Jump to content

PUP infection please help


tato

Recommended Posts

DDS File

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447  BrowserJavaVersion: 10.45.2
Run by Imwinkelried at 9:23:39 on 2013-11-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6050.3979 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Users\Imwinkelried\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Imwinkelried\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\twain_32\Dell\DELL1135\Scan2Pc.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = c:\windows\syswow64\userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Imwinkelried\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Imwinkelried\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [1135n Scan2PC] "C:\Windows\twain_32\Dell\DELL1135\Scan2Pc.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [searchProtect] \SearchProtect\bin\cltmng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll






TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3309ECF2-ED2C-4B46-BD40-A77BC134636A} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3309ECF2-ED2C-4B46-BD40-A77BC134636A}\072636C6962627162797F577966696 : DHCPNameServer = 10.10.20.1 10.10.10.1
TCP: Interfaces\{3309ECF2-ED2C-4B46-BD40-A77BC134636A}\3557075627838383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3309ECF2-ED2C-4B46-BD40-A77BC134636A}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll



x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Imwinkelried\AppData\Roaming\Mozilla\Firefox\Profiles\0fabw2ae.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Imwinkelried\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Imwinkelried\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Imwinkelried\AppData\Local\Roblox\Versions\version-13f0b9202d62409a\NPRobloxProxy.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-12-17 55856]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-17 89600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-17 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2013-8-1 4292960]
R2 sbapifs;sbapifs;C:\windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-17 1692480]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.sys [2010-1-19 11576]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-17 2655768]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-5-19 53248]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-12-17 176096]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-17 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 tihub3;TI USB3 Hub Service;C:\windows\System32\drivers\tihub3.sys [2011-7-20 136000]
R3 tixhci;TI XHCI Service;C:\windows\System32\drivers\tixhci.sys [2011-7-20 406336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-1-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-1-9 79360]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-17 250984]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\windows\System32\drivers\SbFwIm.sys [2012-5-16 119416]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\windows\System32\drivers\SbFwIm.sys [2012-5-16 119416]
S3 sbhips;sbhips;C:\windows\System32\drivers\sbhips.sys [2012-5-16 60536]
S3 sbwtis;sbwtis;C:\windows\System32\drivers\sbwtis.sys [2011-12-19 84600]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-15 04:06:54    0    ----a-w-    C:\windows\SysWow64\sho6610.tmp
2013-11-12 23:58:15    --------    d-----w-    C:\ProgramData\Oracle
2013-11-12 23:58:04    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-02 00:15:35    --------    d-----w-    C:\Users\Imwinkelried\AppData\Roaming\BrowserSync
2013-10-27 22:23:24    --------    d-----w-    C:\windows\pss
.
==================== Find3M  ====================
.
2013-10-10 01:42:37    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 01:42:37    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-26 01:07:30    148792    ----a-w-    C:\windows\System32\drivers\avgdiska.sys
2013-09-09 02:11:42    31544    ----a-w-    C:\windows\System32\drivers\avgrkx64.sys
2013-09-02 14:59:14    212280    ----a-w-    C:\windows\System32\drivers\avgldx64.sys
2013-09-02 14:29:18    294712    ----a-w-    C:\windows\System32\drivers\avgloga.sys
2013-09-02 14:26:50    192824    ----a-w-    C:\windows\System32\drivers\avgidsha.sys
2013-09-02 14:26:42    241464    ----a-w-    C:\windows\System32\drivers\avgidsdrivera.sys
2013-08-21 02:53:58    123704    ----a-w-    C:\windows\System32\drivers\avgmfx64.sys
.
============= FINISH:  9:24:36.60 ===============
 

Attach file

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/27/2011 3:18:00 PM
System Uptime: 11/16/2013 5:11:51 AM (4 hours ago)
.
Motherboard: Dell Inc. |  | 0Y0RMG
Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU 1 | 792/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 481.287 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8) MUI
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
Banctec Service Agreement
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
Bonjour
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell 1135n Laser MFP
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
eBay
Facebook Video Calling 1.2.0.287
Google Chrome
Google Earth
GoToAssist Corporate
High-Definition Video Playback
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
Intel® WiDi
Intel® Wireless Display
iTunes
Java 7 Update 45
Java Auto Updater
Java 6 Update 27 (64-bit)
Java 6 Update 35
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Norton Security Scan
NVIDIA PhysX
PhotoShowExpress
Premium Service Agreement
QualxServ Service Agreement
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
ROBLOX Player for Imwinkelried
ROBLOX Studio 2013 for Imwinkelried
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 5.9
Sonic CinePlayer Decoder Pack
Sound Blaster X-Fi MB
SyncUP
TI USB 3.0 Host Controller Driver
TI USB3 Host Driver
TurboTax 2011
TurboTax 2011 wfliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
World of Tanks
World of Warplanes
.
==== Event Viewer Messages From Past Week ========
.
11/16/2013 9:08:56 AM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
11/16/2013 9:08:56 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
11/16/2013 9:03:19 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
11/15/2013 7:15:04 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
11/15/2013 3:17:10 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user Imwinkelried-PC\Guest SID (S-1-5-21-4027138602-3259847793-121394334-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/15/2013 3:14:40 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
11/15/2013 3:14:29 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/15/2013 3:14:29 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/15/2013 3:14:29 PM, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
11/15/2013 3:14:28 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
11/15/2013 3:13:59 PM, Error: Application Popup [1060]  - \??\C:\windows\SysWow64\drivers\SBREdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/14/2013 4:36:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/10/2013 3:00:20 PM, Error: Service Control Manager [7023]  - The WMI Performance Adapter service terminated with the following error:  %%-2147467259
.
==== End Of File ===========================
 

Please send instructions!

 

Tato

 

winkelriedj@bellsouth.net

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

Hi Kevin

 

Log file:

 

# AdwCleaner v3.012 - Report created 16/11/2013 at 13:47:55
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Imwinkelried - IMWINKELRIED-PC
# Running from : C:\Users\Imwinkelried\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\Program Files (x86)\TelevisionFanatic
Folder Deleted : C:\Users\Imwinkelried\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Imwinkelried\AppData\Local\TelevisionFanatic
Folder Deleted : C:\Users\Imwinkelried\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Imwinkelried\AppData\LocalLow\TelevisionFanatic
Folder Deleted : C:\Users\Imwinkelried\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Imwinkelried\AppData\Roaming\SpeedyPC Software
Folder Deleted : C:\Users\Imwinkelried\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Imwinkelried\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfnpbbobbnhhgacaclhhmjckkcaongkp
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\IMWINK~1\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\IMWINK~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Imwinkelried\AppData\Roaming\Mozilla\Firefox\Profiles\0fabw2ae.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Imwinkelried\AppData\Roaming\Mozilla\Firefox\Profiles\0fabw2ae.default\user.js
File Deleted : C:\Users\Imwinkelried\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Imwinkelried\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Imwinkelried\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Imwinkelried\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\windows\Tasks\UpdaterEX.job
File Deleted : C:\windows\System32\Tasks\UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfnpbbobbnhhgacaclhhmjckkcaongkp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfnpbbobbnhhgacaclhhmjckkcaongkp
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\TelevisionFanatic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16447


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Imwinkelried\AppData\Roaming\Mozilla\Firefox\Profiles\0fabw2ae.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012041908");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm038YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "18239");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "86DEB634-70A8-47E8-B6A9-5A23E3EA8EE2");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1348104642492");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);

Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "33401");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");

-\\ Google Chrome v

[ File : C:\Users\Imwinkelried\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [8942 octets] - [16/11/2013 13:43:19]
AdwCleaner[s0].txt - [8838 octets] - [16/11/2013 13:47:55]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8898 octets] ##########
 

will continue with cleaning

 

next logs

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Imwinkelried (administrator) on IMWINKELRIED-PC on 16-11-2013 13:56:16
Running from C:\Users\Imwinkelried\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Windows\twain_32\Dell\DELL1135\Scan2Pc.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [bTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Winlogon: [userinit] c:\windows\syswow64\userinit.exe, [x]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Google Update] - C:\Users\Imwinkelried\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-02] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Imwinkelried\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-15] (Facebook Inc.)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Imwinkelried\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\n. ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [1135n Scan2PC] - C:\Windows\twain_32\Dell\DELL1135\Scan2Pc.exe [1990144 2011-01-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Guest\...\Run: [searchProtect] - C:\Users\Guest\AppData\Roaming\SearchProtect\bin\cltmng.exe
AppInit_DLLs:    [0 ] ()

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {18B78FAA-446E-4917-B28B-2DC09B722C03} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {9632C7BB-D158-4DCA-A4B7-91C0A8D57BFA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C92CC23C-B5E1-4A44-8E26-3E39720335C4&apn_sauid=B47DC91A-1FFB-4CD8-B023-8C6B18390DDC
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Imwinkelried\AppData\Roaming\Mozilla\Firefox\Profiles\0fabw2ae.default
FF SearchEngineOrder.1: Secure Search
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Imwinkelried\AppData\Local\Roblox\Versions\version-13f0b9202d62409a\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Imwinkelried\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Imwinkelried\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Imwinkelried\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: eoWwdRD - C:\Users\Imwinkelried\AppData\Roaming\Mozilla\Firefox\Profiles\0fabw2ae.default\Extensions\eoWwdRD@Qe3qzqg.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:
=======

CHR RestoreOnStartup:     "urls_to_restore_on_startup": [
CHR DefaultSearchURL: (McAfee) - http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultSuggestURL: (McAfee) -     "suggest_url": "",
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Extension: (Browsebeyond) - C:\Users\IMWINK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldbooabopmhfgjpnlaobgfdlkmpbdna\1.0.0_0
CHR Extension: (Skype Click to Call) - C:\Users\IMWINK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Consumer Input) - C:\Users\IMWINK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.2.0.2808_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\IMWINK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Yann Arthus-Bertrand) - C:\Users\IMWINK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc\3_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-29] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2010-01-20] (Samsung Electronics Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-29] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S1 SBRE; C:\windows\SysWow64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-16 13:56 - 2013-11-16 13:56 - 00018177 _____ C:\Users\Imwinkelried\Downloads\FRST.txt
2013-11-16 13:56 - 2013-11-16 13:56 - 00000000 ____D C:\FRST
2013-11-16 13:55 - 2013-11-16 13:55 - 01957794 _____ (Farbar) C:\Users\Imwinkelried\Downloads\FRST64.exe
2013-11-16 13:52 - 2013-11-16 13:52 - 01090529 _____ (Farbar) C:\Users\Imwinkelried\Downloads\FRST.exe
2013-11-16 13:52 - 2013-11-16 13:52 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-16 13:50 - 2013-11-16 13:50 - 00009010 _____ C:\Users\Imwinkelried\Desktop\AdwCleaner[s0].txt
2013-11-16 13:43 - 2013-11-16 13:48 - 00000000 ____D C:\AdwCleaner
2013-11-16 13:42 - 2013-11-16 13:42 - 01085542 _____ C:\Users\Imwinkelried\Downloads\AdwCleaner.exe
2013-11-16 09:24 - 2013-11-16 09:24 - 00023123 _____ C:\Users\Imwinkelried\Desktop\dds.txt
2013-11-16 09:24 - 2013-11-16 09:24 - 00011480 _____ C:\Users\Imwinkelried\Desktop\attach.txt
2013-11-16 09:22 - 2013-11-16 09:22 - 00688992 ____R (Swearware) C:\Users\Imwinkelried\Downloads\dds.com
2013-11-16 09:12 - 2013-11-16 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:06 - 2013-11-14 23:06 - 00000000 _____ C:\windows\SysWOW64\sho6610.tmp
2013-11-12 18:58 - 2013-11-12 18:58 - 00000000 ____D C:\ProgramData\Oracle
2013-11-12 18:58 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-12 18:58 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-12 18:58 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-12 18:58 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-12 18:57 - 2013-11-12 18:58 - 00004746 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-02 07:46 - 2013-11-02 07:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\PCFixSpeed
2013-11-01 19:15 - 2013-11-04 22:34 - 00000000 ____D C:\Users\Imwinkelried\AppData\Roaming\BrowserSync
2013-11-01 19:14 - 2013-11-01 19:14 - 00894600 _____ (CNET Download.com) C:\Users\Imwinkelried\Downloads\cbsidlm-cbsi134-Age_of_Empires-SEO-10013361.exe
2013-10-31 06:01 - 2013-10-31 06:50 - 00017816 _____ C:\Users\Imwinkelried\Desktop\avgrep.txt
2013-10-30 20:38 - 2013-10-30 20:38 - 00001205 _____ C:\Users\Imwinkelried\Downloads\FixNCR.reg
2013-10-27 17:23 - 2013-10-27 17:23 - 00000000 ____D C:\windows\pss
2013-10-24 17:17 - 2013-10-24 17:17 - 01192896 _____ (ArcadeFrontier) C:\Users\Guest\Downloads\ArcadeFrontierGames(3).exe
2013-10-24 17:17 - 2013-10-24 17:17 - 01192896 _____ (ArcadeFrontier) C:\Users\Guest\Downloads\ArcadeFrontierGames(2).exe
2013-10-24 17:16 - 2013-10-24 17:16 - 01192896 _____ (ArcadeFrontier) C:\Users\Guest\Downloads\ArcadeFrontierGames.exe
2013-10-24 17:16 - 2013-10-24 17:16 - 01192896 _____ (ArcadeFrontier) C:\Users\Guest\Downloads\ArcadeFrontierGames(1).exe
2013-10-24 14:40 - 2013-10-24 14:40 - 00002028 _____ C:\Users\Public\Desktop\Dell DataSafe Online.lnk
2013-10-19 16:51 - 2013-10-19 16:51 - 00000000 ____D C:\Users\Guest\Documents\Outlook Files

==================== One Month Modified Files and Folders =======

2013-11-16 13:56 - 2013-11-16 13:56 - 00018177 _____ C:\Users\Imwinkelried\Downloads\FRST.txt
2013-11-16 13:56 - 2013-11-16 13:56 - 00000000 ____D C:\FRST
2013-11-16 13:55 - 2013-11-16 13:55 - 01957794 _____ (Farbar) C:\Users\Imwinkelried\Downloads\FRST64.exe
2013-11-16 13:52 - 2013-11-16 13:52 - 01090529 _____ (Farbar) C:\Users\Imwinkelried\Downloads\FRST.exe
2013-11-16 13:52 - 2013-11-16 13:52 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-16 13:50 - 2013-11-16 13:50 - 00009010 _____ C:\Users\Imwinkelried\Desktop\AdwCleaner[s0].txt
2013-11-16 13:50 - 2012-01-27 15:22 - 00000906 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-16 13:50 - 2011-12-17 06:26 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-11-16 13:50 - 2011-12-17 06:26 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-11-16 13:50 - 2011-12-17 06:15 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-11-16 13:49 - 2012-08-26 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 13:49 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-16 13:49 - 2009-07-13 23:51 - 00086247 _____ C:\windows\setupact.log
2013-11-16 13:48 - 2013-11-16 13:43 - 00000000 ____D C:\AdwCleaner
2013-11-16 13:42 - 2013-11-16 13:42 - 01085542 _____ C:\Users\Imwinkelried\Downloads\AdwCleaner.exe
2013-11-16 13:42 - 2012-03-31 07:41 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 13:17 - 2012-01-02 22:09 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000UA.job
2013-11-16 13:12 - 2012-03-06 15:25 - 00013312 _____ C:\Users\Imwinkelried\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-16 12:49 - 2012-01-27 15:22 - 00000910 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-16 12:08 - 2013-05-25 18:09 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2013-11-16 12:08 - 2013-05-25 18:08 - 00000000 ____D C:\Program Files\My Dell
2013-11-16 12:08 - 2011-12-29 12:00 - 00000000 ____D C:\ProgramData\PCDr
2013-11-16 12:03 - 2011-12-17 05:38 - 02066443 _____ C:\windows\WindowsUpdate.log
2013-11-16 11:59 - 2013-10-15 19:54 - 00000956 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000UA.job
2013-11-16 09:24 - 2013-11-16 09:24 - 00023123 _____ C:\Users\Imwinkelried\Desktop\dds.txt
2013-11-16 09:24 - 2013-11-16 09:24 - 00011480 _____ C:\Users\Imwinkelried\Desktop\attach.txt
2013-11-16 09:22 - 2013-11-16 09:22 - 00688992 ____R (Swearware) C:\Users\Imwinkelried\Downloads\dds.com
2013-11-16 09:17 - 2012-01-02 22:09 - 00000884 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000Core.job
2013-11-16 09:12 - 2013-11-16 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 09:06 - 2013-09-15 11:48 - 00000000 ____D C:\ProgramData\MFAData
2013-11-15 23:20 - 2013-10-15 19:54 - 00000934 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000Core.job
2013-11-15 15:22 - 2009-07-13 23:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 15:22 - 2009-07-13 23:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 15:16 - 2013-02-13 12:09 - 00001178 _____ C:\Users\Guest\Desktop\ROBLOX Studio 2013.lnk
2013-11-15 15:16 - 2013-01-03 06:18 - 00001359 _____ C:\Users\Guest\Desktop\ROBLOX Player.lnk
2013-11-15 15:16 - 2012-06-29 12:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2013-11-14 23:06 - 2013-11-14 23:06 - 00000000 _____ C:\windows\SysWOW64\sho6610.tmp
2013-11-14 21:19 - 2012-01-02 22:10 - 00002410 _____ C:\Users\Imwinkelried\Desktop\Google Chrome.lnk
2013-11-12 18:58 - 2013-11-12 18:58 - 00000000 ____D C:\ProgramData\Oracle
2013-11-12 18:58 - 2013-11-12 18:57 - 00004746 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-12 18:58 - 2012-09-19 20:39 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-12 18:56 - 2011-12-17 06:05 - 00000000 ____D C:\ProgramData\McAfee
2013-11-05 14:49 - 2012-06-16 18:10 - 00000000 ____D C:\Users\Guest\AppData\Local\Mozilla
2013-11-04 22:36 - 2010-11-20 22:47 - 00080946 _____ C:\windows\PFRO.log
2013-11-04 22:34 - 2013-11-01 19:15 - 00000000 ____D C:\Users\Imwinkelried\AppData\Roaming\BrowserSync
2013-11-04 20:16 - 2012-05-17 14:55 - 00000000 ____D C:\Users\Imwinkelried\Documents\Outlook Files
2013-11-02 07:46 - 2013-11-02 07:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\PCFixSpeed
2013-11-01 19:14 - 2013-11-01 19:14 - 00894600 _____ (CNET Download.com) C:\Users\Imwinkelried\Downloads\cbsidlm-cbsi134-Age_of_Empires-SEO-10013361.exe
2013-10-31 06:55 - 2013-09-15 13:00 - 00000000 ____D C:\Users\Guest\AppData\Local\Avg2014
2013-10-31 06:50 - 2013-10-31 06:01 - 00017816 _____ C:\Users\Imwinkelried\Desktop\avgrep.txt
2013-10-30 20:38 - 2013-10-30 20:38 - 00001205 _____ C:\Users\Imwinkelried\Downloads\FixNCR.reg
2013-10-27 17:23 - 2013-10-27 17:23 - 00000000 ____D C:\windows\pss
2013-10-27 17:23 - 2011-12-27 15:20 - 00000000 ___RD C:\Users\Imwinkelried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-26 06:28 - 2011-12-27 15:40 - 00000000 ____D C:\Users\Imwinkelried\AppData\Local\Nero
2013-10-24 17:17 - 2013-10-24 17:17 - 01192896 _____ (ArcadeFrontier) C:\Users\Guest\Downloads\ArcadeFrontierGames(3).exe
2013-10-24 17:17 - 2013-10-24 17:17 - 01192896 _____ (ArcadeFrontier) C:\Users\Guest\Downloads\ArcadeFrontierGames(2).exe
2013-10-24 17:16 - 2013-10-24 17:16 - 01192896 _____ (ArcadeFrontier) C:\Users\Guest\Downloads\ArcadeFrontierGames.exe
2013-10-24 17:16 - 2013-10-24 17:16 - 01192896 _____ (ArcadeFrontier) C:\Users\Guest\Downloads\ArcadeFrontierGames(1).exe
2013-10-24 14:40 - 2013-10-24 14:40 - 00002028 _____ C:\Users\Public\Desktop\Dell DataSafe Online.lnk
2013-10-24 14:40 - 2011-12-17 05:57 - 00000000 ____D C:\Program Files (x86)\Dell
2013-10-19 16:51 - 2013-10-19 16:51 - 00000000 ____D C:\Users\Guest\Documents\Outlook Files
2013-10-19 16:33 - 2009-07-14 00:08 - 00032614 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-19 07:52 - 2013-09-15 11:54 - 00001019 _____ C:\Users\Public\Desktop\AVG 2014.lnk

ZeroAccess:
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\201d3dde

ZeroAccess:
C:\Users\Imwinkelried\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Users\Imwinkelried\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@

Files to move or delete:
====================
C:\Users\Imwinkelried\CTX.DAT


Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\msvcp100.dll
C:\Users\Guest\AppData\Local\Temp\msvcr100.dll
C:\Users\Imwinkelried\AppData\Local\Temp\224kkk290347.exe
C:\Users\Imwinkelried\AppData\Local\Temp\bpuninstall.exe
C:\Users\Imwinkelried\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Imwinkelried\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Imwinkelried\AppData\Local\Temp\installhelper.dll
C:\Users\Imwinkelried\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\MSNCA04.exe
C:\Users\Imwinkelried\AppData\Local\Temp\oi_{CB60F72B-8AC3-4E5E-89CE-156B9D365CFE}.exe
C:\Users\Imwinkelried\AppData\Local\Temp\photostage_1.0.0.1_1.5.0.67_update_all.exe
C:\Users\Imwinkelried\AppData\Local\Temp\Quarantine.exe
C:\Users\Imwinkelried\AppData\Local\Temp\SHSetup.exe
C:\Users\Imwinkelried\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Imwinkelried\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Imwinkelried\AppData\Local\Temp\_is1C8A.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is1D8A.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is20AF.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is3C12.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is3D3.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is4E63.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is8809.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_isAB23.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_isC141.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_isD1B5.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_isECD4.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_isF6E8.exe
C:\Users\Imwinkelried\AppData\Local\Temp\{9C7496A6-B331-498e-B0E8-1FB0947ED823}-ConsumerInputUpdate.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 19:16

==================== End Of Log ============================

 

And Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by Imwinkelried at 2013-11-16 13:57:38
Running from C:\Users\Imwinkelried\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Lavasoft Ad-Aware (Enabled - Up to date) {445B48C3-0FA4-6B16-8F07-6506F305D800}
AS: Lavasoft Ad-Aware (Enabled - Up to date) {FF3AA927-299E-6498-B5B7-5E74888292BD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware (Disabled) {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

==================== Installed Programs ======================

Accidental Damage Services Agreement (x32 Version: 2.0.0)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Banctec Service Agreement (x32 Version: 2.0.0)
BlackBerry App World Browser Plugin (x32 Version: 3.1.3.6)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36)
Bonjour (Version: 3.0.0.10)
Complete Care Business Service Agreement (x32 Version: 2.0.0)
Consumer In-Home Service Agreement (x32 Version: 2.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell 1135n Laser MFP (x32)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell DataSafe Online (x32 Version: 2.8.0.44)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Home Systems Service Agreement (x32 Version: 2.0.0)
Dell MusicStage (x32 Version: 1.6.225.0)
Dell PhotoStage (x32 Version: 1.5.0.67)
Dell Stage (x32 Version: 1.7.209.0)
Dell Touchpad (Version: 7.1209.101.204)
Dell VideoStage  (x32 Version: 1.2.0.1712)
Dell Webcam Central (x32 Version: 2.00.44)
DirectX 9 Runtime (x32 Version: 1.00.0000)
eBay (x32 Version: 1.4.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Google Chrome (HKCU Version: 31.0.1650.57)
Google Earth (x32 Version: 7.1.1.1888)
GoToAssist Corporate (x32 Version: 9.1.0.615)
High-Definition Video Playback (x32 Version: 11.1.11500.4.273)
IDT Audio (x32 Version: 1.0.6324.0)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1118)
Intel® Processor Graphics (x32 Version: 8.15.10.2361)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.2.0.0587)
Intel® PROSet/Wireless WiFi Software (Version: 14.2.1000)
Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® WiDi (x32 Version: 2.1.41.0)
Intel® Wireless Display
iTunes (Version: 11.0.5.5)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java 6 Update 27 (64-bit) (Version: 6.0.270)
Java 6 Update 35 (x32 Version: 6.0.350)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Dell (Version: 3.4.6361.48)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0)
Nero Control Center 10 (x32 Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800)
Nero Core Components 10 (x32 Version: 2.0.20000.9.12)
Nero Update (x32 Version: 11.0.13300.42.0)
Norton Security Scan (x32 Version: 4.0.1.16)
NVIDIA PhysX (x32 Version: 9.10.0129)
PhotoShowExpress (x32 Version: 2.0.063)
Premium Service Agreement (x32 Version: 2.0.0)
QualxServ Service Agreement (x32 Version: 2.0.0)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek Ethernet Controller Driver (x32 Version: 7.31.1025.2010)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30126)
ROBLOX Player for Imwinkelried (HKCU)
ROBLOX Studio 2013 for Imwinkelried (HKCU)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 5.9 (x32 Version: 5.9.123)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Sound Blaster X-Fi MB (x32 Version: 1.0)
SyncUP (x32 Version: 1.12.11200.10.102)
SyncUP (x32 Version: 10.2.15400)
TI USB 3.0 Host Controller Driver (x32 Version: 1.12.14.0)
TI USB3 Host Driver (x32 Version: 1.12.14.0)
TurboTax 2011 (x32)
TurboTax 2011 wfliper (x32 Version: 011.000.1292)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.3351)
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0222)
TurboTax 2011 wrapper (x32 Version: 011.000.0121)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
World of Tanks (x32)
World of Warplanes (x32)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 21:34 - 2012-08-03 20:01 - 00000860 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0F9F25A6-9914-4DBE-A269-46E0FF8CF9FC} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe
Task: {1C2ED97E-9EEB-4495-8EF8-40BE164D619E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {21DAD761-B63B-403B-A1C0-7A0D68691809} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000UA => C:\Users\Imwinkelried\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02] (Google Inc.)
Task: {2788A390-1B6F-4BC3-9449-5CD04F3EB4FF} - \UpdaterEX No Task File
Task: {2AE664EB-FB1D-4B52-8D19-C70FC017AFE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27] (Google Inc.)
Task: {2EB912C0-4FB6-45DB-81BF-9362FE716F73} - System32\Tasks\Ad-Aware Scan (Daily scan) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {3D933FB6-F235-47F8-BF26-5C741E9F595A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {428701EA-B967-45E0-A3EA-8529D5529CD8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000Core => C:\Users\Imwinkelried\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-15] (Facebook Inc.)
Task: {66131E5E-8075-42B7-A099-8DB77733D681} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000UA => C:\Users\Imwinkelried\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-15] (Facebook Inc.)
Task: {6D7AEF4D-9F88-4B31-9A7F-5D1787B2C61C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27] (Google Inc.)
Task: {8E193F69-EFA8-496B-A84C-29F4015DF8E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8F8B960B-B4A4-461D-8174-5992AF1BEF6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000Core => C:\Users\Imwinkelried\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02] (Google Inc.)
Task: {C70C907F-868B-4785-B77B-A26EB3195E9B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {CD516DD4-2354-4282-B8AB-022AAEC487E6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CEC590FD-D81C-4D0E-9E05-529B349D34B9} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2012-05-03] (Lavasoft Limited)
Task: {E81DBD0C-BE1F-4DA9-AC81-A97FEEEBED16} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-11-06] (PC-Doctor, Inc.)
Task: C:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000Core.job => C:\Users\Imwinkelried\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000UA.job => C:\Users\Imwinkelried\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000Core.job => C:\Users\Imwinkelried\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027138602-3259847793-121394334-1000UA.job => C:\Users\Imwinkelried\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-17 07:11 - 2011-04-10 13:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-15 18:46 - 2011-09-15 18:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-04 12:36 - 2007-08-17 14:36 - 01384520 _____ () C:\Windows\twain_32\Dell\DELL1135\ssole.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2013-11-16 09:12 - 2013-11-16 09:12 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-09 19:48 - 2013-10-09 19:48 - 16233864 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
2012-05-10 02:32 - 2012-05-10 02:32 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\76632f5376aa57887b9cd7a5662c6d4f\IsdiInterop.ni.dll
2011-12-17 05:40 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2013 01:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/16/2013 01:49:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 00:01:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/16/2013 09:04:52 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/15/2013 04:37:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/15/2013 03:20:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/15/2013 03:14:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2013 10:53:01 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/14/2013 10:40:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5039

Error: (11/14/2013 10:40:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5039


System errors:
=============
Error: (11/16/2013 01:51:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (11/16/2013 01:50:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (11/16/2013 01:50:15 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (11/16/2013 01:50:15 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/16/2013 01:49:48 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (11/16/2013 01:49:34 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (11/16/2013 01:49:34 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/16/2013 01:49:34 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (11/16/2013 01:49:33 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (11/16/2013 01:49:31 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (11/16/2013 01:55:46 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000007E3C00007F3C0000600B0000

Error: (11/16/2013 01:49:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 00:01:16 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000007E3C00007F3C0000600B0000

Error: (11/16/2013 09:04:52 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000007E3C00007F3C0000600B0000

Error: (11/15/2013 04:37:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000007E3C00007F3C0000600B0000

Error: (11/15/2013 03:20:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000007E3C00007F3C0000600B0000

Error: (11/15/2013 03:14:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2013 10:53:01 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000007E3C00007F3C0000600B0000

Error: (11/14/2013 10:40:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5039

Error: (11/14/2013 10:40:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5039


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 6050.05 MB
Available physical RAM: 3881.14 MB
Total Pagefile: 12098.3 MB
Available Pagefile: 9722.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:481.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 486813C7)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Please advise next steps

 

Tato

Link to post
Share on other sites

OK, we do the following to get rid ZeroAccess infection....

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log
 

Next,

 

Navigate Start > Control Panel > Uninstall a Program. Remove the following outdated versions of Java

 

Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Java™ 6 Update 35 (x32 Version: 6.0.350)

 

Next,

 

There are two security systems installed, AVG and LavaSoft. AVG is not active so needs to be removed...

 

Go here http://www.avg.com/us-en/utilities and use the specific removal tool....

 

Post logs and let me know how your system is responding...

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Yep....

 

==================== Security Center ========================

AV: Lavasoft Ad-Aware (Enabled - Up to date) {445B48C3-0FA4-6B16-8F07-6506F305D800}
AS: Lavasoft Ad-Aware (Enabled - Up to date) {FF3AA927-299E-6498-B5B7-5E74888292BD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware (Disabled) {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

Link to post
Share on other sites

Kevin

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013
Ran by Imwinkelried at 2013-11-16 18:28:48 Run:1
Running from C:\Users\Imwinkelried\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Imwinkelried\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\n. ATTENTION! ====> ZeroAccess?
HKU\Guest\...\Run: [searchProtect] - C:\Users\Guest\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Users\Guest\AppData\Roaming\SearchProtect
AppInit_DLLs:    [0 ] ()
SearchScopes: HKCU - {9632C7BB-D158-4DCA-A4B7-91C0A8D57BFA} URL = http://websearch.ask...RJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C92CC23C-B5E1-4A44-8E26-3E39720335C4&apn_sauid=B47DC91A-1FFB-4CD8-B023-8C6B18390DDC
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\201d3dde
C:\Users\Imwinkelried\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Users\Imwinkelried\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
C:\Users\Imwinkelried\CTX.DAT
C:\Users\Guest\AppData\Local\Temp\msvcp100.dll
C:\Users\Guest\AppData\Local\Temp\msvcr100.dll
C:\Users\Imwinkelried\AppData\Local\Temp\224kkk290347.exe
C:\Users\Imwinkelried\AppData\Local\Temp\bpuninstall.exe
C:\Users\Imwinkelried\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Imwinkelried\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Imwinkelried\AppData\Local\Temp\installhelper.dll
C:\Users\Imwinkelried\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Imwinkelried\AppData\Local\Temp\MSNCA04.exe
C:\Users\Imwinkelried\AppData\Local\Temp\oi_{CB60F72B-8AC3-4E5E-89CE-156B9D365CFE}.exe
C:\Users\Imwinkelried\AppData\Local\Temp\photostage_1.0.0.1_1.5.0.67_update_all.exe
C:\Users\Imwinkelried\AppData\Local\Temp\Quarantine.exe
C:\Users\Imwinkelried\AppData\Local\Temp\SHSetup.exe
C:\Users\Imwinkelried\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Imwinkelried\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Imwinkelried\AppData\Local\Temp\_is1C8A.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is1D8A.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is20AF.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is3C12.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is3D3.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is4E63.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_is8809.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_isAB23.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_isC141.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_isD1B5.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_isECD4.exe
C:\Users\Imwinkelried\AppData\Local\Temp\_isF6E8.exe
C:\Users\Imwinkelried\AppData\Local\Temp\{9C7496A6-B331-498e-B0E8-1FB0947ED823}-ConsumerInputUpdate.exe
End



*****************

HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
"C:\Users\Guest\AppData\Roaming\SearchProtect" => File/Directory not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9632C7BB-D158-4DCA-A4B7-91C0A8D57BFA} => Key deleted successfully.
HKCR\CLSID\{9632C7BB-D158-4DCA-A4B7-91C0A8D57BFA} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
esgiguard => Service deleted successfully.
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} => Moved successfully.
"C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@" => File/Directory not found.
"C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\201d3dde" => File/Directory not found.
C:\Users\Imwinkelried\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} => Moved successfully.
"C:\Users\Imwinkelried\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@" => File/Directory not found.
C:\Users\Imwinkelried\CTX.DAT => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\msvcp100.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\msvcr100.dll => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\224kkk290347.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\bpuninstall.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\installhelper.dll => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\MSNCA04.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\oi_{CB60F72B-8AC3-4E5E-89CE-156B9D365CFE}.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\photostage_1.0.0.1_1.5.0.67_update_all.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_is1C8A.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_is1D8A.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_is20AF.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_is3C12.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_is3D3.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_is4E63.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_is8809.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_isAB23.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_isC141.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_isD1B5.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_isECD4.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\_isF6E8.exe => Moved successfully.
C:\Users\Imwinkelried\AppData\Local\Temp\{9C7496A6-B331-498e-B0E8-1FB0947ED823}-ConsumerInputUpdate.exe => Moved successfully.

==== End of Fixlog ====

 

 

MALWAREBYTES REPORT

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Imwinkelried :: IMWINKELRIED-PC [administrator]

11/16/2013 6:33:04 PM
mbam-log-2013-11-16 (18-33-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249306
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-4027138602-3259847793-121394334-1000\$RQZ7FDP.exe (PUP.Optional.ExpressInstall.A) -> Quarantined and deleted successfully.
C:\Users\Imwinkelried\Local Settings\Temporary Internet Files\Content.IE5\MV7WNW2A\check_offer_rp[1].dll (PUP.Optional.Screensaver) -> Quarantined and deleted successfully.

(end)
 

 

Will continue cleaning and let u know

 

Tato

Link to post
Share on other sites

What popups do you get, which browser are using to see them?

 

Also run this;

 

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.