BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
TRpatch R Gen
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > TRpatch R Gen  
Forum Quick Jump
 
New Topic Post reply to : TRpatch R Gen Printable version of : TRpatch R Gen
[ << Previous Thread | Next Thread >> ]

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/2/2014 3:51 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
I have identified TRpatch R Gen on my machine - not, I have to complain, thanks to Bullguard which consistently fails to see it. I was suffering from a series of mass email spamming from my Yahoo account and I am thinking, because of recent reports, that it came via Yahoo. However it got in, I can't get it out. I  have tried every combination of cleaner, combofix, antimalware, antivirus I can find online (and spent more time vetting the alleged help than finding it).
 
Each time I think I have go rid of it - it returns and mass emails. I was sure I got rid of it a few days ago - a scheduled Bullguard weekly scan found, as usual, nothing - but Avira unveiled the culprit once more and allegedly blocked it.
 
Unless BG can come up with a solution, I may well have to reinstall Windows as a last resort. I am reluctant to do that, with all the accompanying hassle, unless I can be sure THAT will work.
 
Perhaps you can advise me.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/2/2014 5:00 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
If you still have combofix log, please post it.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/2/2014 8:11 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
Here you go:

ComboFix 14-02-01.01 - Welcome 02/02/2014 16:47:32.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8174.5330 [GMT 0:00]
Running from: c:\users\Welcome\Downloads\ComboFix.exe
AV: BullGuard Antivirus *Enabled/Updated* {C3CCAC61-52F7-A056-1860-6406566E2578}
FW: BullGuard Firewall *Enabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203}
SP: BullGuard Antispyware *Enabled/Updated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-01-02 to 2014-02-02 )))))))))))))))))))))))))))))))
.
.
2014-02-02 16:56 . 2014-02-02 16:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-02 16:56 . 2014-02-02 16:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-02 16:56 . 2014-02-02 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-02 16:41 . 2014-02-02 16:41 -------- d-----w- C:\RegBk_2014.02.02.16.41.21
2014-01-30 12:23 . 2014-01-30 12:23 -------- d-----w- c:\program files\Enigma Software Group
2014-01-30 12:23 . 2014-01-30 13:10 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-01-30 12:23 . 2014-01-30 12:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-01-30 12:05 . 2014-01-30 12:05 -------- d-----w- c:\users\Welcome\AppData\Roaming\ParetoLogic
2014-01-30 12:05 . 2014-01-30 12:05 -------- d-----w- c:\users\Welcome\AppData\Roaming\DriverCure
2014-01-30 12:05 . 2014-01-30 12:05 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2014-01-30 12:05 . 2014-01-30 12:05 -------- d-----w- c:\programdata\ParetoLogic
2014-01-30 12:05 . 2014-01-30 12:05 -------- d-----w- c:\program files (x86)\ParetoLogic
2014-01-22 23:33 . 2014-01-22 23:33 -------- d-----w- c:\windows\Uninstallers
2014-01-22 13:45 . 2014-01-22 13:45 -------- d-----w- c:\program files (x86)\Conduit
2014-01-22 13:45 . 2014-01-30 12:20 -------- d-----w- c:\program files (x86)\Battlefront.com
2014-01-19 20:14 . 2014-01-19 20:14 -------- d-----w- c:\programdata\Oracle
2014-01-19 20:13 . 2014-01-19 20:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-19 20:13 . 2014-01-19 20:12 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-19 20:12 . 2014-01-19 20:12 -------- d-----w- c:\program files (x86)\Java
2014-01-19 20:09 . 2014-01-19 20:09 -------- d-----w- c:\programdata\McAfee
2014-01-15 14:32 . 2014-01-15 14:32 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-01-15 14:32 . 2014-01-15 14:32 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2014-01-15 14:32 . 2014-01-15 14:32 -------- d-----w- c:\programdata\APN
2014-01-15 14:32 . 2014-01-15 14:32 -------- d-----w- c:\users\Welcome\AppData\Roaming\Avira
2014-01-15 14:30 . 2014-01-15 14:30 -------- d-----w- c:\programdata\Avira
2014-01-15 14:30 . 2014-01-15 14:30 -------- d-----w- c:\program files (x86)\Avira
2014-01-15 14:30 . 2014-01-15 14:29 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-01-15 14:30 . 2014-01-15 14:29 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-01-15 14:30 . 2014-01-15 14:29 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-01-15 14:30 . 2014-01-15 14:29 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-15 14:14 . 2014-01-15 14:14 -------- d-----w- c:\program files\Uninstaller
2014-01-15 14:14 . 2014-01-30 12:20 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2014-01-10 16:04 . 2014-01-10 16:04 -------- d-----w- c:\windows\Hewlett-Packard
2014-01-09 22:44 . 2014-01-09 22:44 -------- d-----w- c:\users\Welcome\AppData\Roaming\TuneUp Software
2014-01-09 22:40 . 2014-01-15 14:16 -------- d-----w- c:\programdata\MFAData
2014-01-09 22:40 . 2014-01-09 22:40 -------- d--h--w- c:\programdata\Common Files
2014-01-09 22:40 . 2014-01-09 22:40 -------- d-----w- c:\users\Welcome\AppData\Local\MFAData
2014-01-09 19:36 . 2014-01-09 19:36 -------- d-----w- c:\users\Welcome\AppData\Local\SlimWare Utilities Inc
2014-01-09 19:36 . 2014-01-09 22:13 -------- d-----w- c:\program files (x86)\DriverUpdate
2014-01-09 19:30 . 2014-01-09 19:30 -------- d-----w- c:\users\Welcome\.android
2014-01-09 19:30 . 2014-01-09 19:30 -------- d-----w- c:\users\Welcome\AppData\Local\cache
2014-01-09 19:30 . 2014-01-09 22:13 -------- d-----w- c:\users\Welcome\AppData\Local\genienext
2014-01-09 19:30 . 2014-01-09 22:13 -------- d-----w- c:\users\Welcome\AppData\Roaming\newnext.me
2014-01-09 19:30 . 2014-01-09 19:43 -------- d-----w- c:\users\Welcome\AppData\Local\Mobogenie
2014-01-09 19:29 . 2014-01-09 19:43 -------- d-----w- c:\program files (x86)\Mobogenie
2014-01-09 17:59 . 2014-01-09 17:59 -------- d-----w- c:\users\Welcome\AppData\Roaming\FixTDSS
2014-01-07 19:40 . 2014-01-11 16:38 -------- d-----w- c:\users\Welcome\AppData\Roaming\Natural Selection 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-22 15:01 . 2012-02-16 00:44 126976 ----a-w- c:\windows\lcmmfu.cpl
2014-01-10 00:29 . 2014-01-10 00:29 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-01-10 00:28 . 2014-01-10 00:28 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-01-10 00:28 . 2014-01-10 00:28 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-12-26 16:10 . 2013-12-21 12:50 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-26 16:10 . 2012-11-30 13:45 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-21 12:56 . 2013-12-21 12:50 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-21 12:49 . 2013-12-21 12:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-12-11 19:24 . 2013-03-03 17:48 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 19:24 . 2012-02-14 17:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 01:17 . 2012-02-14 16:17 82896128 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}"= "c:\program files (x86)\Battlefront.com\tbBatt.dll" [2008-01-24 1555480]
.
[HKEY_CLASSES_ROOT\clsid\{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2013-12-20 21:02 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}]
2008-01-24 16:56 1555480 ----a-w- c:\program files (x86)\Battlefront.com\tbBatt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240]
"{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}"= "c:\program files (x86)\Battlefront.com\tbBatt.dll" [2008-01-24 1555480]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CLASSES_ROOT\clsid\{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-01-27 1815976]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-18 20587168]
"HP Photosmart 6520 series (NET)"="c:\program files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
"MyDriveConnect.exe"="c:\program files (x86)\MyDrive Connect\MyDriveConnect.exe" [2013-10-21 473496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-01-15 684600]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN34N3509H05XP;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys;c:\windows\SYSNATIVE\DRIVERS\afw.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys;c:\windows\SYSNATIVE\drivers\BdSpy.sys [x]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys;c:\windows\SYSNATIVE\DRIVERS\NSKernel.sys [x]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys;c:\windows\SYSNATIVE\DRIVERS\NSNetmon.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys;c:\windows\SYSNATIVE\DRIVERS\afwcore.sys [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 BdNet;BdNet;c:\windows\system32\drivers\BdNet.sys;c:\windows\SYSNATIVE\drivers\BdNet.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-28 13:00 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-03 19:24]
.
2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-28 12:58]
.
2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-28 12:58]
.
2014-01-30 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-01-30 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-09-30 18:24]
.
2014-01-30 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-09-30 18:24]
.
2014-01-30 c:\windows\Tasks\RegCure Pro Startup.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-09-30 18:24]
.
2014-01-30 c:\windows\Tasks\RegCure Pro.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-09-30 18:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2013-12-20 21:02 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll" [2013-12-20 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-4300-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2013-10-18 976720]
"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" [2013-10-14 2530128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~1\BULLGU~1\BULLGU~1\BgAgent.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?cc=gb
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0472A5F591DE6EF2D1809DE316FEF63A]
"1"=hex:29,fc,2c,6f,ce,aa,f2,69,e8,37,99,34,ad,33,e5,ad
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c,
de,a0,46,ee,d1,e1,d8,58,7c,16,70,d4,a0,8c,ec,86,77,7d,72,2c,53,77,0b,6f,be,\
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"3"=hex:d0,17,ea,4d,53,b9,85,f2,78,f7,89,82,38,74,61,a8,82,b1,0a,dc,10,ba,a6,
b5,b5,81,17,12,3b,0d,3c,80,d5,87,69,9d,0a,66,37,30,11,d8,89,1d,bf,20,1f,15,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\A62C3DF982434ABDAD414E772CEE62E6]
"1"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,b2,8b,15,99,5d,9d,47,
61,6c,bf,37,a7,d1,d7,c0,b2
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c,
de,a0,46,ee,d1,e1,d8,58,7c,16,70,d4,a0,8c,ec,86,77,7d,72,2c,53,77,0b,6f,be,\
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"3"=hex:a8,be,06,98,56,78,be,6b,ce,33,81,fe,c3,0a,1d,4b,80,f3,7c,02,d8,fd,b5,
d0,ba,af,ea,b6,ee,98,27,e7,be,5a,3f,b7,22,8c,17,a4,af,48,47,b4,8f,a8,2e,97,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\C4838B3D951212E6CDEE180D9201C56E]
"1"=hex:07,1f,1a,27,85,96,85,c3,38,71,53,58,52,6e,65,80,4c,0f,9a,93,b5,f7,5b,
e0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c,
de,a0,46,ee,d1,e1,d8,58,7c,16,70,d4,a0,8c,ec,86,77,7d,72,2c,53,77,0b,6f,be,\
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"3"=hex:7e,d9,09,ad,44,64,f6,38,d7,9b,61,58,fc,3a,6c,4f,03,c7,19,69,ad,62,20,
d9,59,41,b5,55,b0,d5,bd,96,bf,42,0e,3b,39,ae,51,87,6a,2a,d0,06,a2,1f,ad,06,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\DF7B54A6112C2A0959607A574D3D99D6]
"1"=hex:05,a5,52,27,27,68,21,41,63,83,05,15,ef,55,2c,92
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c,
de,a0,46,ee,d1,e1,d8,58,7c,16,70,d4,a0,8c,ec,86,77,7d,72,2c,53,77,0b,6f,be,\
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"3"=hex:63,dd,d3,86,af,14,17,8b,2c,23,b4,20,58,bc,8f,68,e4,47,27,54,2f,0a,2a,
3e,1f,f0,3f,af,5c,fb,e1,10,f5,db,fe,c8,83,f9,a1,fc,61,5d,8b,f5,b6,0b,c3,a0,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-02-02 17:08:48 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-02 17:08
ComboFix2.txt 2013-05-03 09:59
.
Pre-Run: 184,561,987,584 bytes free
Post-Run: 183,988,477,952 bytes free
.
- - End Of File - - 746FECA4178E865227C9F6360A151C8F
A36C5E4F47E84449FF07ED3517B43A31
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/3/2014 9:23 AM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
Looks like you some PUP (potentially unwanted programs) installed, which we will remove now.

It also looks like you have two antivirus programs running - Avira and Bullguard, it is not an good idea as they will conflict with each other, and probably slow down your computer.

I´ll therefore suggest you remove one of tem.





Please download
AdwCleaner

• Double click on AdwCleaner.exe to run the tool. 
***Note: Windows Vista and Windows 7 users: 
Right click in the adwCleaner.exe and select – Run as admin 
• Click Delete. 
• Everything that was found will be deleted. 
• Save any open files and approve the reboot. A text file will open after the restart. 

Post the log in next reply



Next -
Junkware Removal Tool by thisisu

Download: Junk Removal Tool

To Desktop
Disable your Antivirus program if required
For vista and windows 7 right click on the tool and select run as administrator
After the scan is completed, post the generated log here.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/4/2014 2:03 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
Thanks for this so far - Avira removed (it was only ever a temp control). Adware log follows:

AdwCleaner v3.018 - Report created 04/02/2014 at 10:19:40
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Welcome - WELCOME-PC
# Running from : C:\Users\Welcome\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Found : C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\searchplugins\Search_Results.xml
Folder Found : C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Found C:\Program Files (x86)\Battlefront.com
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\PC Speed Maximizer
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\Users\Welcome\AppData\Local\Temp\apn
Folder Found C:\Users\Welcome\AppData\Local\torch
Folder Found C:\Users\Welcome\AppData\Roaming\DriverCure
Folder Found C:\Users\Welcome\AppData\Roaming\ParetoLogic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Battlefront.com
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64D0FFC8-C37A-48E4-A128-9E38886E4E5A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64D0FFC8-C37A-48E4-A128-9E38886E4E5A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\torch
Key Found : [x64] HKCU\Software\Battlefront.com
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\torch
Key Found : HKLM\Software\Battlefront.com
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64D0FFC8-C37A-48E4-A128-9E38886E4E5A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\iLividSRTB
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64D0FFC8-C37A-48E4-A128-9E38886E4E5A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Battlefront.com Toolbar
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\torch
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{64D0FFC8-C37A-48E4-A128-9E38886E4E5A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{64D0FFC8-C37A-48E4-A128-9E38886E4E5A}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ File : C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Search Results");
Line Found : user_pref("browser.search.order.1", "Search Results");
Line Found : user_pref("browser.search.selectedEngine", "Search Results");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [6201 octets] - [04/02/2014 10:19:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6261 octets] ##########
Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/4/2014 2:13 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
And the Junkware log:

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Welcome on 04/02/2014 at 11:05:00.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\ilividsrtb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Welcome\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Welcome\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Welcome\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\pc speed maximizer"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/02/2014 at 11:10:58.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/4/2014 5:37 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
Still got TRpatch R Gen message, if so, please the location, folder/filename ?





Please download zoek. exe and save it to your Desktop:
www.hijackthis.nl/smeenk/060712/zoek.exe

•Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)


•Double click on zoek.exe to run the tool .
Please wait while the tool does not start...

•Copy the text present inside the code box below and paste it into the large window in the zoek tool:


createsrpoint; 
empty directory check, delete
shortcutfix;
emptyfolderscheck;delete
emptyclsid;
firefoxlook;
FFdefaults;
Chromelook;
CHRdefaults;
autoclean;
iedefaults;


Click on Run Script button.
Please wait until a logreport will open (this can be after reboot)

•Save notepad to your Desktop and post here zoek-results.log


Note: It will also create a log in the C:\ directory named "zoek-results.log"


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Post Edited (Touch) : 2/4/2014 2:40:29 PM GMT

Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/4/2014 5:45 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
If have no TR Gen message from the Adware of Junkware scans. That, to me, means nothing much - I don't get any such messages save from Avira, which I have deleted.

Proceeding with your next instructions - thank you for them.
Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/4/2014 6:03 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
And the Zoek log:


Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Welcome on 04/02/2014 at 14:46:32.85.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Welcome\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

04/02/2014 14:47:46 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\DjVuZone deleted successfully
C:\PROGRA~2\DriverUpdate deleted successfully
C:\Program Files\Google deleted successfully
C:\ProgramData\Firefly Studios deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\Users\Welcome\AppData\Local\genienext deleted successfully
C:\Users\Welcome\AppData\Local\My Games deleted successfully
C:\Users\Welcome\AppData\Local\wwxqlfyp deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-834015710-4144180869-3245421182-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.searchnu.com/406");
user_pref("browser.search.defaultenginename", "Search Results");
user_pref("browser.search.selectedEngine", "Search Results");
user_pref("browser.search.order.1", "Search Results");

Added to C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_022014_1454_.backup

==== Deleting Files \ Folders ======================

C:\Users\Welcome\.android deleted
C:\PROGRA~2\Mozilla Firefox\searchplugins\Search_Results.xml deleted
C:\PROGRA~2\Mobogenie deleted
C:\Program Files\Uninstaller deleted
C:\Users\Welcome\AppData\Roaming\newnext.me deleted
C:\Users\Welcome\AppData\Roaming\HoolappForAndroid deleted
C:\Users\Welcome\AppData\Roaming\ParetoLogic deleted
C:\ProgramData\qqgomilswhwpdjncglp.reg deleted
C:\ProgramData\qqgomilswhwpdjncglp.bat deleted
C:\ProgramData\ParetoLogic deleted
C:\Users\Welcome\AppData\Local\mysearchdial-speeddial.crx deleted
C:\Users\Welcome\AppData\Local\Mobogenie deleted
C:\Users\Welcome\AppData\Local\cache deleted
C:\Users\Welcome\Documents\Mobogenie deleted
C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\searchplugins\Mysearchdial.xml deleted
C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\searchplugins\Search_Results.xml deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"antiphishing@bullguard"="c:\program files\bullguard ltd\bullguard\Files32\Antiphishing\FF\antiphishing@bullguard" [16/10/2013 12:16]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default
- MySearchDial NewTab - %ProfilePath%\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==== Firefox Plugins ======================


==== Deleted Firefox Extensions ======================

C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} deleted

==== Chrome Look ======================

Google Docs - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com/?cc=gb"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com/?cc=gb"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Welcome\Desktop\Activate CMBN Market Garden.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\CM Normandy.exe -showui
C:\Users\Welcome\Desktop\Battlefront Website.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Misc\Battlefront Website.url
C:\Users\Welcome\Desktop\CM Battle for Normandy.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\CM Normandy.exe
C:\Users\Welcome\Desktop\CM Fortress Italy.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe
C:\Users\Welcome\Desktop\CM Shock Force.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe
C:\Users\Welcome\Desktop\Combat Mission Shock Force Manual.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF Game Manual v1.20.pdf
C:\Users\Welcome\Desktop\DarthMod Empire.lnk - C:\Program Files (x86)\Steam\SteamApps\common\empire total war\data\DME\DME Platinum.exe
C:\Users\Welcome\Desktop\Gary Grigsby's War in the East (Game Menu).lnk - C:\Matrix Games\Gary Grigsby's War in the East\autorun.exe
C:\Users\Welcome\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Welcome\Desktop\Larry Bond's Harpoon - Commander's Edition Game Menu.lnk - C:\Matrix Games\HCE\autorun.exe
C:\Users\Welcome\Desktop\Medieval II - Kingdoms_Grand_Campaign_Mod.lnk - C:\Program Files (x86)\SEGA\Medieval II Total War\kingdoms.exe
C:\Users\Welcome\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Welcome\Desktop\Setup ReallyBadAI.lnk - C:\Program Files (x86)\SEGA\Medieval II Total War\mods\g5_setup.exe
C:\Users\Welcome\Desktop\The Operational Art of War III Game Menu.lnk - C:\Matrix Games\The Operational Art of War III\autorun.exe
C:\Users\Welcome\Desktop\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
C:\Users\Welcome\Desktop\CMBN Market Garden\Activate CMBN Market Garden.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\CM Normandy.exe -showui
C:\Users\Welcome\Desktop\CMBN Market Garden\Combat Mission Market Garden Manual.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\CMBN Market Garden Manual.pdf
C:\Users\Welcome\Desktop\CMBN Market Garden\Launch CMBN Battle for Normandy.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\CM Normandy.exe
C:\Users\Welcome\Desktop\CMBN Market Garden\Scenario Design AAR Book.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\A Scen Design AAR PDF Book.pdf
C:\Users\Welcome\Desktop\StuffIt2010\StuffIt.lnk - C:\Program Files (x86)\Smith Micro\StuffIt 2010\Stuffit14.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\1648 v2.0.lnk - C:\Program Files (x86)\SEGA\Medieval II Total War\mods\1648_2\1648.exe
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\ArtMoney SE v7.37.lnk - C:\Program Files (x86)\ArtMoney\am737.exe
C:\Users\Public\Desktop\BullGuard.lnk - C:\Program Files (x86)\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\DarthMod Napoleon.lnk - C:\Program Files (x86)\Steam\SteamApps\common\napoleon total war\data\DMN\DMN.exe
C:\Users\Public\Desktop\DARTHMOD SHOGUN II.lnk - C:\Program Files (x86)\Steam\SteamApps\common\total war shogun 2\data\DMS\DMS.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk - C:\Program Files (x86)\HP\HP Photosmart 6520 series\Bin\HP Photosmart 6520 series.exe -Start UDCDevicePage
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Medieval II Total War.lnk - C:\Program Files (x86)\SEGA\Medieval II Total War\Launcher.exe
C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 6520 series.lnk - C:\Program Files (x86)\HP\HP Photosmart 6520 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\steam.exe
C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition (Quick Start).lnk - C:\Matrix Games\HCE\Winharp32.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition BattleSet Builder.lnk - C:\Matrix Games\HCE\BSBuilder\BSBuilder.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition Game Menu.lnk - C:\Matrix Games\HCE\autorun.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition MS Access 97 Runtime Install.lnk - C:\Matrix Games\HCE\hce_art.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition Platform Editor.lnk - C:\Matrix Games\HCE\pfBuild2005.mdb
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition Scenario Editor.lnk - C:\Matrix Games\HCE\WSCENEDT.EXE
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition Scenario Orders Writer.lnk - C:\Matrix Games\HCE\OrdWrite.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Uninstall Harpoon Commanders Edition.lnk - C:\Windows\Uninstallers\Harpoon Commanders Edition Uninstall.exe "/U:C:\Matrix Games\HCE\Uninstall\uninstall.xml"
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Update Larry Bond's Harpoon - Commander's Edition.lnk - C:\Matrix Games\HCE\update.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\What's New.lnk - C:\Matrix Games\HCE\whatsnew.pdf
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Documentation\Larry Bond's Harpoon - Commander's Edition Manual (Printer Friendly).lnk - C:\Matrix Games\HCE\Manuals\HPCE-Manual-[LIGHT].pdf
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Documentation\Larry Bond's Harpoon - Commander's Edition Manual.lnk - C:\Matrix Games\HCE\Manuals\HPCE-Manual-[EBOOK].pdf
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Documentation\Matrix Games Fall 2006 Catalog.lnk - C:\Matrix Games\HCE\Manuals\MG-Fall06-Catalog-[SCREEN].pdf
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN34N3509H05XP;CONNECTION=NW;MONITOR=1;

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Check for Updates.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Misc\Versioncheck-nato.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Launch Combat Mission Shock Force.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Uninstall Combat Mission Shock Force.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\British Forces Module Manual (Print Friendly).lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\British Forces Module Manual v1.20 print friendly.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\British Forces Module Manual.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\British Forces Module Manual v1.20.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF Marines Module Manual.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF MARINES Game Manual v1.10.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF NATO Manual (Print Friendly).lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF NATO Game Manual v1.30 print friendly.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF NATO Manual.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF NATO Game Manual v1.30.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF Troubleshooting Guide.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Battlefront.com Helpdesk.mht
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF v1.21 ReadMe.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\ReadMe v1.21.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF v1.30 ReadMe.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\ReadMe v1.30.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF v1.31 ReadMe.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\ReadMe v1.31.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF v1.32 ReadMe.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\ReadMe v1.32.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\Combat Mission Shock Force Manual (Print Friendly).lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF Game Manual v1.20 print friendly.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\Combat Mission Shock Force Manual.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF Game Manual v1.20.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\Mod Tools Readme.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Mod Tools\Mod Tools Readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Licensing\Unlicense CMSF British Forces.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Modules\CMSF British Module.exe -unlicense
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Licensing\Unlicense CMSF Marines.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Modules\CMSF Marines Module.exe -unlicense
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Licensing\Unlicense CMSF NATO.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Modules\CMSF NATO Module.exe -unlicense
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Licensing\Unlicense Combat Mission Shock Force.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe -unlicense
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Web Links\Battlefront Website.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Misc\Battlefront Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk - C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk - C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe /register

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Welcome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Welcome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=138 folders=66 884202 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Welcome\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Welcome\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Users\Welcome\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5CDKXDF2\synd.travelplus.tv" not found

==== EOF on 04/02/2014 at 14:59:02.12 ======================
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/4/2014 7:08 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
How are things running now ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/4/2014 8:09 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
Seems much better - a little faster. I wish I could identify if the TRPatch was still lurking, but BG won't find it and the only one that will, Avira, has a rep for false positives.

Can't thank you enough or all your help so far - I suppose I can only wait and see if I get another email spam.


Thanks again.

www.robert-low.com
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/5/2014 4:55 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
Sounds good smile



I´ll suggest we dig deeper, to see if there are more suspicious hiding.




Please download
Farbar Recovery Scan Tool

and save it to your Desktop.


Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.




    Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will produce a log called FRST.txt in the same directory the tool is run from.

    Please copy and paste log back here.

    The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/11/2014 7:02 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
Sorry - been gone for a time and when I got back - I had email spam sent out to everyone.

Here is the FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Welcome (administrator) on WELCOME-PC on 11-02-2014 15:59:29
Running from C:\Users\Welcome\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
() C:\Windows\runservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe [976720 2013-10-18] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] - c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2530128 2013-10-14] (BullGuard Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1704720 2014-01-23] (Simply Super Software)
HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Run: [HP Photosmart 6520 series (NET)] - C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Run: [MyDriveConnect.exe] - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-10-21] (TomTom)
HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000
AppInit_DLLs: c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll => C:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll [103848 2013-05-03] (BullGuard Ltd.)
AppInit_DLLs-x32: c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll => C:\Program Files\BullGuard Ltd\BullGuard\Files32\BgAgent.dll [87856 2013-05-03] (BullGuard Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x015E5FB46327CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?cc=gb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - Battlefront.com Toolbar - {64d0ffc8-c37a-48e4-a128-9e38886e4e5a} - C:\Program Files (x86)\Battlefront.com\tbBatt.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Battlefront.com Toolbar - {64d0ffc8-c37a-48e4-a128-9e38886e4e5a} - C:\Program Files (x86)\Battlefront.com\tbBatt.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Battlefront.com Toolbar - {64d0ffc8-c37a-48e4-a128-9e38886e4e5a} - C:\Program Files (x86)\Battlefront.com\tbBatt.dll (Conduit Ltd.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-03]
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - c:\program files\bullguard ltd\bullguard\Files32\Antiphishing\FF\antiphishing@bullguard\
FF Extension: BullGuard Safe Browsing - c:\program files\bullguard ltd\bullguard\Files32\Antiphishing\FF\antiphishing@bullguard\ []
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin
FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin [2013-05-03]
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter
FF Extension: BullGuard Spamfilter - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2013-05-03]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (YouTube) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-03]
CHR Extension: (Google Search) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-03]
CHR Extension: (Google Wallet) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Gmail) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-03]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [695120 2014-01-14] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [445776 2013-10-14] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [376144 2013-10-18] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [604496 2013-10-18] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [624464 2013-12-17] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [342352 2013-10-14] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [242512 2013-10-14] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [356688 2013-10-18] (BullGuard Ltd.)
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2012-02-16] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
R2 Stuffit Archive Name Service; C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe [1916248 2009-10-30] (Smith Micro Software, Inc.)
S2 HPSLPSVC; C:\Users\Welcome\AppData\Local\Temp\7zS0BF9\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [40544 2013-05-03] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [464480 2013-05-03] (Agnitum Ltd.)
R3 BdNet; C:\Windows\System32\drivers\BdNet.sys [34928 2013-05-03] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [68720 2013-05-03] (BullGuard Ltd.)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [256072 2012-06-26] (NovaShield, Inc.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [25160 2012-06-26] (NovaShield, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-05-03] (BitDefender S.R.L.)
U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 15:59 - 2014-02-11 15:59 - 00015173 _____ () C:\Users\Welcome\Downloads\FRST.txt
2014-02-11 15:58 - 2014-02-11 15:59 - 00000000 ____D () C:\FRST
2014-02-11 15:57 - 2014-02-11 15:57 - 02151424 _____ (Farbar) C:\Users\Welcome\Downloads\FRST64.exe
2014-02-11 15:54 - 2014-02-11 15:54 - 00000480 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-02-11 15:39 - 2014-02-11 15:39 - 00001109 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\Users\Welcome\Documents\Simply Super Software
2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-02-11 15:38 - 2014-02-11 15:38 - 21407864 _____ (Simply Super Software ) C:\Users\Welcome\Downloads\trjsetup690.exe
2014-02-08 19:34 - 2014-02-08 19:34 - 01438479 _____ () C:\Users\Welcome\Downloads\CMx2_ScAn_CaDe_v1.3.zip
2014-02-04 14:56 - 2014-02-04 14:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-04 14:46 - 2014-02-04 14:55 - 00000000 ____D () C:\zoek_backup
2014-02-04 14:46 - 2014-02-04 14:46 - 01283584 _____ () C:\Users\Welcome\Downloads\zoek.exe
2014-02-04 11:04 - 2014-02-04 11:04 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 11:03 - 2014-02-04 07:38 - 01037530 _____ (Thisisu) C:\Users\Welcome\Desktop\JRT_NEW.exe
2014-02-04 10:19 - 2014-02-04 10:20 - 00000000 ____D () C:\AdwCleaner
2014-02-04 00:40 - 2013-11-26 11:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-04 00:40 - 2013-11-26 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-04 00:40 - 2013-11-26 10:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-04 00:40 - 2013-11-26 09:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-04 00:40 - 2013-11-26 09:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-04 00:40 - 2013-11-26 09:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-04 00:40 - 2013-11-26 09:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-04 00:40 - 2013-11-26 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-04 00:40 - 2013-11-26 09:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 00:40 - 2013-11-26 09:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-04 00:40 - 2013-11-26 09:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-04 00:40 - 2013-11-26 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-04 00:40 - 2013-11-26 08:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-04 00:40 - 2013-11-26 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-04 00:40 - 2013-11-26 08:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 00:40 - 2013-11-26 08:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-04 00:40 - 2013-11-26 06:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-04 00:40 - 2013-11-26 06:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 00:39 - 2013-11-26 10:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-04 00:39 - 2013-11-26 09:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-04 00:39 - 2013-11-26 08:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-04 00:39 - 2013-11-26 08:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-04 00:39 - 2013-11-26 08:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-04 00:39 - 2013-11-26 08:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-04 00:39 - 2013-11-26 07:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-04 00:39 - 2013-11-26 07:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-04 00:39 - 2013-11-26 07:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-04 00:39 - 2013-11-26 07:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-04 00:39 - 2013-11-26 06:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-04 00:39 - 2013-11-26 06:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-04 00:39 - 2013-11-26 06:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-04 00:36 - 2014-02-04 00:36 - 01166132 _____ () C:\Users\Welcome\Downloads\adwcleaner.exe
2014-02-04 00:36 - 2014-02-04 00:36 - 01037068 _____ (Thisisu) C:\Users\Welcome\Downloads\JRT.exe
2014-02-02 17:39 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-02 17:39 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-02 17:39 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-02-02 17:39 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-02 17:35 - 2014-02-02 17:35 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-02 17:35 - 2014-02-02 17:35 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-02 17:35 - 2014-02-02 17:35 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-02 17:35 - 2014-02-02 17:35 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-02 17:35 - 2014-02-02 17:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-02 17:35 - 2014-02-02 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-02 17:33 - 2014-02-02 17:38 - 00007498 _____ () C:\Windows\IE11_main.log
2014-02-02 17:18 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-02 17:18 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-02 17:18 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-02 17:18 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-02 17:18 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-02 17:18 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-02 17:18 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-02 17:18 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-02 17:18 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-02 17:18 - 2013-11-12 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-02 17:18 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-02-02 17:18 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-02 17:18 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-02 17:18 - 2013-10-19 02:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-02 17:18 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-02-02 17:18 - 2013-10-04 02:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-02 17:18 - 2013-10-04 01:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-02 17:17 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-02 17:17 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-02 17:17 - 2013-10-12 02:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-02 17:17 - 2013-10-12 02:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-02 17:17 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-02-02 17:17 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-02-02 17:17 - 2013-10-12 01:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-02 17:17 - 2013-10-12 01:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-02 17:17 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-02-02 17:17 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-02-02 17:08 - 2014-02-02 17:08 - 00026141 _____ () C:\ComboFix.txt
2014-02-02 16:41 - 2014-02-02 16:41 - 00000000 ____D () C:\RegBk_2014.02.02.16.41.21
2014-02-02 16:39 - 2014-02-02 16:39 - 05179159 ____R (Swearware) C:\Users\Welcome\Downloads\ComboFix.exe
2014-01-30 13:26 - 2014-02-11 15:59 - 00954710 _____ () C:\Windows\WindowsUpdate.log
2014-01-30 13:01 - 2014-02-11 15:52 - 00001680 _____ () C:\Windows\setupact.log
2014-01-30 13:01 - 2014-02-10 02:19 - 00036706 _____ () C:\Windows\PFRO.log
2014-01-30 13:01 - 2014-01-30 13:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-30 12:23 - 2014-01-30 13:10 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-01-30 12:23 - 2014-01-30 12:23 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-01-30 11:55 - 2014-01-30 11:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Welcome\Downloads\SpyHunter-Installer.exe
2014-01-30 11:54 - 2014-01-30 11:55 - 05938856 _____ (ParetoLogic, Inc.) C:\Users\Welcome\Downloads\RegCureProSetup.exe
2014-01-30 11:54 - 2014-01-30 11:54 - 00001205 _____ () C:\Users\Welcome\Downloads\FixNCR.reg
2014-01-29 16:40 - 2014-01-29 16:58 - 00000000 ____D () C:\Users\Welcome\Documents\Crime Novel untitled
2014-01-28 12:58 - 2014-01-30 13:41 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-22 23:33 - 2014-02-01 18:36 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition
2014-01-22 23:33 - 2014-01-22 23:33 - 00001603 _____ () C:\Users\Welcome\Desktop\Larry Bond's Harpoon - Commander's Edition Game Menu.lnk
2014-01-22 23:33 - 2014-01-22 23:33 - 00000000 ____D () C:\Windows\Uninstallers
2014-01-22 17:27 - 2014-01-22 17:27 - 00001355 _____ () C:\Users\Welcome\Desktop\Combat Mission Shock Force Manual.lnk
2014-01-22 13:45 - 2014-01-30 12:20 - 00000000 ____D () C:\Program Files (x86)\Battlefront.com
2014-01-19 20:13 - 2014-01-19 20:12 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 20:13 - 2014-01-19 20:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 20:13 - 2014-01-19 20:12 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-19 20:13 - 2014-01-19 20:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 20:12 - 2014-01-19 20:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-19 20:09 - 2014-01-19 20:09 - 00000000 ____D () C:\ProgramData\McAfee

==================== One Month Modified Files and Folders =======

2014-02-11 15:59 - 2014-02-11 15:59 - 00015173 _____ () C:\Users\Welcome\Downloads\FRST.txt
2014-02-11 15:59 - 2014-02-11 15:58 - 00000000 ____D () C:\FRST
2014-02-11 15:59 - 2014-01-30 13:26 - 00954710 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 15:59 - 2012-02-14 17:26 - 00000000 ____D () C:\ProgramData\BullGuard
2014-02-11 15:57 - 2014-02-11 15:57 - 02151424 _____ (Farbar) C:\Users\Welcome\Downloads\FRST64.exe
2014-02-11 15:55 - 2013-04-03 11:03 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\Skype
2014-02-11 15:54 - 2014-02-11 15:54 - 00000480 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-02-11 15:54 - 2012-02-15 15:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-11 15:53 - 2012-02-14 17:46 - 00000664 _____ () C:\Windows\system32\config\afw_hm.conf
2014-02-11 15:53 - 2012-02-14 17:45 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-02-11 15:52 - 2014-01-30 13:01 - 00001680 _____ () C:\Windows\setupact.log
2014-02-11 15:52 - 2012-02-16 00:44 - 00005001 ___SH () C:\Windows\SysWOW64\mmf.sys
2014-02-11 15:52 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 15:40 - 2012-02-14 15:15 - 00000000 ___RD () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-11 15:39 - 2014-02-11 15:39 - 00001109 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\Users\Welcome\Documents\Simply Super Software
2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-02-11 15:38 - 2014-02-11 15:38 - 21407864 _____ (Simply Super Software ) C:\Users\Welcome\Downloads\trjsetup690.exe
2014-02-11 15:24 - 2013-03-03 17:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 14:34 - 2012-03-01 13:28 - 00000000 ____D () C:\Users\Welcome\Documents\Allan Breck Stewart
2014-02-11 10:57 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 10:57 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 22:32 - 2013-03-01 19:02 - 00005120 _____ () C:\Users\Welcome\AppData\Local\file__0.localstorage
2014-02-10 18:55 - 2011-01-21 14:28 - 00000000 ____D () C:\Users\Welcome\Desktop\CM;SF Z files
2014-02-10 02:19 - 2014-01-30 13:01 - 00036706 _____ () C:\Windows\PFRO.log
2014-02-08 19:34 - 2014-02-08 19:34 - 01438479 _____ () C:\Users\Welcome\Downloads\CMx2_ScAn_CaDe_v1.3.zip
2014-02-07 22:26 - 2013-03-03 17:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-07 22:18 - 2012-02-19 16:33 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-05 17:24 - 2013-03-03 17:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 17:24 - 2013-03-03 17:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 17:24 - 2012-02-14 17:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 14:55 - 2014-02-04 14:46 - 00000000 ____D () C:\zoek_backup
2014-02-04 14:54 - 2012-02-14 15:15 - 00000000 ____D () C:\Users\Welcome
2014-02-04 14:46 - 2014-02-04 14:56 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-04 14:46 - 2014-02-04 14:46 - 01283584 _____ () C:\Users\Welcome\Downloads\zoek.exe
2014-02-04 11:04 - 2014-02-04 11:04 - 00000000 ____D () C:\Windows\ERUNT
2014-02-04 10:20 - 2014-02-04 10:19 - 00000000 ____D () C:\AdwCleaner
2014-02-04 07:38 - 2014-02-04 11:03 - 01037530 _____ (Thisisu) C:\Users\Welcome\Desktop\JRT_NEW.exe
2014-02-04 00:36 - 2014-02-04 00:36 - 01166132 _____ () C:\Users\Welcome\Downloads\adwcleaner.exe
2014-02-04 00:36 - 2014-02-04 00:36 - 01037068 _____ (Thisisu) C:\Users\Welcome\Downloads\JRT.exe
2014-02-02 21:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-02-02 19:20 - 2009-07-14 05:13 - 00792590 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 19:15 - 2012-02-14 15:15 - 00001413 _____ () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-02 19:15 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-02 19:14 - 2012-02-14 22:39 - 00000000 ____D () C:\Windows\Panther
2014-02-02 19:07 - 2009-07-14 04:45 - 00347632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-02 19:04 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-02 17:38 - 2014-02-02 17:33 - 00007498 _____ () C:\Windows\IE11_main.log
2014-02-02 17:38 - 2012-02-15 10:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-02 17:35 - 2014-02-02 17:35 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-02 17:35 - 2014-02-02 17:35 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-02 17:35 - 2014-02-02 17:35 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-02 17:35 - 2014-02-02 17:35 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-02 17:35 - 2014-02-02 17:35 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-02 17:35 - 2014-02-02 17:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-02 17:35 - 2014-02-02 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-02 17:35 - 2014-02-02 17:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-02 17:35 - 2014-02-02 17:35 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-02 17:28 - 2013-07-15 18:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-02 17:09 - 2013-05-03 09:51 - 00000000 ____D () C:\Qoobox
2014-02-02 17:08 - 2014-02-02 17:08 - 00026141 _____ () C:\ComboFix.txt
2014-02-02 16:58 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-02 16:56 - 2013-05-03 09:51 - 00000000 ____D () C:\Windows\erdnt
2014-02-02 16:41 - 2014-02-02 16:41 - 00000000 ____D () C:\RegBk_2014.02.02.16.41.21
2014-02-02 16:39 - 2014-02-02 16:39 - 05179159 ____R (Swearware) C:\Users\Welcome\Downloads\ComboFix.exe
2014-02-01 18:36 - 2014-01-22 23:33 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition
2014-02-01 14:29 - 2013-07-07 10:16 - 00000000 ____D () C:\Users\Welcome\Documents\Galleria stuff
2014-01-31 18:03 - 2013-06-14 14:14 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\HpUpdate
2014-01-31 10:58 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-30 13:41 - 2014-01-28 12:58 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-30 13:41 - 2013-09-14 12:10 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-30 13:10 - 2014-01-30 12:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-01-30 13:01 - 2014-01-30 13:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-30 12:23 - 2014-01-30 12:23 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-01-30 12:20 - 2014-01-22 13:45 - 00000000 ____D () C:\Program Files (x86)\Battlefront.com
2014-01-30 12:20 - 2013-06-20 22:38 - 00000000 ____D () C:\IL2 Game
2014-01-30 12:20 - 2013-01-28 11:04 - 00000000 ____D () C:\Users\Welcome\Documents\SimCity
2014-01-30 12:20 - 2012-02-14 15:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 12:20 - 2012-02-14 15:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-30 12:20 - 2011-08-01 14:30 - 00000000 ____D () C:\Users\Welcome\Documents\My Digital Editions
2014-01-30 12:20 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2014-01-30 12:20 - 2008-08-21 13:20 - 00000000 ____D () C:\Users\Welcome\Documents\take_the_church-2
2014-01-30 12:20 - 2008-08-21 13:18 - 00000000 ____D () C:\Users\Welcome\Documents\IRONSTORM.V1.041.ENG.DRUNK.NOCD
2014-01-30 12:19 - 2012-09-26 18:32 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scourge of War - Gettysburg
2014-01-30 11:55 - 2014-01-30 11:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Welcome\Downloads\SpyHunter-Installer.exe
2014-01-30 11:55 - 2014-01-30 11:54 - 05938856 _____ (ParetoLogic, Inc.) C:\Users\Welcome\Downloads\RegCureProSetup.exe
2014-01-30 11:54 - 2014-01-30 11:54 - 00001205 _____ () C:\Users\Welcome\Downloads\FixNCR.reg
2014-01-29 16:58 - 2014-01-29 16:40 - 00000000 ____D () C:\Users\Welcome\Documents\Crime Novel untitled
2014-01-22 23:33 - 2014-01-22 23:33 - 00001603 _____ () C:\Users\Welcome\Desktop\Larry Bond's Harpoon - Commander's Edition Game Menu.lnk
2014-01-22 23:33 - 2014-01-22 23:33 - 00000000 ____D () C:\Windows\Uninstallers
2014-01-22 23:33 - 2012-02-18 20:29 - 00000000 ____D () C:\Matrix Games
2014-01-22 18:37 - 2012-02-16 00:47 - 00002367 _____ () C:\Users\Welcome\Desktop\Battlefront Website.lnk
2014-01-22 18:37 - 2012-02-16 00:47 - 00001315 _____ () C:\Users\Welcome\Desktop\CM Shock Force.lnk
2014-01-22 18:36 - 2012-02-19 12:20 - 00000000 ____D () C:\Users\Welcome\AppData\Local\Smith Micro
2014-01-22 17:27 - 2014-01-22 17:27 - 00001355 _____ () C:\Users\Welcome\Desktop\Combat Mission Shock Force Manual.lnk
2014-01-22 15:01 - 2012-02-16 00:44 - 00126976 _____ () C:\Windows\lcmmfu.cpl
2014-01-21 23:31 - 2013-03-03 17:48 - 00000000 ____D () C:\Users\Welcome\AppData\Local\Google
2014-01-19 20:12 - 2014-01-19 20:13 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 20:12 - 2014-01-19 20:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 20:12 - 2014-01-19 20:13 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-19 20:12 - 2014-01-19 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 20:12 - 2014-01-19 20:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-19 20:09 - 2014-01-19 20:09 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-16 09:59 - 2010-11-21 03:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 14:16 - 2014-01-09 22:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-01-15 11:29 - 2014-01-09 22:44 - 00003230 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-01-14 20:59 - 2012-02-16 13:51 - 00000000 ____D () C:\Program Files (x86)\ArtMoney

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 13:37

==================== End Of Log ============================
Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/11/2014 7:03 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
And the Additional:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by Welcome at 2014-02-11 16:00:14
Running from C:\Users\Welcome\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: BullGuard Antivirus (Enabled - Up to date) {C3CCAC61-52F7-A056-1860-6406566E2578}
AS: BullGuard Antispyware (Enabled - Up to date) {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Enabled) {FBF72D44-1898-A10E-333F-CD33A8BD6203}

==================== Installed Programs ======================

ACW Brothers vs Brothers (x32 Version: 3.3 - ACW mod Team)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)
ArtMoney SE v7.37.2 (x32 Version: 7.37 - System SoftLab)
Assassin's Creed IV Black Flag (x32 Version: - Ubisoft)
Battlefront.com Toolbar (x32 Version: - )
BullGuard (Version: 13.0 - BullGuard Ltd.)
Combat Mission Battle for Normandy (x32 Version: - Battlefront.com)
Combat Mission Fortress Italy (x32 Version: - Battlefront.com)
Combat Mission Shock Force (x32 Version: - Battlefront.com)
Crusader Kings II (x32 Version: - Paradox Development Studio)
DarthMod Empire (x32 Version: 8.0 Platinum - )
DarthMod Napoleon (x32 Version: - )
DarthMod Ultimate Commander Edition (x32 Version: - )
DarthMod: Shogun II (x32 Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Empire: Total War (x32 Version: - The Creative Assembly)
Gary Grigsby's War in the East (x32 Version: 1.00 - Matrix Games)
HP Photosmart 6520 series Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (x32 Version: 28.0.0 - Hewlett Packard)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticCoreDll (x32 Version: 1.0.16.0 - Hewlett Packard)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KGCM Patch 4.1 (HKCU Version: - )
Kingdoms Grand Campaign Mod (HKCU Version: - )
Larry Bond's Harpoon - Commander's Edition (x32 Version: 2007.000 - Matrix Games)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Medieval II - Kingdoms_Grand_Campaign_Mod version 3.0 (x32 Version: - )
Medieval II Total War (x32 Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (x32 Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (x32 Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (x32 Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (x32 Version: 1.03.000 - SEGA)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (x32 Version: 1.1.4322 - Microsoft)
MS Access 97 SP2 (x32 Version: - )
MyDriveConnect 3.3.0.1318 (x32 Version: 3.3.0.1318 - TomTom)
Napoleon: Total War (x32 Version: - The Creative Assembly)
NVIDIA 3D Vision Controller Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0203 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0203 (Version: 9.12.0203 - NVIDIA Corporation)
NVIDIA Update Components (Version: 9.3.16 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Steam (x32 Version: 1.0.0.0 - Valve)
StuffIt 2010 (Version: 14.0.0 - Smith Micro)
SUPERAntiSpyware (Version: 5.6.1032 - SUPERAntiSpyware.com)
The Operational Art of War III (x32 Version: 3.2.29.27 - Matrix Games)
The Operational Art of War: Century of Warfare (x32 Version: - )
Total War: ROME II (x32 Version: - Creative Assembly)
Total War: SHOGUN 2 (x32 Version: - The Creative Assembly)
Trojan Remover 6.9.0 (x32 Version: 6.9.0 - Simply Super Software)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Uplay (x32 Version: 4.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.11 (x32 Version: 1.1.11 - VideoLAN)

==================== Restore Points =========================

02-02-2014 16:45:51 ComboFix created restore point
02-02-2014 17:07:02 Windows Update
02-02-2014 17:26:08 Windows Update
04-02-2014 00:39:27 Windows Update
04-02-2014 14:47:21 zoek.exe restore point
07-02-2014 14:05:42 Windows Update
07-02-2014 22:18:01 Removed EasyCleaner

==================== Hosts content: ==========================

2009-07-14 02:34 - 2014-02-02 16:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {11EEBA92-6997-4736-8CF4-0375AE56CDDC} - System32\Tasks\{B6045275-FFC4-4BAB-ACA5-B6AB0C47780D} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] ()
Task: {1823E0C9-C468-42D1-9565-428AE8277DB7} - System32\Tasks\{2860BEB2-B765-4F19-ADBA-5CAE5BCB9983} => C:\Storm Eagle Studios\Jutland\DG_WWIp.exe
Task: {1992421D-42D8-4B47-A35C-B4FADC96ABCF} - System32\Tasks\{A5A491A1-3802-4FAD-B97E-2A64E08B9FA9} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] ()
Task: {4A343132-F11D-4A24-B2DA-0A795FBE99E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {6B30FBA1-23F5-4999-8DB9-E6B93B969FFC} - System32\Tasks\4897 => Wscript.exe C:\Users\Welcome\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6C033CB6-6BBC-42E2-8BDA-050CCE5334D9} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {72A8FF8A-B01F-4E31-BE4B-2EC0C4A5863B} - System32\Tasks\{ECF2DC9C-896B-45B9-ACA5-9F2AC924B8D2} => C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe [2011-06-20] ()
Task: {8E2CB453-597D-458C-BF36-C124F88D3C29} - System32\Tasks\hpUrlLauncher.exe_{3E553E69-35B9-4C59-837A-FFAEE476B8D5} => C:\Program Files\HP\HP Photosmart 6520 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9CFBC5EE-11DB-44DB-94A2-34BE9B6342CC} - System32\Tasks\{6D0533BE-4C21-4DC1-BAE6-490337B3DD78} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {D7A3B54C-6092-434D-84EF-4EBAF1990F5B} - System32\Tasks\{7AF73AB7-29F1-466B-B9EF-CF200678AA65} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-06-26 09:32 - 2012-06-26 09:32 - 00084320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2013-05-03 12:04 - 2013-05-03 12:03 - 00655712 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2013-10-14 09:23 - 2013-10-14 09:22 - 00023376 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BackupShellNamespaceRes.dll
2013-10-14 09:23 - 2013-10-14 09:22 - 00072528 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll
2013-10-14 09:23 - 2013-10-14 09:22 - 00015184 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpInspectorRes.dll
2013-10-14 09:23 - 2013-10-14 09:22 - 00028496 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll
2013-10-14 09:23 - 2013-10-14 09:22 - 00610968 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2014-01-09 22:19 - 2013-12-12 22:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-09 22:19 - 2013-11-05 01:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-25 13:23 - 2014-01-10 23:33 - 00717312 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-02-15 16:01 - 2014-01-27 19:02 - 01138088 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-02-15 16:01 - 2014-01-10 23:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-09-17 18:00 - 2013-06-14 23:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-09-17 18:00 - 2013-06-14 23:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-09-17 18:00 - 2013-06-14 23:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-10-21 07:33 - 2013-10-21 07:33 - 00026520 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2013-10-21 07:33 - 2013-10-21 07:33 - 00082840 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2013-10-21 07:33 - 2013-10-21 07:33 - 00337816 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2012-02-16 00:44 - 2012-02-16 00:44 - 00002560 _____ () C:\Windows\runservice.exe
2012-02-16 00:44 - 2012-02-18 20:02 - 00048640 _____ () C:\Windows\mmfs.dll
2013-12-21 12:49 - 2013-12-21 12:49 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2000-01-28 00:00 - 2000-01-28 00:00 - 00012288 _____ () C:\Windows\SysWow64\hlinkprx.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Welcome:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Welcome\Application Data:gs5sys
AlternateDataStreams: C:\Users\Welcome\Cookies:gs5sys
AlternateDataStreams: C:\Users\Welcome\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Welcome\Templates:gs5sys
AlternateDataStreams: C:\Users\Welcome\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Welcome\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: dscmse => rundll32.exe "C:\Users\Welcome\AppData\Roaming\dscmse.dll",CreateLogFile
MSCONFIG\startupreg: tbrpes => "C:\Windows\System32\rundll32.exe" "C:\Users\Welcome\AppData\Roaming\tbrpes.dll",get_error_ptr

==================== Faulty Device Manager Devices =============

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2014 03:55:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 03:44:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 10:47:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 02:35:45 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2948

Start Time: 01cf266d12e0028b

Termination Time: 202

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (02/10/2014 02:21:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 11:06:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2014 10:55:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 10:16:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 5.6.0.1032, time stamp: 0x520c207d
Faulting module name: SUPERAntiSpyware.exe, version: 5.6.0.1032, time stamp: 0x520c207d
Exception code: 0xc0000005
Fault offset: 0x00000000000c2f42
Faulting process id: 0xb70
Faulting application start time: 0xSUPERAntiSpyware.exe0
Faulting application path: SUPERAntiSpyware.exe1
Faulting module path: SUPERAntiSpyware.exe2
Report Id: SUPERAntiSpyware.exe3

Error: (02/07/2014 10:14:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 04:46:20 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14e8

Start Time: 01cf242314f6066e

Termination Time: 50

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:


System errors:
=============
Error: (02/11/2014 03:57:55 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/11/2014 03:57:52 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/11/2014 03:57:49 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/11/2014 03:57:46 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/11/2014 03:57:43 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/11/2014 03:57:40 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/11/2014 03:57:37 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/11/2014 03:57:12 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (02/11/2014 03:55:11 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service hung on starting.

Error: (02/11/2014 03:52:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126


Microsoft Office Sessions:
=========================
Error: (02/11/2014 03:55:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 03:44:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 10:47:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 02:35:45 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.16428294801cf266d12e0028b202C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (02/10/2014 02:21:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 11:06:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2014 10:55:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 10:16:43 PM) (Source: Application Error)(User: )
Description: SUPERAntiSpyware.exe5.6.0.1032520c207dSUPERAntiSpyware.exe5.6.0.1032520c207dc000000500000000000c2f42b7001cf2451e5980459C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe85cd2fa1-9045-11e3-b9eb-5404a61ccd4d

Error: (02/07/2014 10:14:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 04:46:20 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.1642814e801cf242314f6066e50C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE


CodeIntegrity Errors:
===================================
Date: 2014-01-09 19:00:10.533
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-09 19:00:10.502
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-09 19:00:10.455
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-09 19:00:10.424
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-03 10:58:06.777
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-03 10:58:06.746
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8174.31 MB
Available physical RAM: 6048.94 MB
Total Pagefile: 16346.8 MB
Available Pagefile: 14021.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:176.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Transcend) (Fixed) (Total:931.28 GB) (Free:881.59 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A392A392)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00370B06)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================
Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/11/2014 7:04 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
This is after running a Trojan Remover tool which 'found' something and allegedly fixed it.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/12/2014 11:19 AM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
Do you have a filename and/or Folder of the possible removed infection ?



Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.



start
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1704720 2014-01-23] (Simply Super Software)
Task: {11EEBA92-6997-4736-8CF4-0375AE56CDDC} - System32\Tasks\{B6045275-FFC4-4BAB-ACA5-B6AB0C47780D} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] ()
Task: {1823E0C9-C468-42D1-9565-428AE8277DB7} - System32\Tasks\{2860BEB2-B765-4F19-ADBA-5CAE5BCB9983} => C:\Storm Eagle Studios\Jutland\DG_WWIp.exe
Task: {1992421D-42D8-4B47-A35C-B4FADC96ABCF} - System32\Tasks\{A5A491A1-3802-4FAD-B97E-2A64E08B9FA9} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] ()
Task: {4A343132-F11D-4A24-B2DA-0A795FBE99E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {6B30FBA1-23F5-4999-8DB9-E6B93B969FFC} - System32\Tasks\4897 => Wscript.exe C:\Users\Welcome\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6C033CB6-6BBC-42E2-8BDA-050CCE5334D9} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {72A8FF8A-B01F-4E31-BE4B-2EC0C4A5863B} - System32\Tasks\{ECF2DC9C-896B-45B9-ACA5-9F2AC924B8D2} => C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe [2011-06-20] ()
Task: {8E2CB453-597D-458C-BF36-C124F88D3C29} - System32\Tasks\hpUrlLauncher.exe_{3E553E69-35B9-4C59-837A-FFAEE476B8D5} => C:\Program Files\HP\HP Photosmart 6520 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9CFBC5EE-11DB-44DB-94A2-34BE9B6342CC} - System32\Tasks\{6D0533BE-4C21-4DC1-BAE6-490337B3DD78} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {D7A3B54C-6092-434D-84EF-4EBAF1990F5B} - System32\Tasks\{7AF73AB7-29F1-466B-B9EF-CF200678AA65} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Users\Welcome\AppData\Local\Temp\launchie.vbs
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Welcome:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Welcome\Application Data:gs5sys
AlternateDataStreams: C:\Users\Welcome\Cookies:gs5sys
AlternateDataStreams: C:\Users\Welcome\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Welcome\Templates:gs5sys
AlternateDataStreams: C:\Users\Welcome\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Welcome\Documents\desktop.ini:gs5sys
MSCONFIG\startupreg: dscmse => rundll32.exe "C:\Users\Welcome\AppData\Roaming\dscmse.dll",CreateLogFile
MSCONFIG\startupreg: tbrpes => "C:\Windows\System32\rundll32.exe" "C:\Users\Welcome\AppData\Roaming\tbrpes.dll",get_error_ptr
end



NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to the operating system

Save notepad as fixlist.txt
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/12/2014 6:03 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk - this links to gram Files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll - this Shortcut has been removed

Pretty sure this is what TR removed. No idea what TR thought it was removing, though. About to do your fixlst.
Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/12/2014 6:09 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
Fixlist log:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01
Ran by Welcome at 2014-02-12 15:08:11 Run:1
Running from C:\Users\Welcome\Downloads\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1704720 2014-01-23] (Simply Super Software)
Task: {11EEBA92-6997-4736-8CF4-0375AE56CDDC} - System32\Tasks\{B6045275-FFC4-4BAB-ACA5-B6AB0C47780D} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] ()
Task: {1823E0C9-C468-42D1-9565-428AE8277DB7} - System32\Tasks\{2860BEB2-B765-4F19-ADBA-5CAE5BCB9983} => C:\Storm Eagle Studios\Jutland\DG_WWIp.exe
Task: {1992421D-42D8-4B47-A35C-B4FADC96ABCF} - System32\Tasks\{A5A491A1-3802-4FAD-B97E-2A64E08B9FA9} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] ()
Task: {4A343132-F11D-4A24-B2DA-0A795FBE99E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {6B30FBA1-23F5-4999-8DB9-E6B93B969FFC} - System32\Tasks\4897 => Wscript.exe C:\Users\Welcome\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6C033CB6-6BBC-42E2-8BDA-050CCE5334D9} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {72A8FF8A-B01F-4E31-BE4B-2EC0C4A5863B} - System32\Tasks\{ECF2DC9C-896B-45B9-ACA5-9F2AC924B8D2} => C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe [2011-06-20] ()
Task: {8E2CB453-597D-458C-BF36-C124F88D3C29} - System32\Tasks\hpUrlLauncher.exe_{3E553E69-35B9-4C59-837A-FFAEE476B8D5} => C:\Program Files\HP\HP Photosmart 6520 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9CFBC5EE-11DB-44DB-94A2-34BE9B6342CC} - System32\Tasks\{6D0533BE-4C21-4DC1-BAE6-490337B3DD78} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {D7A3B54C-6092-434D-84EF-4EBAF1990F5B} - System32\Tasks\{7AF73AB7-29F1-466B-B9EF-CF200678AA65} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Users\Welcome\AppData\Local\Temp\launchie.vbs
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Welcome:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Welcome\Application Data:gs5sys
AlternateDataStreams: C:\Users\Welcome\Cookies:gs5sys
AlternateDataStreams: C:\Users\Welcome\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Welcome\Templates:gs5sys
AlternateDataStreams: C:\Users\Welcome\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Welcome\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Welcome\Documents\desktop.ini:gs5sys
MSCONFIG\startupreg: dscmse => rundll32.exe "C:\Users\Welcome\AppData\Roaming\dscmse.dll",CreateLogFile
MSCONFIG\startupreg: tbrpes => "C:\Windows\System32\rundll32.exe" "C:\Users\Welcome\AppData\Roaming\tbrpes.dll",get_error_ptr
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TrojanScanner => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11EEBA92-6997-4736-8CF4-0375AE56CDDC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11EEBA92-6997-4736-8CF4-0375AE56CDDC} => Key deleted successfully.
C:\Windows\System32\Tasks\{B6045275-FFC4-4BAB-ACA5-B6AB0C47780D} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B6045275-FFC4-4BAB-ACA5-B6AB0C47780D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1823E0C9-C468-42D1-9565-428AE8277DB7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1823E0C9-C468-42D1-9565-428AE8277DB7} => Key deleted successfully.
C:\Windows\System32\Tasks\{2860BEB2-B765-4F19-ADBA-5CAE5BCB9983} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2860BEB2-B765-4F19-ADBA-5CAE5BCB9983} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1992421D-42D8-4B47-A35C-B4FADC96ABCF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1992421D-42D8-4B47-A35C-B4FADC96ABCF} => Key deleted successfully.
C:\Windows\System32\Tasks\{A5A491A1-3802-4FAD-B97E-2A64E08B9FA9} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A5A491A1-3802-4FAD-B97E-2A64E08B9FA9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A343132-F11D-4A24-B2DA-0A795FBE99E2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A343132-F11D-4A24-B2DA-0A795FBE99E2} => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B30FBA1-23F5-4999-8DB9-E6B93B969FFC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B30FBA1-23F5-4999-8DB9-E6B93B969FFC} => Key deleted successfully.
C:\Windows\System32\Tasks\4897 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4897 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C033CB6-6BBC-42E2-8BDA-050CCE5334D9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C033CB6-6BBC-42E2-8BDA-050CCE5334D9} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72A8FF8A-B01F-4E31-BE4B-2EC0C4A5863B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72A8FF8A-B01F-4E31-BE4B-2EC0C4A5863B} => Key deleted successfully.
C:\Windows\System32\Tasks\{ECF2DC9C-896B-45B9-ACA5-9F2AC924B8D2} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ECF2DC9C-896B-45B9-ACA5-9F2AC924B8D2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E2CB453-597D-458C-BF36-C124F88D3C29} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E2CB453-597D-458C-BF36-C124F88D3C29} => Key deleted successfully.
C:\Windows\System32\Tasks\hpUrlLauncher.exe_{3E553E69-35B9-4C59-837A-FFAEE476B8D5} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hpUrlLauncher.exe_{3E553E69-35B9-4C59-837A-FFAEE476B8D5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CFBC5EE-11DB-44DB-94A2-34BE9B6342CC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CFBC5EE-11DB-44DB-94A2-34BE9B6342CC} => Key deleted successfully.
C:\Windows\System32\Tasks\{6D0533BE-4C21-4DC1-BAE6-490337B3DD78} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6D0533BE-4C21-4DC1-BAE6-490337B3DD78} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7A3B54C-6092-434D-84EF-4EBAF1990F5B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7A3B54C-6092-434D-84EF-4EBAF1990F5B} => Key deleted successfully.
C:\Windows\System32\Tasks\{7AF73AB7-29F1-466B-B9EF-CF200678AA65} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AF73AB7-29F1-466B-B9EF-CF200678AA65} => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
"C:\Users\Welcome\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\Welcome => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\ProgramData\desktop.ini => ":gs5sys" ADS removed successfully.
C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully.
"C:\ProgramData\Templates" => ":gs5sys" ADS not found.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
"C:\Users\Welcome\Application Data" => ":gs5sys" ADS not found.
"C:\Users\Welcome\Cookies" => ":gs5sys" ADS not found.
"C:\Users\Welcome\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\Welcome\Templates" => ":gs5sys" ADS not found.
C:\Users\Welcome\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Welcome\AppData\Local => ":gs5sys" ADS removed successfully.
C:\Users\Welcome\AppData\Roaming => ":gs5sys" ADS removed successfully.
"C:\Users\Welcome\AppData\Local\Application Data" => ":gs5sys" ADS not found.
"C:\Users\Welcome\AppData\Local\History" => ":gs5sys" ADS not found.
C:\Users\Welcome\Documents\desktop.ini => ":gs5sys" ADS removed successfully.

========= MSCONFIG\startupdscmse => rundll32.exe "C:\Users\Welcome\AppData\Roaming\dscmse.dll",CreateLogFile =========

The system cannot find the path specified.


========= End of Reg: =========


========= MSCONFIG\startuptbrpes => "C:\Windows\System32\rundll32.exe" "C:\Users\Welcome\AppData\Roaming\tbrpes.dll",get_error_ptr =========

The system cannot find the path specified.


========= End of Reg: =========


==== End of Fixlog ====
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/13/2014 7:25 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
That´s odd if trojanremover found this as a threat -> "HP Photosmart 6520 series\bin\HPStatusBL.dll"





How are things running now ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

rlow
New Member


Date Joined Nov 2008
Total Posts : 15
 
   Posted 2/14/2014 8:28 PM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
I thought so too, but it flagged it up right off and I ran it again afterwards and it found nothing. Doesn't TRpatch hide itself in the oddest places (which is why Bullguard never finds it)? I am running much as before - though I wait, with trepidation, to see if my Yahoo list is spammed again. Already had to move some functions to Gmail, just to see if they are also compromised, which would mean its on my computer somewhere rather than some Yahoo-based insanity. I have changed my passwords so often even I don't know them now.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 2/15/2014 11:13 AM (GMT +3)    Quote: TRpatch R GenAlert an admin about: TRpatch R Gen
"Doesn't TRpatch hide itself in the oddest places (which is why Bullguard never finds it)?"


If it is trojan remover there found it, I´ll suggest you remove the program, especially since other programs (Bullguard, combofix, malwarebyte) don´t find anything.


It is, however, possible it is hiding in a quarantine, I´ll therefore suggest you remove the tools we have used, including quarantine folders:



Please download: Delfix


by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.

Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
New Topic Post reply to : TRpatch R Gen Printable version of : TRpatch R Gen
 
Forum Information
Currently it is Tuesday, July 29, 2014 1:47 PM (GMT +3)
There are a total of 60,529 posts in 13,304 threads.
In the last 3 days there were 1 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36184 registered members. Please welcome our newest member, ByronMarsh.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard removes CODWAW.exe says its a trojen generic (1)7/26/2014 5:56:15 PM (Andreea-Luciana Ostache)