000000 ____D () C:\Users\Oscar\AppData\Roaming\MusicNet
2014-03-11 09:52 - 2013-01-20 15:59 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-10 19:31 - 2014-03-10 19:15 - 00000000 ____D () C:\Users\Oscar\AppData\Local\Windows Live
2014-03-10 19:24 - 2014-03-10 19:24 - 00000020 _____ () C:\Windows\ óU
2014-03-10 19:24 - 2014-03-10 19:24 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-03-10 19:24 - 2014-03-10 19:22 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-10 19:15 - 2014-03-10 19:15 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-03-02 15:03 - 2013-06-23 01:03 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Oscar\AppData\Local\temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-30 01:29

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Great.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Here it is!:

 Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials       
Lavasoft Ad-Watch Live! Anti-Virus  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 SpyHunter    
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java 8   
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites


Java 8 <-----this is OK



~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Hey Mr.C,

 

I don't want to be annoying, but the ad is back again... I was just surfing around facebook and it showed up...

 

Before the add showed up and after your clearance I scanned my computer with Microsoft essentials and Ad-Aware whereby Ad-Aware found some threats (cookies) but deleted it.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.