TRpatch R Gen

Posted 2/2/2014 12:51 PM
#96555
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
I have identified TRpatch R Gen on my machine - not, I have to complain, thanks to Bullguard which consistently fails to see it. I was suffering from a series of mass email spamming from my Yahoo account and I am thinking, because of recent reports, that it came via Yahoo. However it got in, I can't get it out. I have tried every combination of cleaner, combofix, antimalware, antivirus I can find online (and spent more time vetting the alleged help than finding it).</div> <br/>Each time I think I have go rid of it - it returns and mass emails. I was sure I got rid of it a few days ago - a scheduled Bullguard weekly scan found, as usual, nothing - but Avira unveiled the culprit once more and allegedly blocked it. <br/> <br/>Unless BG can come up with a solution, I may well have to reinstall Windows as a last resort. I am reluctant to do that, with all the accompanying hassle, unless I can be sure THAT will work. <br/> <br/>Perhaps you can advise me.
Posted 2/2/2014 2:00 PM
#96556
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
If you still have combofix log, please post it.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/2/2014 5:11 PM
#96557
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
Here you go: <br/> <br/>ComboFix 14-02-01.01 - Welcome 02/02/2014 16:47:32.2.4 - x64 <br/>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8174.5330 [GMT 0:00] <br/>Running from: c:\users\Welcome\Downloads\ComboFix.exe <br/>AV: BullGuard Antivirus *Enabled/Updated* {C3CCAC61-52F7-A056-1860-6406566E2578} <br/>FW: BullGuard Firewall *Enabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203} <br/>SP: BullGuard Antispyware *Enabled/Updated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/> * Created a new restore point <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2014-01-02 to 2014-02-02 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2014-02-02 16:56 . 2014-02-02 16:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp <br/>2014-02-02 16:56 . 2014-02-02 16:56 -------- d-----w- c:\users\Public\AppData\Local\temp <br/>2014-02-02 16:56 . 2014-02-02 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2014-02-02 16:41 . 2014-02-02 16:41 -------- d-----w- C:\RegBk_2014.02.02.16.41.21 <br/>2014-01-30 12:23 . 2014-01-30 12:23 -------- d-----w- c:\program files\Enigma Software Group <br/>2014-01-30 12:23 . 2014-01-30 13:10 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP <br/>2014-01-30 12:23 . 2014-01-30 12:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard <br/>2014-01-30 12:05 . 2014-01-30 12:05 -------- d-----w- c:\users\Welcome\AppData\Roaming\ParetoLogic <br/>2014-01-30 12:05 . 2014-01-30 12:05 -------- d-----w- c:\users\Welcome\AppData\Roaming\DriverCure <br/>2014-01-30 12:05 . 2014-01-30 12:05 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic <br/>2014-01-30 12:05 . 2014-01-30 12:05 -------- d-----w- c:\programdata\ParetoLogic <br/>2014-01-30 12:05 . 2014-01-30 12:05 -------- d-----w- c:\program files (x86)\ParetoLogic <br/>2014-01-22 23:33 . 2014-01-22 23:33 -------- d-----w- c:\windows\Uninstallers <br/>2014-01-22 13:45 . 2014-01-22 13:45 -------- d-----w- c:\program files (x86)\Conduit <br/>2014-01-22 13:45 . 2014-01-30 12:20 -------- d-----w- c:\program files (x86)\Battlefront.com <br/>2014-01-19 20:14 . 2014-01-19 20:14 -------- d-----w- c:\programdata\Oracle <br/>2014-01-19 20:13 . 2014-01-19 20:13 -------- d-----w- c:\program files (x86)\Common Files\Java <br/>2014-01-19 20:13 . 2014-01-19 20:12 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll <br/>2014-01-19 20:12 . 2014-01-19 20:12 -------- d-----w- c:\program files (x86)\Java <br/>2014-01-19 20:09 . 2014-01-19 20:09 -------- d-----w- c:\programdata\McAfee <br/>2014-01-15 14:32 . 2014-01-15 14:32 -------- d-----w- c:\programdata\AskPartnerNetwork <br/>2014-01-15 14:32 . 2014-01-15 14:32 -------- d-----w- c:\program files (x86)\AskPartnerNetwork <br/>2014-01-15 14:32 . 2014-01-15 14:32 -------- d-----w- c:\programdata\APN <br/>2014-01-15 14:32 . 2014-01-15 14:32 -------- d-----w- c:\users\Welcome\AppData\Roaming\Avira <br/>2014-01-15 14:30 . 2014-01-15 14:30 -------- d-----w- c:\programdata\Avira <br/>2014-01-15 14:30 . 2014-01-15 14:30 -------- d-----w- c:\program files (x86)\Avira <br/>2014-01-15 14:30 . 2014-01-15 14:29 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys <br/>2014-01-15 14:30 . 2014-01-15 14:29 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys <br/>2014-01-15 14:30 . 2014-01-15 14:29 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys <br/>2014-01-15 14:30 . 2014-01-15 14:29 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys <br/>2014-01-15 14:14 . 2014-01-15 14:14 -------- d-----w- c:\program files\Uninstaller <br/>2014-01-15 14:14 . 2014-01-30 12:20 -------- d-----w- c:\program files (x86)\PC Speed Maximizer <br/>2014-01-10 16:04 . 2014-01-10 16:04 -------- d-----w- c:\windows\Hewlett-Packard <br/>2014-01-09 22:44 . 2014-01-09 22:44 -------- d-----w- c:\users\Welcome\AppData\Roaming\TuneUp Software <br/>2014-01-09 22:40 . 2014-01-15 14:16 -------- d-----w- c:\programdata\MFAData <br/>2014-01-09 22:40 . 2014-01-09 22:40 -------- d--h--w- c:\programdata\Common Files <br/>2014-01-09 22:40 . 2014-01-09 22:40 -------- d-----w- c:\users\Welcome\AppData\Local\MFAData <br/>2014-01-09 19:36 . 2014-01-09 19:36 -------- d-----w- c:\users\Welcome\AppData\Local\SlimWare Utilities Inc <br/>2014-01-09 19:36 . 2014-01-09 22:13 -------- d-----w- c:\program files (x86)\DriverUpdate <br/>2014-01-09 19:30 . 2014-01-09 19:30 -------- d-----w- c:\users\Welcome\.android <br/>2014-01-09 19:30 . 2014-01-09 19:30 -------- d-----w- c:\users\Welcome\AppData\Local\cache <br/>2014-01-09 19:30 . 2014-01-09 22:13 -------- d-----w- c:\users\Welcome\AppData\Local\genienext <br/>2014-01-09 19:30 . 2014-01-09 22:13 -------- d-----w- c:\users\Welcome\AppData\Roaming\newnext.me <br/>2014-01-09 19:30 . 2014-01-09 19:43 -------- d-----w- c:\users\Welcome\AppData\Local\Mobogenie <br/>2014-01-09 19:29 . 2014-01-09 19:43 -------- d-----w- c:\program files (x86)\Mobogenie <br/>2014-01-09 17:59 . 2014-01-09 17:59 -------- d-----w- c:\users\Welcome\AppData\Roaming\FixTDSS <br/>2014-01-07 19:40 . 2014-01-11 16:38 -------- d-----w- c:\users\Welcome\AppData\Roaming\Natural Selection 2 <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2014-01-22 15:01 . 2012-02-16 00:44 126976 ----a-w- c:\windows\lcmmfu.cpl <br/>2014-01-10 00:29 . 2014-01-10 00:29 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll <br/>2014-01-10 00:28 . 2014-01-10 00:28 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll <br/>2014-01-10 00:28 . 2014-01-10 00:28 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll <br/>2013-12-26 16:10 . 2013-12-21 12:50 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.exe <br/>2013-12-26 16:10 . 2012-11-30 13:45 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr <br/>2013-12-21 12:56 . 2013-12-21 12:50 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 <br/>2013-12-21 12:49 . 2013-12-21 12:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe <br/>2013-12-11 19:24 . 2013-03-03 17:48 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe <br/>2013-12-11 19:24 . 2012-02-14 17:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl <br/>2013-11-14 01:17 . 2012-02-14 16:17 82896128 ----a-w- c:\windows\system32\MRT.exe <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] <br/>"{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}"= "c:\program files (x86)\Battlefront.com\tbBatt.dll" [2008-01-24 1555480] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}] <br/>2013-12-20 21:02 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}] <br/>2008-01-24 16:56 1555480 ----a-w- c:\program files (x86)\Battlefront.com\tbBatt.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] <br/>"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240] <br/>"{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}"= "c:\program files (x86)\Battlefront.com\tbBatt.dll" [2008-01-24 1555480] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}] <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-01-27 1815976] <br/>"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-18 20587168] <br/>"HP Photosmart 6520 series (NET)"="c:\program files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416] <br/>"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488] <br/>"MyDriveConnect.exe"="c:\program files (x86)\MyDrive Connect\MyDriveConnect.exe" [2013-10-21 473496] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] <br/>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] <br/>"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] <br/>"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-01-15 684600] <br/>"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640] <br/>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] <br/>. <br/>c:\users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN34N3509H05XP;CONNECTION=NW;MONITOR=1; [2009-7-13 45568] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorAdmin"= 0 (0x0) <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableLUA"= 0 (0x0) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>"PromptOnSecureDesktop"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] <br/>"Userinit"="userinit.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] <br/>"LoadAppInit_DLLs"=1 (0x1) <br/>"AppInit_DLLs"=c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] <br/>@="" <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] <br/>@="Service" <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] <br/>@="Service" <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] <br/>@="Service" <br/>. <br/>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] <br/>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] <br/>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] <br/>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] <br/>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] <br/>S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys;c:\windows\SYSNATIVE\DRIVERS\afw.sys [x] <br/>S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] <br/>S1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys;c:\windows\SYSNATIVE\drivers\BdSpy.sys [x] <br/>S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys;c:\windows\SYSNATIVE\DRIVERS\NSKernel.sys [x] <br/>S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys;c:\windows\SYSNATIVE\DRIVERS\NSNetmon.sys [x] <br/>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] <br/>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] <br/>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] <br/>S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] <br/>S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] <br/>S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x] <br/>S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x] <br/>S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x] <br/>S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x] <br/>S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x] <br/>S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x] <br/>S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] <br/>S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] <br/>S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys;c:\windows\SYSNATIVE\DRIVERS\afwcore.sys [x] <br/>S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x] <br/>S3 BdNet;BdNet;c:\windows\system32\drivers\BdNet.sys;c:\windows\SYSNATIVE\drivers\BdNet.sys [x] <br/>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] <br/>2014-01-28 13:00 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2014-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job <br/>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-03 19:24] <br/>. <br/>2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-28 12:58] <br/>. <br/>2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-28 12:58] <br/>. <br/>2014-01-30 c:\windows\Tasks\ParetoLogic Registration3.job <br/>- c:\windows\system32\rundll32.exe [2009-07-13 01:14] <br/>. <br/>2014-01-30 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job <br/>- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-09-30 18:24] <br/>. <br/>2014-01-30 c:\windows\Tasks\ParetoLogic Update Version3.job <br/>- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-09-30 18:24] <br/>. <br/>2014-01-30 c:\windows\Tasks\RegCure Pro Startup.job <br/>- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-09-30 18:24] <br/>. <br/>2014-01-30 c:\windows\Tasks\RegCure Pro.job <br/>- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-09-30 18:24] <br/>. <br/>. <br/>--------- X64 Entries ----------- <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}] <br/>2013-12-20 21:02 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll" [2013-12-20 13776] <br/>. <br/>[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288] <br/>"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2013-10-18 976720] <br/>"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" [2013-10-14 2530128] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] <br/>"LoadAppInit_DLLs"=0x1 <br/>"AppInit_DLLs"=c:\progra~1\BULLGU~1\BULLGU~1\BgAgent.dll <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uLocal Page = c:\windows\system32\blank.htm <br/>uStart Page = hxxp://www.bing.com/?cc=gb <br/>mStart Page = about:blank <br/>mLocal Page = c:\windows\SysWOW64\blank.htm <br/>TCP: DhcpNameServer = 192.168.1.254 <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>Toolbar-10 - (no file) <br/>Toolbar-Locked - (no file) <br/>Wow6432Node-HKLM-Run-<NO NAME> - (no file) <br/>. <br/>. <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Shockwave Flash Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] <br/>@="0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="ShockwaveFlash.ShockwaveFlash.11" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="ShockwaveFlash.ShockwaveFlash" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Macromedia Flash Factory Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="FlashFactory.FlashFactory.1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="FlashFactory.FlashFactory" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347] <br/>"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae, <br/> 25 <br/>"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b, <br/> c3 <br/>"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48, <br/> 8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0472A5F591DE6EF2D1809DE316FEF63A] <br/>"1"=hex:29,fc,2c,6f,ce,aa,f2,69,e8,37,99,34,ad,33,e5,ad <br/>"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c, <br/> de,a0,46,ee,d1,e1,d8,58,7c,16,70,d4,a0,8c,ec,86,77,7d,72,2c,53,77,0b,6f,be,\ <br/>"18"=hex:d0,71,12,cb,08,b7,a7,d6 <br/>"3"=hex:d0,17,ea,4d,53,b9,85,f2,78,f7,89,82,38,74,61,a8,82,b1,0a,dc,10,ba,a6, <br/> b5,b5,81,17,12,3b,0d,3c,80,d5,87,69,9d,0a,66,37,30,11,d8,89,1d,bf,20,1f,15,\ <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\A62C3DF982434ABDAD414E772CEE62E6] <br/>"1"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,b2,8b,15,99,5d,9d,47, <br/> 61,6c,bf,37,a7,d1,d7,c0,b2 <br/>"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c, <br/> de,a0,46,ee,d1,e1,d8,58,7c,16,70,d4,a0,8c,ec,86,77,7d,72,2c,53,77,0b,6f,be,\ <br/>"18"=hex:d0,71,12,cb,08,b7,a7,d6 <br/>"3"=hex:a8,be,06,98,56,78,be,6b,ce,33,81,fe,c3,0a,1d,4b,80,f3,7c,02,d8,fd,b5, <br/> d0,ba,af,ea,b6,ee,98,27,e7,be,5a,3f,b7,22,8c,17,a4,af,48,47,b4,8f,a8,2e,97,\ <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\C4838B3D951212E6CDEE180D9201C56E] <br/>"1"=hex:07,1f,1a,27,85,96,85,c3,38,71,53,58,52,6e,65,80,4c,0f,9a,93,b5,f7,5b, <br/> e0 <br/>"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c, <br/> de,a0,46,ee,d1,e1,d8,58,7c,16,70,d4,a0,8c,ec,86,77,7d,72,2c,53,77,0b,6f,be,\ <br/>"18"=hex:d0,71,12,cb,08,b7,a7,d6 <br/>"3"=hex:7e,d9,09,ad,44,64,f6,38,d7,9b,61,58,fc,3a,6c,4f,03,c7,19,69,ad,62,20, <br/> d9,59,41,b5,55,b0,d5,bd,96,bf,42,0e,3b,39,ae,51,87,6a,2a,d0,06,a2,1f,ad,06,\ <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\DF7B54A6112C2A0959607A574D3D99D6] <br/>"1"=hex:05,a5,52,27,27,68,21,41,63,83,05,15,ef,55,2c,92 <br/>"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c, <br/> de,a0,46,ee,d1,e1,d8,58,7c,16,70,d4,a0,8c,ec,86,77,7d,72,2c,53,77,0b,6f,be,\ <br/>"18"=hex:d0,71,12,cb,08,b7,a7,d6 <br/>"3"=hex:63,dd,d3,86,af,14,17,8b,2c,23,b4,20,58,bc,8f,68,e4,47,27,54,2f,0a,2a, <br/> 3e,1f,f0,3f,af,5c,fb,e1,10,f5,db,fe,c8,83,f9,a1,fc,61,5d,8b,f5,b6,0b,c3,a0,\ <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] <br/>@Denied: (A) (Everyone) <br/>"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] <br/>@Denied: (A) (Everyone) <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] <br/>"Key"="ActionsPane3" <br/>"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe <br/>c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>c:\windows\SysWOW64\PnkBstrA.exe <br/>c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe <br/>c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2014-02-02 17:08:48 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2014-02-02 17:08 <br/>ComboFix2.txt 2013-05-03 09:59 <br/>. <br/>Pre-Run: 184,561,987,584 bytes free <br/>Post-Run: 183,988,477,952 bytes free <br/>. <br/>- - End Of File - - 746FECA4178E865227C9F6360A151C8F <br/>A36C5E4F47E84449FF07ED3517B43A31
Posted 2/3/2014 6:23 AM
#96558
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Looks like you some PUP (potentially unwanted programs) installed, which we will remove now. <br/> <br/>It also looks like you have two antivirus programs running - Avira and Bullguard, it is not an good idea as they will conflict with each other, and probably slow down your computer. <br/> <br/>I´ll therefore suggest you remove one of tem. <br/> <br/> <br/> <br/> <br/> <br/>Please download <br/> AdwCleaner <br/> <br/>• Double click on AdwCleaner.exe to run the tool.  <br/>***Note: Windows Vista and Windows 7 users:  <br/>Right click in the adwCleaner.exe and select – Run as admin  <br/>• Click Delete.  <br/>• Everything that was found will be deleted.  <br/>• Save any open files and approve the reboot. A text file will open after the restart.  <br/> <br/>Post the log in next reply <br/> <br/> <br/> <br/>Next - <br/>Junkware Removal Tool by thisisu <br/> <br/>Download: [url=http://thisisudax.org/downloads/JRT.exe ]Junk Removal Tool[/url] <br/> <br/>To Desktop <br/>Disable your Antivirus program if required <br/>For vista and windows 7 right click on the tool and select run as administrator <br/>After the scan is completed, post the generated log here.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/4/2014 11:03 AM
#96567
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
Thanks for this so far - Avira removed (it was only ever a temp control). Adware log follows: <br/> <br/> AdwCleaner v3.018 - Report created 04/02/2014 at 10:19:40 <br/># Updated 28/01/2014 by Xplode <br/># Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) <br/># Username : Welcome - WELCOME-PC <br/># Running from : C:\Users\Welcome\Downloads\adwcleaner.exe <br/># Option : Scan <br/> <br/>***** [ Services ] ***** <br/> <br/> <br/>***** [ Files / Folders ] ***** <br/> <br/>File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml <br/>File Found : C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\searchplugins\Mysearchdial.xml <br/>File Found : C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\searchplugins\Search_Results.xml <br/>Folder Found : C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8} <br/>Folder Found C:\Program Files (x86)\Battlefront.com <br/>Folder Found C:\Program Files (x86)\Conduit <br/>Folder Found C:\Program Files (x86)\PC Speed Maximizer <br/>Folder Found C:\ProgramData\apn <br/>Folder Found C:\ProgramData\Ask <br/>Folder Found C:\ProgramData\ParetoLogic <br/>Folder Found C:\Users\Welcome\AppData\Local\Temp\apn <br/>Folder Found C:\Users\Welcome\AppData\Local\torch <br/>Folder Found C:\Users\Welcome\AppData\Roaming\DriverCure <br/>Folder Found C:\Users\Welcome\AppData\Roaming\ParetoLogic <br/> <br/>***** [ Shortcuts ] ***** <br/> <br/> <br/>***** [ Registry ] ***** <br/> <br/>Key Found : HKCU\Software\AppDataLow\Software\Conduit <br/>Key Found : HKCU\Software\Battlefront.com <br/>Key Found : HKCU\Software\Conduit <br/>Key Found : HKCU\Software\ilivid <br/>Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} <br/>Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64D0FFC8-C37A-48E4-A128-9E38886E4E5A} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64D0FFC8-C37A-48E4-A128-9E38886E4E5A} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} <br/>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} <br/>Key Found : HKCU\Software\ParetoLogic <br/>Key Found : HKCU\Software\torch <br/>Key Found : [x64] HKCU\Software\Battlefront.com <br/>Key Found : [x64] HKCU\Software\Conduit <br/>Key Found : [x64] HKCU\Software\ilivid <br/>Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} <br/>Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} <br/>Key Found : [x64] HKCU\Software\ParetoLogic <br/>Key Found : [x64] HKCU\Software\torch <br/>Key Found : HKLM\Software\Battlefront.com <br/>Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe <br/>Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} <br/>Key Found : HKLM\SOFTWARE\Classes\CLSID\{64D0FFC8-C37A-48E4-A128-9E38886E4E5A} <br/>Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} <br/>Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} <br/>Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} <br/>Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} <br/>Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} <br/>Key Found : HKLM\Software\Conduit <br/>Key Found : HKLM\Software\DataMngr <br/>Key Found : HKLM\Software\iLividSRTB <br/>Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} <br/>Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0} <br/>Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} <br/>Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 <br/>Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS <br/>Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 <br/>Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs <br/>Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 <br/>Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS <br/>Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64D0FFC8-C37A-48E4-A128-9E38886E4E5A} <br/>Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} <br/>Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Battlefront.com Toolbar <br/>Key Found : HKLM\Software\ParetoLogic <br/>Key Found : HKLM\Software\torch <br/>Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} <br/>Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} <br/>Key Found : [x64] HKLM\SOFTWARE\DomaIQ <br/>Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} <br/>Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{64D0FFC8-C37A-48E4-A128-9E38886E4E5A}] <br/>Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{64D0FFC8-C37A-48E4-A128-9E38886E4E5A}] <br/> <br/>***** [ Browsers ] ***** <br/> <br/>-\\ Internet Explorer v11.0.9600.16428 <br/> <br/> <br/>-\\ Mozilla Firefox v <br/> <br/>[ File : C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\prefs.js ] <br/> <br/>Line Found : user_pref("browser.search.defaultenginename", "Search Results"); <br/>Line Found : user_pref("browser.search.order.1", "Search Results"); <br/>Line Found : user_pref("browser.search.selectedEngine", "Search Results"); <br/>Line Found : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406"); <br/> <br/>-\\ Google Chrome v32.0.1700.102 <br/> <br/>[ File : C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\preferences ] <br/> <br/>Found : homepage <br/>Found : icon_url <br/>Found : search_url <br/>Found : keyword <br/> <br/>************************* <br/> <br/>AdwCleaner[R0].txt - [6201 octets] - [04/02/2014 10:19:40] <br/> <br/>########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6261 octets] ##########
Posted 2/4/2014 11:13 AM
#96568
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
And the Junkware log: <br/> <br/>Junkware Removal Tool (JRT) by Thisisu <br/>Version: 6.1.1 (02.04.2014:1) <br/>OS: Windows 7 Home Premium x64 <br/>Ran by Welcome on 04/02/2014 at 11:05:00.24 <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/> <br/> <br/> <br/> <br/>~~~ Services <br/> <br/> <br/> <br/>~~~ Registry Values <br/> <br/>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL <br/> <br/> <br/> <br/>~~~ Registry Keys <br/> <br/>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} <br/>Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} <br/>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} <br/>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} <br/>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} <br/>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit <br/>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid <br/>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch <br/>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit <br/>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32 <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\ilividsrtb <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32 <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32 <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS <br/>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} <br/>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} <br/> <br/> <br/> <br/>~~~ Files <br/> <br/> <br/> <br/>~~~ Folders <br/> <br/>Successfully deleted: [Folder] "C:\ProgramData\apn" <br/>Successfully deleted: [Folder] "C:\Users\Welcome\AppData\Roaming\drivercure" <br/>Successfully deleted: [Folder] "C:\Users\Welcome\appdata\local\torch" <br/>Successfully deleted: [Folder] "C:\Users\Welcome\appdata\locallow\datamngr" <br/>Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" <br/>Successfully deleted: [Folder] "C:\Program Files (x86)\pc speed maximizer" <br/>Successfully deleted: [Folder] "C:\ProgramData\ask" <br/> <br/> <br/> <br/>~~~ Chrome <br/> <br/>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm <br/> <br/> <br/> <br/>~~~ Event Viewer Logs were cleared <br/> <br/> <br/> <br/> <br/> <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Scan was completed on 04/02/2014 at 11:10:58.94 <br/>End of JRT log <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Posted 2/4/2014 2:37 PM
#96570
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Still got TRpatch R Gen message, if so, please the location, folder/filename ? <br/> <br/> <br/> <br/> <br/> <br/>Please download zoek. exe and save it to your Desktop: <br/>http://www.hijackthis.nl/smeenk/060712/zoek.exe <br/> <br/>•Close any open browsers <br/>• Temporarily disable your AntiVirus program. (If necessary) <br/> <br/> <br/>•Double click on zoek.exe to run the tool . <br/>Please wait while the tool does not start... <br/> <br/>•Copy the text present inside the code box below and paste it into the large window in the zoek tool: <br/> <br/> [code] <br/>createsrpoint; <br/>empty directory check, delete <br/>shortcutfix; <br/>emptyfolderscheck;delete <br/>emptyclsid; <br/>firefoxlook; <br/>FFdefaults; <br/>Chromelook; <br/>CHRdefaults; <br/>autoclean; <br/>iedefaults; <br/>[/code] <br/> <br/>Click on Run Script button. <br/>Please wait until a logreport will open (this can be after reboot) <br/> <br/>•Save notepad to your Desktop and post here zoek-results.log <br/> <br/> <br/>Note: It will also create a log in the C:\ directory named "zoek-results.log"

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/4/2014 2:45 PM
#96571
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
If have no TR Gen message from the Adware of Junkware scans. That, to me, means nothing much - I don't get any such messages save from Avira, which I have deleted. <br/> <br/>Proceeding with your next instructions - thank you for them.
Posted 2/4/2014 3:03 PM
#96572
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
And the Zoek log: <br/> <br/> <br/>Zoek.exe v5.0.0.0 Updated 31-January-2014 <br/>Tool run by Welcome on 04/02/2014 at 14:46:32.85. <br/>Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 <br/>Running in: Normal Mode Internet Access Detected <br/>Launched: C:\Users\Welcome\Downloads\zoek.exe [Scan all users] [Script inserted] <br/> <br/>==== System Restore Info ====================== <br/> <br/>04/02/2014 14:47:46 Zoek.exe System Restore Point Created Succesfully. <br/> <br/>==== Empty Folders Check ====================== <br/> <br/>C:\PROGRA~2\DjVuZone deleted successfully <br/>C:\PROGRA~2\DriverUpdate deleted successfully <br/>C:\Program Files\Google deleted successfully <br/>C:\ProgramData\Firefly Studios deleted successfully <br/>C:\ProgramData\Oracle deleted successfully <br/>C:\Users\Welcome\AppData\Local\genienext deleted successfully <br/>C:\Users\Welcome\AppData\Local\My Games deleted successfully <br/>C:\Users\Welcome\AppData\Local\wwxqlfyp deleted successfully <br/> <br/>==== Deleting CLSID Registry Keys ====================== <br/> <br/> <br/>==== Deleting CLSID Registry Values ====================== <br/> <br/>HKEY_USERS\S-1-5-21-834015710-4144180869-3245421182-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully <br/> <br/>==== Deleting Services ====================== <br/> <br/> <br/>==== FireFox Fix ====================== <br/> <br/>Deleted from C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\prefs.js: <br/>user_pref("browser.startup.homepage", "http://www.searchnu.com/406"); <br/>user_pref("browser.search.defaultenginename", "Search Results"); <br/>user_pref("browser.search.selectedEngine", "Search Results"); <br/>user_pref("browser.search.order.1", "Search Results"); <br/> <br/>Added to C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\prefs.js: <br/>user_pref("browser.startup.homepage", "http://www.google.com"); <br/>user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); <br/>user_pref("browser.newtab.url", "http://www.google.com/"); <br/>user_pref("browser.search.defaultengine", "Google"); <br/>user_pref("browser.search.defaultenginename", "Google"); <br/>user_pref("browser.search.selectedEngine", "Google"); <br/>user_pref("browser.search.order.1", "Google"); <br/>user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); <br/>user_pref("browser.search.suggest.enabled", true); <br/>user_pref("browser.search.useDBForOrder", true); <br/> <br/>ProfilePath: C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default <br/> <br/>user.js not found <br/>---- FireFox user.js and prefs.js backups ---- <br/> <br/>prefs_022014_1454_.backup <br/> <br/>==== Deleting Files \ Folders ====================== <br/> <br/>C:\Users\Welcome\.android deleted <br/>C:\PROGRA~2\Mozilla Firefox\searchplugins\Search_Results.xml deleted <br/>C:\PROGRA~2\Mobogenie deleted <br/>C:\Program Files\Uninstaller deleted <br/>C:\Users\Welcome\AppData\Roaming\newnext.me deleted <br/>C:\Users\Welcome\AppData\Roaming\HoolappForAndroid deleted <br/>C:\Users\Welcome\AppData\Roaming\ParetoLogic deleted <br/>C:\ProgramData\qqgomilswhwpdjncglp.reg deleted <br/>C:\ProgramData\qqgomilswhwpdjncglp.bat deleted <br/>C:\ProgramData\ParetoLogic deleted <br/>C:\Users\Welcome\AppData\Local\mysearchdial-speeddial.crx deleted <br/>C:\Users\Welcome\AppData\Local\Mobogenie deleted <br/>C:\Users\Welcome\AppData\Local\cache deleted <br/>C:\Users\Welcome\Documents\Mobogenie deleted <br/>C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\searchplugins\Mysearchdial.xml deleted <br/>C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\searchplugins\Search_Results.xml deleted <br/> <br/>==== Firefox Extensions Registry ====================== <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] <br/>"antiphishing@bullguard"="c:\program files\bullguard ltd\bullguard\Files32\Antiphishing\FF\antiphishing@bullguard" [16/10/2013 12:16] <br/> <br/>==== Firefox Extensions ====================== <br/> <br/>ProfilePath: C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default <br/>- MySearchDial NewTab - %ProfilePath%\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} <br/> <br/>AppDir: C:\Program Files (x86)\Mozilla Firefox <br/>- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} <br/> <br/>==== Firefox Plugins ====================== <br/> <br/> <br/>==== Deleted Firefox Extensions ====================== <br/> <br/>C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} deleted <br/> <br/>==== Chrome Look ====================== <br/> <br/>Google Docs - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <br/>Google Drive - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <br/>YouTube - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo <br/>Google Search - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf <br/>Google Wallet - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <br/>Gmail - Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia <br/> <br/>==== Set IE to Default ====================== <br/> <br/>Old Values: <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] <br/>"Start Page"="http://www.bing.com/?cc=gb" <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] <br/>"Default_Page_URL"="http://www.google.com" <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] <br/>"Default_Page_URL"="http://www.google.com" <br/> <br/>New Values: <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] <br/>"Start Page"="http://www.bing.com/?cc=gb" <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] <br/>"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] <br/>"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" <br/> <br/>==== All HKCU SearchScopes ====================== <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes <br/>"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" <br/>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" <br/>{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" <br/> <br/>==== Reset Google Chrome ====================== <br/> <br/>C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully <br/>C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully <br/> <br/>==== shortcuts on Users Desktops ====================== <br/> <br/>C:\Users\Welcome\Desktop\Activate CMBN Market Garden.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\CM Normandy.exe -showui <br/>C:\Users\Welcome\Desktop\Battlefront Website.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Misc\Battlefront Website.url <br/>C:\Users\Welcome\Desktop\CM Battle for Normandy.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\CM Normandy.exe <br/>C:\Users\Welcome\Desktop\CM Fortress Italy.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe <br/>C:\Users\Welcome\Desktop\CM Shock Force.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe <br/>C:\Users\Welcome\Desktop\Combat Mission Shock Force Manual.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF Game Manual v1.20.pdf <br/>C:\Users\Welcome\Desktop\DarthMod Empire.lnk - C:\Program Files (x86)\Steam\SteamApps\common\empire total war\data\DME\DME Platinum.exe <br/>C:\Users\Welcome\Desktop\Gary Grigsby's War in the East (Game Menu).lnk - C:\Matrix Games\Gary Grigsby's War in the East\autorun.exe <br/>C:\Users\Welcome\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe <br/>C:\Users\Welcome\Desktop\Larry Bond's Harpoon - Commander's Edition Game Menu.lnk - C:\Matrix Games\HCE\autorun.exe <br/>C:\Users\Welcome\Desktop\Medieval II - Kingdoms_Grand_Campaign_Mod.lnk - C:\Program Files (x86)\SEGA\Medieval II Total War\kingdoms.exe <br/>C:\Users\Welcome\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe <br/>C:\Users\Welcome\Desktop\Setup ReallyBadAI.lnk - C:\Program Files (x86)\SEGA\Medieval II Total War\mods\g5_setup.exe <br/>C:\Users\Welcome\Desktop\The Operational Art of War III Game Menu.lnk - C:\Matrix Games\The Operational Art of War III\autorun.exe <br/>C:\Users\Welcome\Desktop\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe <br/>C:\Users\Welcome\Desktop\CMBN Market Garden\Activate CMBN Market Garden.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\CM Normandy.exe -showui <br/>C:\Users\Welcome\Desktop\CMBN Market Garden\Combat Mission Market Garden Manual.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\CMBN Market Garden Manual.pdf <br/>C:\Users\Welcome\Desktop\CMBN Market Garden\Launch CMBN Battle for Normandy.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\CM Normandy.exe <br/>C:\Users\Welcome\Desktop\CMBN Market Garden\Scenario Design AAR Book.lnk - C:\Users\Welcome\Documents\Battlefront\Combat Mission Battle for Normandy\A Scen Design AAR PDF Book.pdf <br/>C:\Users\Welcome\Desktop\StuffIt2010\StuffIt.lnk - C:\Program Files (x86)\Smith Micro\StuffIt 2010\Stuffit14.exe <br/> <br/>==== shortcuts on All Users Desktop ====================== <br/> <br/>C:\Users\Public\Desktop\1648 v2.0.lnk - C:\Program Files (x86)\SEGA\Medieval II Total War\mods\1648_2\1648.exe <br/>C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe <br/>C:\Users\Public\Desktop\ArtMoney SE v7.37.lnk - C:\Program Files (x86)\ArtMoney\am737.exe <br/>C:\Users\Public\Desktop\BullGuard.lnk - C:\Program Files (x86)\BullGuard Ltd\BullGuard\BullGuard.exe <br/>C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe <br/>C:\Users\Public\Desktop\DarthMod Napoleon.lnk - C:\Program Files (x86)\Steam\SteamApps\common\napoleon total war\data\DMN\DMN.exe <br/>C:\Users\Public\Desktop\DARTHMOD SHOGUN II.lnk - C:\Program Files (x86)\Steam\SteamApps\common\total war shogun 2\data\DMS\DMS.exe <br/>C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <br/>C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk - C:\Program Files (x86)\HP\HP Photosmart 6520 series\Bin\HP Photosmart 6520 series.exe -Start UDCDevicePage <br/>C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe <br/>C:\Users\Public\Desktop\Medieval II Total War.lnk - C:\Program Files (x86)\SEGA\Medieval II Total War\Launcher.exe <br/>C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 6520 series.lnk - C:\Program Files (x86)\HP\HP Photosmart 6520 series\Bin\hpqDTSS.exe <br/>C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe <br/>C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\steam.exe <br/>C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe <br/> <br/>==== shortcuts in Users Start Menu ====================== <br/> <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition (Quick Start).lnk - C:\Matrix Games\HCE\Winharp32.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition BattleSet Builder.lnk - C:\Matrix Games\HCE\BSBuilder\BSBuilder.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition Game Menu.lnk - C:\Matrix Games\HCE\autorun.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition MS Access 97 Runtime Install.lnk - C:\Matrix Games\HCE\hce_art.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition Platform Editor.lnk - C:\Matrix Games\HCE\pfBuild2005.mdb <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition Scenario Editor.lnk - C:\Matrix Games\HCE\WSCENEDT.EXE <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Larry Bond's Harpoon - Commander's Edition Scenario Orders Writer.lnk - C:\Matrix Games\HCE\OrdWrite.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Uninstall Harpoon Commanders Edition.lnk - C:\Windows\Uninstallers\Harpoon Commanders Edition Uninstall.exe "/U:C:\Matrix Games\HCE\Uninstall\uninstall.xml" <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Update Larry Bond's Harpoon - Commander's Edition.lnk - C:\Matrix Games\HCE\update.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\What's New.lnk - C:\Matrix Games\HCE\whatsnew.pdf <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Documentation\Larry Bond's Harpoon - Commander's Edition Manual (Printer Friendly).lnk - C:\Matrix Games\HCE\Manuals\HPCE-Manual-[LIGHT].pdf <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Documentation\Larry Bond's Harpoon - Commander's Edition Manual.lnk - C:\Matrix Games\HCE\Manuals\HPCE-Manual-[EBOOK].pdf <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition\Documentation\Matrix Games Fall 2006 Catalog.lnk - C:\Matrix Games\HCE\Manuals\MG-Fall06-Catalog-[SCREEN].pdf <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN34N3509H05XP;CONNECTION=NW;MONITOR=1; <br/> <br/>==== shortcuts in All Users Start Menu ====================== <br/> <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Check for Updates.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Misc\Versioncheck-nato.url <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Launch Combat Mission Shock Force.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Uninstall Combat Mission Shock Force.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\unins000.exe <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\British Forces Module Manual (Print Friendly).lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\British Forces Module Manual v1.20 print friendly.pdf <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\British Forces Module Manual.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\British Forces Module Manual v1.20.pdf <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF Marines Module Manual.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF MARINES Game Manual v1.10.pdf <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF NATO Manual (Print Friendly).lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF NATO Game Manual v1.30 print friendly.pdf <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF NATO Manual.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF NATO Game Manual v1.30.pdf <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF Troubleshooting Guide.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Battlefront.com Helpdesk.mht <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF v1.21 ReadMe.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\ReadMe v1.21.txt <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF v1.30 ReadMe.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\ReadMe v1.30.txt <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF v1.31 ReadMe.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\ReadMe v1.31.txt <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\CMSF v1.32 ReadMe.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\ReadMe v1.32.txt <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\Combat Mission Shock Force Manual (Print Friendly).lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF Game Manual v1.20 print friendly.pdf <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\Combat Mission Shock Force Manual.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CMSF Game Manual v1.20.pdf <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Docs\Mod Tools Readme.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Mod Tools\Mod Tools Readme.txt <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Licensing\Unlicense CMSF British Forces.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Modules\CMSF British Module.exe -unlicense <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Licensing\Unlicense CMSF Marines.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Modules\CMSF Marines Module.exe -unlicense <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Licensing\Unlicense CMSF NATO.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Modules\CMSF NATO Module.exe -unlicense <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Licensing\Unlicense Combat Mission Shock Force.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe -unlicense <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront\Combat Mission Shock Force\Web Links\Battlefront Website.lnk - C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\Misc\Battlefront Website.url <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk - C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk - C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm <br/>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe /register <br/> <br/>==== shortcuts in Quick Launch ====================== <br/> <br/>C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - <br/>C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - <br/>C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - <br/>C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe <br/>C:\Users\Welcome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 <br/> <br/>==== Deleting Registry Keys ====================== <br/> <br/>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller deleted successfully <br/> <br/>==== Empty IE Cache ====================== <br/> <br/>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully <br/>C:\Users\Welcome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully <br/>C:\Users\Welcome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully <br/>C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully <br/>C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully <br/>C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully <br/>C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully <br/>C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully <br/> <br/>==== Empty FireFox Cache ====================== <br/> <br/>No FireFox Cache found <br/> <br/>==== Empty Chrome Cache ====================== <br/> <br/>C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully <br/> <br/>==== Empty All Flash Cache ====================== <br/> <br/>Flash Cache is not empty, a reboot is needed <br/> <br/>==== Empty All Java Cache ====================== <br/> <br/>Java Cache cleared successfully <br/> <br/>==== C:\zoek_backup content ====================== <br/> <br/>C:\zoek_backup (files=138 folders=66 884202 bytes) <br/> <br/>==== Empty Temp Folders ====================== <br/> <br/>C:\Users\Default\AppData\Local\Temp emptied successfully <br/>C:\Users\Public\AppData\Local\Temp emptied successfully <br/>C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully <br/>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot <br/>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully <br/>C:\Users\Welcome\AppData\Local\Temp will be emptied at reboot <br/>C:\Windows\Temp will be emptied at reboot <br/> <br/>==== After Reboot ====================== <br/> <br/>==== Empty Temp Folders ====================== <br/> <br/>C:\Windows\Temp successfully emptied <br/>C:\Users\Welcome\AppData\Local\Temp successfully emptied <br/> <br/>==== Empty Recycle Bin ====================== <br/> <br/>C:\$RECYCLE.BIN successfully emptied <br/> <br/>==== Deleting Files / Folders ====================== <br/> <br/>"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found <br/>"C:\Users\Welcome\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5CDKXDF2\synd.travelplus.tv" not found <br/> <br/>==== EOF on 04/02/2014 at 14:59:02.12 ======================
Posted 2/4/2014 4:08 PM
#96573
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
How are things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/4/2014 5:09 PM
#96575
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
Seems much better - a little faster. I wish I could identify if the TRPatch was still lurking, but BG won't find it and the only one that will, Avira, has a rep for false positives. <br/> <br/>Can't thank you enough or all your help so far - I suppose I can only wait and see if I get another email spam. <br/> <br/> <br/>Thanks again. <br/> <br/>www.robert-low.com
Posted 2/5/2014 1:55 PM
#96579
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Sounds good :smile: <br/> <br/> <br/> <br/>I´ll suggest we dig deeper, to see if there are more suspicious hiding. <br/> <br/> <br/> <br/> <br/>Please download <br/>Farbar Recovery Scan Tool <br/>and save it to your Desktop. <br/> <br/> <br/>[color=green]Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. <br/>Only one of them will run on your system, that will be the right version.[/color] <br/> <br/> <br/>[LIST] <br/>Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. <br/>Press Scan button. <br/>It will produce a log called FRST.txt in the same directory the tool is run from. <br/> <br/>Please copy and paste log back here. <br/> <br/>The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. <br/>[/LIST]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/11/2014 4:02 PM
#96601
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
Sorry - been gone for a time and when I got back - I had email spam sent out to everyone. <br/> <br/>Here is the FRST.txt log: <br/> <br/>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01 <br/>Ran by Welcome (administrator) on WELCOME-PC on 11-02-2014 15:59:29 <br/>Running from C:\Users\Welcome\Downloads <br/>Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) <br/>Internet Explorer Version 11 <br/>Boot Mode: Normal <br/> <br/>The only official download link for FRST: <br/>Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <br/>Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <br/>Download link from any site other than Bleeping Computer is unpermitted or outdated. <br/>See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ <br/> <br/>==================== Processes (Whitelisted) ================= <br/> <br/>(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe <br/>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe <br/>(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe <br/>(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE <br/>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe <br/>(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe <br/>(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe <br/>(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <br/>(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe <br/>(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe <br/>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>() C:\Windows\runservice.exe <br/>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>() C:\Windows\SysWOW64\PnkBstrA.exe <br/>(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe <br/>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe <br/>(Smith Micro Software, Inc.) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe <br/>(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe <br/>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe <br/> <br/> <br/>==================== Registry (Whitelisted) ================== <br/> <br/>HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) <br/>HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe [976720 2013-10-18] (BullGuard Ltd.) <br/>HKLM\...\Run: [BullGuardUpdate2] - c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2530128 2013-10-14] (BullGuard Ltd.) <br/>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) <br/>HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [] - [X] <br/>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) <br/>HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1704720 2014-01-23] (Simply Super Software) <br/>HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation) <br/>HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.) <br/>HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Run: [HP Photosmart 6520 series (NET)] - C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) <br/>HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware) <br/>HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Run: [MyDriveConnect.exe] - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-10-21] (TomTom) <br/>HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Policies\system: [LogonHoursAction] 2 <br/>HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 <br/>HKU\S-1-5-21-834015710-4144180869-3245421182-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000 <br/>AppInit_DLLs: c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll => C:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll [103848 2013-05-03] (BullGuard Ltd.) <br/>AppInit_DLLs-x32: c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll => C:\Program Files\BullGuard Ltd\BullGuard\Files32\BgAgent.dll [87856 2013-05-03] (BullGuard Ltd.) <br/> <br/>==================== Internet (Whitelisted) ==================== <br/> <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x015E5FB46327CE01 <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?cc=gb <br/>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>URLSearchHook: HKCU - Battlefront.com Toolbar - {64d0ffc8-c37a-48e4-a128-9e38886e4e5a} - C:\Program Files (x86)\Battlefront.com\tbBatt.dll (Conduit Ltd.) <br/>StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe <br/>SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} <br/>BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) <br/>BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) <br/>BHO-x32: Battlefront.com Toolbar - {64d0ffc8-c37a-48e4-a128-9e38886e4e5a} - C:\Program Files (x86)\Battlefront.com\tbBatt.dll (Conduit Ltd.) <br/>BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) <br/>BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) <br/>BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) <br/>BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) <br/>Toolbar: HKLM-x32 - Battlefront.com Toolbar - {64d0ffc8-c37a-48e4-a128-9e38886e4e5a} - C:\Program Files (x86)\Battlefront.com\tbBatt.dll (Conduit Ltd.) <br/>DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab <br/>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) <br/>Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) <br/>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) <br/>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 <br/> <br/>FireFox: <br/>======== <br/>FF ProfilePath: C:\Users\Welcome\AppData\Roaming\Mozilla\Firefox\Profiles\fhtfa6gy.default <br/>FF NewTab: hxxp://www.google.com/ <br/>FF DefaultSearchEngine: Google <br/>FF SearchEngineOrder.1: Google <br/>FF SelectedSearchEngine: Google <br/>FF Homepage: hxxp://www.google.com <br/>FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= <br/>FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () <br/>FF Plugin: @microsoft.com/GENUINE - disabled No File <br/>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) <br/>FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () <br/>FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) <br/>FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) <br/>FF Plugin-x32: @microsoft.com/GENUINE - disabled No File <br/>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) <br/>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) <br/>FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) <br/>FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) <br/>FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () <br/>FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-03] <br/>FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - c:\program files\bullguard ltd\bullguard\Files32\Antiphishing\FF\antiphishing@bullguard\ <br/>FF Extension: BullGuard Safe Browsing - c:\program files\bullguard ltd\bullguard\Files32\Antiphishing\FF\antiphishing@bullguard\ [] <br/>FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin <br/>FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin [2013-05-03] <br/>FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter <br/>FF Extension: BullGuard Spamfilter - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2013-05-03] <br/>FF StartMenuInternet: FIREFOX.EXE - firefox.exe <br/> <br/>Chrome: <br/>======= <br/>CHR DefaultSearchKeyword: google.co.uk <br/>CHR Extension: (Google Docs) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14] <br/>CHR Extension: (Google Drive) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14] <br/>CHR Extension: (YouTube) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-03] <br/>CHR Extension: (Google Search) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-03] <br/>CHR Extension: (Google Wallet) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14] <br/>CHR Extension: (Gmail) - C:\Users\Welcome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-03] <br/> <br/>==================== Services (Whitelisted) ================= <br/> <br/>R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com) <br/>R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [695120 2014-01-14] (BullGuard Ltd.) <br/>R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [445776 2013-10-14] (BullGuard Ltd.) <br/>R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [376144 2013-10-18] (BullGuard Ltd.) <br/>R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [604496 2013-10-18] (BullGuard Ltd.) <br/>R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [624464 2013-12-17] (BullGuard Ltd.) <br/>R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [342352 2013-10-14] (BullGuard Ltd.) <br/>R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [242512 2013-10-14] (BullGuard Ltd.) <br/>R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [356688 2013-10-18] (BullGuard Ltd.) <br/>R2 LicCtrlService; C:\Windows\runservice.exe [2560 2012-02-16] () <br/>R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-21] () <br/>R2 Stuffit Archive Name Service; C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe [1916248 2009-10-30] (Smith Micro Software, Inc.) <br/>S2 HPSLPSVC; C:\Users\Welcome\AppData\Local\Temp\7zS0BF9\hpslpsvc64.dll [X] <br/> <br/>==================== Drivers (Whitelisted) ==================== <br/> <br/>R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [40544 2013-05-03] (Agnitum Ltd.) <br/>R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [464480 2013-05-03] (Agnitum Ltd.) <br/>R3 BdNet; C:\Windows\System32\drivers\BdNet.sys [34928 2013-05-03] (BullGuard Ltd.) <br/>R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [68720 2013-05-03] (BullGuard Ltd.) <br/>R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [256072 2012-06-26] (NovaShield, Inc.) <br/>R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [25160 2012-06-26] (NovaShield, Inc.) <br/>R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) <br/>R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) <br/>R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) <br/>R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-05-03] (BitDefender S.R.L.) <br/>U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation) <br/>U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <br/>S3 catchme; \??\C:\ComboFix\catchme.sys [X] <br/>S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] <br/>S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] <br/>S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X] <br/>S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X] <br/>S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] <br/>S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] <br/> <br/>==================== NetSvcs (Whitelisted) =================== <br/> <br/> <br/>==================== One Month Created Files and Folders ======== <br/> <br/>2014-02-11 15:59 - 2014-02-11 15:59 - 00015173 _____ () C:\Users\Welcome\Downloads\FRST.txt <br/>2014-02-11 15:58 - 2014-02-11 15:59 - 00000000 ____D () C:\FRST <br/>2014-02-11 15:57 - 2014-02-11 15:57 - 02151424 _____ (Farbar) C:\Users\Welcome\Downloads\FRST64.exe <br/>2014-02-11 15:54 - 2014-02-11 15:54 - 00000480 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD <br/>2014-02-11 15:39 - 2014-02-11 15:39 - 00001109 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk <br/>2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\Users\Welcome\Documents\Simply Super Software <br/>2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\ProgramData\Simply Super Software <br/>2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\ProgramData\Licenses <br/>2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover <br/>2014-02-11 15:38 - 2014-02-11 15:38 - 21407864 _____ (Simply Super Software ) C:\Users\Welcome\Downloads\trjsetup690.exe <br/>2014-02-08 19:34 - 2014-02-08 19:34 - 01438479 _____ () C:\Users\Welcome\Downloads\CMx2_ScAn_CaDe_v1.3.zip <br/>2014-02-04 14:56 - 2014-02-04 14:46 - 00024064 _____ () C:\Windows\zoek-delete.exe <br/>2014-02-04 14:46 - 2014-02-04 14:55 - 00000000 ____D () C:\zoek_backup <br/>2014-02-04 14:46 - 2014-02-04 14:46 - 01283584 _____ () C:\Users\Welcome\Downloads\zoek.exe <br/>2014-02-04 11:04 - 2014-02-04 11:04 - 00000000 ____D () C:\Windows\ERUNT <br/>2014-02-04 11:03 - 2014-02-04 07:38 - 01037530 _____ (Thisisu) C:\Users\Welcome\Desktop\JRT_NEW.exe <br/>2014-02-04 10:19 - 2014-02-04 10:20 - 00000000 ____D () C:\AdwCleaner <br/>2014-02-04 00:40 - 2013-11-26 11:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll <br/>2014-02-04 00:40 - 2013-11-26 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb <br/>2014-02-04 00:40 - 2013-11-26 10:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll <br/>2014-02-04 00:40 - 2013-11-26 09:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll <br/>2014-02-04 00:40 - 2013-11-26 09:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll <br/>2014-02-04 00:40 - 2013-11-26 09:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll <br/>2014-02-04 00:40 - 2013-11-26 09:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll <br/>2014-02-04 00:40 - 2013-11-26 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb <br/>2014-02-04 00:40 - 2013-11-26 09:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll <br/>2014-02-04 00:40 - 2013-11-26 09:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe <br/>2014-02-04 00:40 - 2013-11-26 09:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe <br/>2014-02-04 00:40 - 2013-11-26 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll <br/>2014-02-04 00:40 - 2013-11-26 08:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe <br/>2014-02-04 00:40 - 2013-11-26 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll <br/>2014-02-04 00:40 - 2013-11-26 08:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll <br/>2014-02-04 00:40 - 2013-11-26 08:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll <br/>2014-02-04 00:40 - 2013-11-26 06:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll <br/>2014-02-04 00:40 - 2013-11-26 06:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll <br/>2014-02-04 00:39 - 2013-11-26 10:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll <br/>2014-02-04 00:39 - 2013-11-26 09:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll <br/>2014-02-04 00:39 - 2013-11-26 08:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll <br/>2014-02-04 00:39 - 2013-11-26 08:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll <br/>2014-02-04 00:39 - 2013-11-26 08:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll <br/>2014-02-04 00:39 - 2013-11-26 08:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl <br/>2014-02-04 00:39 - 2013-11-26 07:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll <br/>2014-02-04 00:39 - 2013-11-26 07:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl <br/>2014-02-04 00:39 - 2013-11-26 07:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll <br/>2014-02-04 00:39 - 2013-11-26 07:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll <br/>2014-02-04 00:39 - 2013-11-26 06:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll <br/>2014-02-04 00:39 - 2013-11-26 06:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll <br/>2014-02-04 00:39 - 2013-11-26 06:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll <br/>2014-02-04 00:36 - 2014-02-04 00:36 - 01166132 _____ () C:\Users\Welcome\Downloads\adwcleaner.exe <br/>2014-02-04 00:36 - 2014-02-04 00:36 - 01037068 _____ (Thisisu) C:\Users\Welcome\Downloads\JRT.exe <br/>2014-02-02 17:39 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll <br/>2014-02-02 17:39 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL <br/>2014-02-02 17:39 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL <br/>2014-02-02 17:39 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe <br/>2014-02-02 17:33 - 2014-02-02 17:38 - 00007498 _____ () C:\Windows\IE11_main.log <br/>2014-02-02 17:18 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys <br/>2014-02-02 17:18 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys <br/>2014-02-02 17:18 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys <br/>2014-02-02 17:18 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys <br/>2014-02-02 17:18 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys <br/>2014-02-02 17:18 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys <br/>2014-02-02 17:18 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys <br/>2014-02-02 17:18 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll <br/>2014-02-02 17:18 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll <br/>2014-02-02 17:18 - 2013-11-12 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll <br/>2014-02-02 17:18 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll <br/>2014-02-02 17:18 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll <br/>2014-02-02 17:18 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll <br/>2014-02-02 17:18 - 2013-10-19 02:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll <br/>2014-02-02 17:18 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll <br/>2014-02-02 17:18 - 2013-10-04 02:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys <br/>2014-02-02 17:18 - 2013-10-04 01:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys <br/>2014-02-02 17:17 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys <br/>2014-02-02 17:17 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys <br/>2014-02-02 17:17 - 2013-10-12 02:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx <br/>2014-02-02 17:17 - 2013-10-12 02:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll <br/>2014-02-02 17:17 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx <br/>2014-02-02 17:17 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll <br/>2014-02-02 17:17 - 2013-10-12 01:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe <br/>2014-02-02 17:17 - 2013-10-12 01:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe <br/>2014-02-02 17:17 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe <br/>2014-02-02 17:17 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe <br/>2014-02-02 17:08 - 2014-02-02 17:08 - 00026141 _____ () C:\ComboFix.txt <br/>2014-02-02 16:41 - 2014-02-02 16:41 - 00000000 ____D () C:\RegBk_2014.02.02.16.41.21 <br/>2014-02-02 16:39 - 2014-02-02 16:39 - 05179159 ____R (Swearware) C:\Users\Welcome\Downloads\ComboFix.exe <br/>2014-01-30 13:26 - 2014-02-11 15:59 - 00954710 _____ () C:\Windows\WindowsUpdate.log <br/>2014-01-30 13:01 - 2014-02-11 15:52 - 00001680 _____ () C:\Windows\setupact.log <br/>2014-01-30 13:01 - 2014-02-10 02:19 - 00036706 _____ () C:\Windows\PFRO.log <br/>2014-01-30 13:01 - 2014-01-30 13:01 - 00000000 _____ () C:\Windows\setuperr.log <br/>2014-01-30 12:23 - 2014-01-30 13:10 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP <br/>2014-01-30 12:23 - 2014-01-30 12:23 - 00000000 ____D () C:\Program Files\Enigma Software Group <br/>2014-01-30 11:55 - 2014-01-30 11:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Welcome\Downloads\SpyHunter-Installer.exe <br/>2014-01-30 11:54 - 2014-01-30 11:55 - 05938856 _____ (ParetoLogic, Inc.) C:\Users\Welcome\Downloads\RegCureProSetup.exe <br/>2014-01-30 11:54 - 2014-01-30 11:54 - 00001205 _____ () C:\Users\Welcome\Downloads\FixNCR.reg <br/>2014-01-29 16:40 - 2014-01-29 16:58 - 00000000 ____D () C:\Users\Welcome\Documents\Crime Novel untitled <br/>2014-01-28 12:58 - 2014-01-30 13:41 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk <br/>2014-01-22 23:33 - 2014-02-01 18:36 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition <br/>2014-01-22 23:33 - 2014-01-22 23:33 - 00001603 _____ () C:\Users\Welcome\Desktop\Larry Bond's Harpoon - Commander's Edition Game Menu.lnk <br/>2014-01-22 23:33 - 2014-01-22 23:33 - 00000000 ____D () C:\Windows\Uninstallers <br/>2014-01-22 17:27 - 2014-01-22 17:27 - 00001355 _____ () C:\Users\Welcome\Desktop\Combat Mission Shock Force Manual.lnk <br/>2014-01-22 13:45 - 2014-01-30 12:20 - 00000000 ____D () C:\Program Files (x86)\Battlefront.com <br/>2014-01-19 20:13 - 2014-01-19 20:12 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe <br/>2014-01-19 20:13 - 2014-01-19 20:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe <br/>2014-01-19 20:13 - 2014-01-19 20:12 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe <br/>2014-01-19 20:13 - 2014-01-19 20:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll <br/>2014-01-19 20:12 - 2014-01-19 20:12 - 00000000 ____D () C:\Program Files (x86)\Java <br/>2014-01-19 20:09 - 2014-01-19 20:09 - 00000000 ____D () C:\ProgramData\McAfee <br/> <br/>==================== One Month Modified Files and Folders ======= <br/> <br/>2014-02-11 15:59 - 2014-02-11 15:59 - 00015173 _____ () C:\Users\Welcome\Downloads\FRST.txt <br/>2014-02-11 15:59 - 2014-02-11 15:58 - 00000000 ____D () C:\FRST <br/>2014-02-11 15:59 - 2014-01-30 13:26 - 00954710 _____ () C:\Windows\WindowsUpdate.log <br/>2014-02-11 15:59 - 2012-02-14 17:26 - 00000000 ____D () C:\ProgramData\BullGuard <br/>2014-02-11 15:57 - 2014-02-11 15:57 - 02151424 _____ (Farbar) C:\Users\Welcome\Downloads\FRST64.exe <br/>2014-02-11 15:55 - 2013-04-03 11:03 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\Skype <br/>2014-02-11 15:54 - 2014-02-11 15:54 - 00000480 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD <br/>2014-02-11 15:54 - 2012-02-15 15:58 - 00000000 ____D () C:\Program Files (x86)\Steam <br/>2014-02-11 15:53 - 2012-02-14 17:46 - 00000664 _____ () C:\Windows\system32\config\afw_hm.conf <br/>2014-02-11 15:53 - 2012-02-14 17:45 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf <br/>2014-02-11 15:52 - 2014-01-30 13:01 - 00001680 _____ () C:\Windows\setupact.log <br/>2014-02-11 15:52 - 2012-02-16 00:44 - 00005001 ___SH () C:\Windows\SysWOW64\mmf.sys <br/>2014-02-11 15:52 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT <br/>2014-02-11 15:40 - 2012-02-14 15:15 - 00000000 ___RD () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup <br/>2014-02-11 15:39 - 2014-02-11 15:39 - 00001109 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk <br/>2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\Users\Welcome\Documents\Simply Super Software <br/>2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\ProgramData\Simply Super Software <br/>2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\ProgramData\Licenses <br/>2014-02-11 15:39 - 2014-02-11 15:39 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover <br/>2014-02-11 15:38 - 2014-02-11 15:38 - 21407864 _____ (Simply Super Software ) C:\Users\Welcome\Downloads\trjsetup690.exe <br/>2014-02-11 15:24 - 2013-03-03 17:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job <br/>2014-02-11 14:34 - 2012-03-01 13:28 - 00000000 ____D () C:\Users\Welcome\Documents\Allan Breck Stewart <br/>2014-02-11 10:57 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 <br/>2014-02-11 10:57 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 <br/>2014-02-10 22:32 - 2013-03-01 19:02 - 00005120 _____ () C:\Users\Welcome\AppData\Local\file__0.localstorage <br/>2014-02-10 18:55 - 2011-01-21 14:28 - 00000000 ____D () C:\Users\Welcome\Desktop\CM;SF Z files <br/>2014-02-10 02:19 - 2014-01-30 13:01 - 00036706 _____ () C:\Windows\PFRO.log <br/>2014-02-08 19:34 - 2014-02-08 19:34 - 01438479 _____ () C:\Users\Welcome\Downloads\CMx2_ScAn_CaDe_v1.3.zip <br/>2014-02-07 22:26 - 2013-03-03 17:48 - 00000000 ____D () C:\Program Files (x86)\Google <br/>2014-02-07 22:18 - 2012-02-19 16:33 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam <br/>2014-02-05 17:24 - 2013-03-03 17:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe <br/>2014-02-05 17:24 - 2013-03-03 17:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater <br/>2014-02-05 17:24 - 2012-02-14 17:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl <br/>2014-02-04 14:55 - 2014-02-04 14:46 - 00000000 ____D () C:\zoek_backup <br/>2014-02-04 14:54 - 2012-02-14 15:15 - 00000000 ____D () C:\Users\Welcome <br/>2014-02-04 14:46 - 2014-02-04 14:56 - 00024064 _____ () C:\Windows\zoek-delete.exe <br/>2014-02-04 14:46 - 2014-02-04 14:46 - 01283584 _____ () C:\Users\Welcome\Downloads\zoek.exe <br/>2014-02-04 11:04 - 2014-02-04 11:04 - 00000000 ____D () C:\Windows\ERUNT <br/>2014-02-04 10:20 - 2014-02-04 10:19 - 00000000 ____D () C:\AdwCleaner <br/>2014-02-04 07:38 - 2014-02-04 11:03 - 01037530 _____ (Thisisu) C:\Users\Welcome\Desktop\JRT_NEW.exe <br/>2014-02-04 00:36 - 2014-02-04 00:36 - 01166132 _____ () C:\Users\Welcome\Downloads\adwcleaner.exe <br/>2014-02-04 00:36 - 2014-02-04 00:36 - 01037068 _____ (Thisisu) C:\Users\Welcome\Downloads\JRT.exe <br/>2014-02-02 21:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache <br/>2014-02-02 19:20 - 2009-07-14 05:13 - 00792590 _____ () C:\Windows\system32\PerfStringBackup.INI <br/>2014-02-02 19:15 - 2012-02-14 15:15 - 00001413 _____ () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk <br/>2014-02-02 19:15 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD <br/>2014-02-02 19:14 - 2012-02-14 22:39 - 00000000 ____D () C:\Windows\Panther <br/>2014-02-02 19:07 - 2009-07-14 04:45 - 00347632 _____ () C:\Windows\system32\FNTCACHE.DAT <br/>2014-02-02 19:04 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions <br/>2014-02-02 17:38 - 2014-02-02 17:33 - 00007498 _____ () C:\Windows\IE11_main.log <br/>2014-02-02 17:38 - 2012-02-15 10:36 - 00000000 ____D () C:\ProgramData\Microsoft Help <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe <br/>2014-02-02 17:35 - 2014-02-02 17:35 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe <br/>2014-02-02 17:28 - 2013-07-15 18:31 - 00000000 ____D () C:\Windows\system32\MRT <br/>2014-02-02 17:09 - 2013-05-03 09:51 - 00000000 ____D () C:\Qoobox <br/>2014-02-02 17:08 - 2014-02-02 17:08 - 00026141 _____ () C:\ComboFix.txt <br/>2014-02-02 16:58 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini <br/>2014-02-02 16:56 - 2013-05-03 09:51 - 00000000 ____D () C:\Windows\erdnt <br/>2014-02-02 16:41 - 2014-02-02 16:41 - 00000000 ____D () C:\RegBk_2014.02.02.16.41.21 <br/>2014-02-02 16:39 - 2014-02-02 16:39 - 05179159 ____R (Swearware) C:\Users\Welcome\Downloads\ComboFix.exe <br/>2014-02-01 18:36 - 2014-01-22 23:33 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Larry Bond's Harpoon - Commander's Edition <br/>2014-02-01 14:29 - 2013-07-07 10:16 - 00000000 ____D () C:\Users\Welcome\Documents\Galleria stuff <br/>2014-01-31 18:03 - 2013-06-14 14:14 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\HpUpdate <br/>2014-01-31 10:58 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT <br/>2014-01-30 13:41 - 2014-01-28 12:58 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk <br/>2014-01-30 13:41 - 2013-09-14 12:10 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware <br/>2014-01-30 13:10 - 2014-01-30 12:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP <br/>2014-01-30 13:01 - 2014-01-30 13:01 - 00000000 _____ () C:\Windows\setuperr.log <br/>2014-01-30 12:23 - 2014-01-30 12:23 - 00000000 ____D () C:\Program Files\Enigma Software Group <br/>2014-01-30 12:20 - 2014-01-22 13:45 - 00000000 ____D () C:\Program Files (x86)\Battlefront.com <br/>2014-01-30 12:20 - 2013-06-20 22:38 - 00000000 ____D () C:\IL2 Game <br/>2014-01-30 12:20 - 2013-01-28 11:04 - 00000000 ____D () C:\Users\Welcome\Documents\SimCity <br/>2014-01-30 12:20 - 2012-02-14 15:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware <br/>2014-01-30 12:20 - 2012-02-14 15:28 - 00000000 ____D () C:\ProgramData\NVIDIA <br/>2014-01-30 12:20 - 2011-08-01 14:30 - 00000000 ____D () C:\Users\Welcome\Documents\My Digital Editions <br/>2014-01-30 12:20 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default <br/>2014-01-30 12:20 - 2008-08-21 13:20 - 00000000 ____D () C:\Users\Welcome\Documents\take_the_church-2 <br/>2014-01-30 12:20 - 2008-08-21 13:18 - 00000000 ____D () C:\Users\Welcome\Documents\IRONSTORM.V1.041.ENG.DRUNK.NOCD <br/>2014-01-30 12:19 - 2012-09-26 18:32 - 00000000 ____D () C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scourge of War - Gettysburg <br/>2014-01-30 11:55 - 2014-01-30 11:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Welcome\Downloads\SpyHunter-Installer.exe <br/>2014-01-30 11:55 - 2014-01-30 11:54 - 05938856 _____ (ParetoLogic, Inc.) C:\Users\Welcome\Downloads\RegCureProSetup.exe <br/>2014-01-30 11:54 - 2014-01-30 11:54 - 00001205 _____ () C:\Users\Welcome\Downloads\FixNCR.reg <br/>2014-01-29 16:58 - 2014-01-29 16:40 - 00000000 ____D () C:\Users\Welcome\Documents\Crime Novel untitled <br/>2014-01-22 23:33 - 2014-01-22 23:33 - 00001603 _____ () C:\Users\Welcome\Desktop\Larry Bond's Harpoon - Commander's Edition Game Menu.lnk <br/>2014-01-22 23:33 - 2014-01-22 23:33 - 00000000 ____D () C:\Windows\Uninstallers <br/>2014-01-22 23:33 - 2012-02-18 20:29 - 00000000 ____D () C:\Matrix Games <br/>2014-01-22 18:37 - 2012-02-16 00:47 - 00002367 _____ () C:\Users\Welcome\Desktop\Battlefront Website.lnk <br/>2014-01-22 18:37 - 2012-02-16 00:47 - 00001315 _____ () C:\Users\Welcome\Desktop\CM Shock Force.lnk <br/>2014-01-22 18:36 - 2012-02-19 12:20 - 00000000 ____D () C:\Users\Welcome\AppData\Local\Smith Micro <br/>2014-01-22 17:27 - 2014-01-22 17:27 - 00001355 _____ () C:\Users\Welcome\Desktop\Combat Mission Shock Force Manual.lnk <br/>2014-01-22 15:01 - 2012-02-16 00:44 - 00126976 _____ () C:\Windows\lcmmfu.cpl <br/>2014-01-21 23:31 - 2013-03-03 17:48 - 00000000 ____D () C:\Users\Welcome\AppData\Local\Google <br/>2014-01-19 20:12 - 2014-01-19 20:13 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe <br/>2014-01-19 20:12 - 2014-01-19 20:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe <br/>2014-01-19 20:12 - 2014-01-19 20:13 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe <br/>2014-01-19 20:12 - 2014-01-19 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll <br/>2014-01-19 20:12 - 2014-01-19 20:12 - 00000000 ____D () C:\Program Files (x86)\Java <br/>2014-01-19 20:09 - 2014-01-19 20:09 - 00000000 ____D () C:\ProgramData\McAfee <br/>2014-01-16 09:59 - 2010-11-21 03:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe <br/>2014-01-15 14:16 - 2014-01-09 22:40 - 00000000 ____D () C:\ProgramData\MFAData <br/>2014-01-15 11:29 - 2014-01-09 22:44 - 00003230 _____ () C:\Windows\System32\Tasks\SidebarExecute <br/>2014-01-14 20:59 - 2012-02-16 13:51 - 00000000 ____D () C:\Program Files (x86)\ArtMoney <br/> <br/>==================== Bamital & volsnap Check ================= <br/> <br/>C:\Windows\System32\winlogon.exe => MD5 is legit <br/>C:\Windows\System32\wininit.exe => MD5 is legit <br/>C:\Windows\SysWOW64\wininit.exe => MD5 is legit <br/>C:\Windows\explorer.exe => MD5 is legit <br/>C:\Windows\SysWOW64\explorer.exe => MD5 is legit <br/>C:\Windows\System32\svchost.exe => MD5 is legit <br/>C:\Windows\SysWOW64\svchost.exe => MD5 is legit <br/>C:\Windows\System32\services.exe => MD5 is legit <br/>C:\Windows\System32\User32.dll => MD5 is legit <br/>C:\Windows\SysWOW64\User32.dll => MD5 is legit <br/>C:\Windows\System32\userinit.exe => MD5 is legit <br/>C:\Windows\SysWOW64\userinit.exe => MD5 is legit <br/>C:\Windows\System32\rpcss.dll => MD5 is legit <br/>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit <br/> <br/> <br/>LastRegBack: 2014-02-08 13:37 <br/> <br/>==================== End Of Log ============================
Posted 2/11/2014 4:03 PM
#96602
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
And the Additional: <br/> <br/>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01 <br/>Ran by Welcome at 2014-02-11 16:00:14 <br/>Running from C:\Users\Welcome\Downloads <br/>Boot Mode: Normal <br/>========================================================== <br/> <br/> <br/>==================== Security Center ======================== <br/> <br/>AV: BullGuard Antivirus (Enabled - Up to date) {C3CCAC61-52F7-A056-1860-6406566E2578} <br/>AS: BullGuard Antispyware (Enabled - Up to date) {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5} <br/>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>FW: BullGuard Firewall (Enabled) {FBF72D44-1898-A10E-333F-CD33A8BD6203} <br/> <br/>==================== Installed Programs ====================== <br/> <br/>ACW Brothers vs Brothers (x32 Version: 3.3 - ACW mod Team) <br/>Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) <br/>Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) <br/>Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated) <br/>ArtMoney SE v7.37.2 (x32 Version: 7.37 - System SoftLab) <br/>Assassin's Creed IV Black Flag (x32 Version: - Ubisoft) <br/>Battlefront.com Toolbar (x32 Version: - ) <br/>BullGuard (Version: 13.0 - BullGuard Ltd.) <br/>Combat Mission Battle for Normandy (x32 Version: - Battlefront.com) <br/>Combat Mission Fortress Italy (x32 Version: - Battlefront.com) <br/>Combat Mission Shock Force (x32 Version: - Battlefront.com) <br/>Crusader Kings II (x32 Version: - Paradox Development Studio) <br/>DarthMod Empire (x32 Version: 8.0 Platinum - ) <br/>DarthMod Napoleon (x32 Version: - ) <br/>DarthMod Ultimate Commander Edition (x32 Version: - ) <br/>DarthMod: Shogun II (x32 Version: - ) <br/>Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft) <br/>Empire: Total War (x32 Version: - The Creative Assembly) <br/>Gary Grigsby's War in the East (x32 Version: 1.00 - Matrix Games) <br/>HP Photosmart 6520 series Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.) <br/>HP Photosmart 6520 series Help (x32 Version: 28.0.0 - Hewlett Packard) <br/>HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard) <br/>HPDiagnosticCoreDll (x32 Version: 1.0.16.0 - Hewlett Packard) <br/>Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation) <br/>Java 7 Update 51 (x32 Version: 7.0.510 - Oracle) <br/>Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden <br/>KGCM Patch 4.1 (HKCU Version: - ) <br/>Kingdoms Grand Campaign Mod (HKCU Version: - ) <br/>Larry Bond's Harpoon - Commander's Edition (x32 Version: 2007.000 - Matrix Games) <br/>Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) <br/>Medieval II - Kingdoms_Grand_Campaign_Mod version 3.0 (x32 Version: - ) <br/>Medieval II Total War (x32 Version: 1.03.000 - SEGA) <br/>Medieval II Total War : Kingdoms : Americas (x32 Version: 1.03.000 - SEGA) <br/>Medieval II Total War : Kingdoms : Britannia (x32 Version: 1.03.000 - SEGA) <br/>Medieval II Total War : Kingdoms : Crusades (x32 Version: 1.03.000 - SEGA) <br/>Medieval II Total War : Kingdoms : Teutonic (x32 Version: 1.03.000 - SEGA) <br/>Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) <br/>Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) <br/>Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden <br/>Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) <br/>Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden <br/>Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) <br/>Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <br/>Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) <br/>Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) <br/>Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) <br/>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) <br/>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) <br/>Microsoft Visual J# .NET Redistributable Package 1.1 (x32 Version: 1.1.4322 - Microsoft) <br/>MS Access 97 SP2 (x32 Version: - ) <br/>MyDriveConnect 3.3.0.1318 (x32 Version: 3.3.0.1318 - TomTom) <br/>Napoleon: Total War (x32 Version: - The Creative Assembly) <br/>NVIDIA 3D Vision Controller Driver 331.65 (Version: 331.65 - NVIDIA Corporation) <br/>NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden <br/>NVIDIA Graphics Driver 331.65 (Version: 331.65 - NVIDIA Corporation) <br/>NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation) <br/>NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden <br/>NVIDIA PhysX (x32 Version: 9.12.0203 - NVIDIA Corporation) Hidden <br/>NVIDIA PhysX System Software 9.12.0203 (Version: 9.12.0203 - NVIDIA Corporation) <br/>NVIDIA Update Components (Version: 9.3.16 - NVIDIA Corporation) Hidden <br/>Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011 - Realtek) <br/>Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251 - Realtek Semiconductor Corp.) <br/>Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden <br/>Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.) <br/>Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.) <br/>Steam (x32 Version: 1.0.0.0 - Valve) <br/>StuffIt 2010 (Version: 14.0.0 - Smith Micro) <br/>SUPERAntiSpyware (Version: 5.6.1032 - SUPERAntiSpyware.com) <br/>The Operational Art of War III (x32 Version: 3.2.29.27 - Matrix Games) <br/>The Operational Art of War: Century of Warfare (x32 Version: - ) <br/>Total War: ROME II (x32 Version: - Creative Assembly) <br/>Total War: SHOGUN 2 (x32 Version: - The Creative Assembly) <br/>Trojan Remover 6.9.0 (x32 Version: 6.9.0 - Simply Super Software) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) <br/>Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft) <br/>Uplay (x32 Version: 4.0 - Ubisoft) <br/>Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies) <br/>Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) <br/>Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0 - TomTom International B.V.) <br/>VLC media player 1.1.11 (x32 Version: 1.1.11 - VideoLAN) <br/> <br/>==================== Restore Points ========================= <br/> <br/>02-02-2014 16:45:51 ComboFix created restore point <br/>02-02-2014 17:07:02 Windows Update <br/>02-02-2014 17:26:08 Windows Update <br/>04-02-2014 00:39:27 Windows Update <br/>04-02-2014 14:47:21 zoek.exe restore point <br/>07-02-2014 14:05:42 Windows Update <br/>07-02-2014 22:18:01 Removed EasyCleaner <br/> <br/>==================== Hosts content: ========================== <br/> <br/>2009-07-14 02:34 - 2014-02-02 16:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts <br/>127.0.0.1 localhost <br/> <br/>==================== Scheduled Tasks (whitelisted) ============= <br/> <br/>Task: {11EEBA92-6997-4736-8CF4-0375AE56CDDC} - System32\Tasks\{B6045275-FFC4-4BAB-ACA5-B6AB0C47780D} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] () <br/>Task: {1823E0C9-C468-42D1-9565-428AE8277DB7} - System32\Tasks\{2860BEB2-B765-4F19-ADBA-5CAE5BCB9983} => C:\Storm Eagle Studios\Jutland\DG_WWIp.exe <br/>Task: {1992421D-42D8-4B47-A35C-B4FADC96ABCF} - System32\Tasks\{A5A491A1-3802-4FAD-B97E-2A64E08B9FA9} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] () <br/>Task: {4A343132-F11D-4A24-B2DA-0A795FBE99E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated) <br/>Task: {6B30FBA1-23F5-4999-8DB9-E6B93B969FFC} - System32\Tasks\4897 => Wscript.exe C:\Users\Welcome\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION <br/>Task: {6C033CB6-6BBC-42E2-8BDA-050CCE5334D9} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION <br/>Task: {72A8FF8A-B01F-4E31-BE4B-2EC0C4A5863B} - System32\Tasks\{ECF2DC9C-896B-45B9-ACA5-9F2AC924B8D2} => C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe [2011-06-20] () <br/>Task: {8E2CB453-597D-458C-BF36-C124F88D3C29} - System32\Tasks\hpUrlLauncher.exe_{3E553E69-35B9-4C59-837A-FFAEE476B8D5} => C:\Program Files\HP\HP Photosmart 6520 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.) <br/>Task: {9CFBC5EE-11DB-44DB-94A2-34BE9B6342CC} - System32\Tasks\{6D0533BE-4C21-4DC1-BAE6-490337B3DD78} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation) <br/>Task: {D7A3B54C-6092-434D-84EF-4EBAF1990F5B} - System32\Tasks\{7AF73AB7-29F1-466B-B9EF-CF200678AA65} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] () <br/>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/> <br/>==================== Loaded Modules (whitelisted) ============= <br/> <br/>2012-06-26 09:32 - 2012-06-26 09:32 - 00084320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll <br/>2013-05-03 12:04 - 2013-05-03 12:03 - 00655712 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll <br/>2013-10-14 09:23 - 2013-10-14 09:22 - 00023376 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BackupShellNamespaceRes.dll <br/>2013-10-14 09:23 - 2013-10-14 09:22 - 00072528 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll <br/>2013-10-14 09:23 - 2013-10-14 09:22 - 00015184 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpInspectorRes.dll <br/>2013-10-14 09:23 - 2013-10-14 09:22 - 00028496 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll <br/>2013-10-14 09:23 - 2013-10-14 09:22 - 00610968 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll <br/>2014-01-09 22:19 - 2013-12-12 22:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll <br/>2014-01-09 22:19 - 2013-11-05 01:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll <br/>2013-03-25 13:23 - 2014-01-10 23:33 - 00717312 _____ () C:\Program Files (x86)\Steam\SDL2.dll <br/>2012-02-15 16:01 - 2014-01-27 19:02 - 01138088 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL <br/>2012-02-15 16:01 - 2014-01-10 23:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll <br/>2012-09-17 18:00 - 2013-06-14 23:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll <br/>2012-09-17 18:00 - 2013-06-14 23:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll <br/>2012-09-17 18:00 - 2013-06-14 23:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll <br/>2013-10-21 07:33 - 2013-10-21 07:33 - 00026520 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll <br/>2013-10-21 07:33 - 2013-10-21 07:33 - 00082840 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll <br/>2013-10-21 07:33 - 2013-10-21 07:33 - 00337816 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll <br/>2012-02-16 00:44 - 2012-02-16 00:44 - 00002560 _____ () C:\Windows\runservice.exe <br/>2012-02-16 00:44 - 2012-02-18 20:02 - 00048640 _____ () C:\Windows\mmfs.dll <br/>2013-12-21 12:49 - 2013-12-21 12:49 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe <br/>2000-01-28 00:00 - 2000-01-28 00:00 - 00012288 _____ () C:\Windows\SysWow64\hlinkprx.dll <br/> <br/>==================== Alternate Data Streams (whitelisted) ========= <br/> <br/>AlternateDataStreams: C:\ProgramData:gs5sys <br/>AlternateDataStreams: C:\Users\All Users:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome:gs5sys <br/>AlternateDataStreams: C:\ProgramData\Application Data:gs5sys <br/>AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys <br/>AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 <br/>AlternateDataStreams: C:\ProgramData\Templates:gs5sys <br/>AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Application Data:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Cookies:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Local Settings:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Templates:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Desktop\desktop.ini:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Local:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Roaming:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Local\Application Data:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Local\History:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Documents\desktop.ini:gs5sys <br/> <br/>==================== Safe Mode (whitelisted) =================== <br/> <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service" <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service" <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service" <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" <br/> <br/>==================== Disabled items from MSCONFIG ============== <br/> <br/>MSCONFIG\startupreg: dscmse => rundll32.exe "C:\Users\Welcome\AppData\Roaming\dscmse.dll",CreateLogFile <br/>MSCONFIG\startupreg: tbrpes => "C:\Windows\System32\rundll32.exe" "C:\Users\Welcome\AppData\Roaming\tbrpes.dll",get_error_ptr <br/> <br/>==================== Faulty Device Manager Devices ============= <br/> <br/>Name: Network Controller <br/>Description: Network Controller <br/>Class Guid: <br/>Manufacturer: <br/>Service: <br/>Problem: : The drivers for this device are not installed. (Code 28) <br/>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. <br/> <br/> <br/>==================== Event log errors: ========================= <br/> <br/>Application errors: <br/>================== <br/>Error: (02/11/2014 03:55:37 PM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/11/2014 03:44:10 PM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/11/2014 10:47:37 AM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/10/2014 02:35:45 PM) (Source: Application Hang) (User: ) <br/>Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. <br/> <br/>Process ID: 2948 <br/> <br/>Start Time: 01cf266d12e0028b <br/> <br/>Termination Time: 202 <br/> <br/>Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE <br/> <br/>Report Id: <br/> <br/>Error: (02/10/2014 02:21:18 AM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/09/2014 11:06:58 AM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/08/2014 10:55:43 AM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/07/2014 10:16:43 PM) (Source: Application Error) (User: ) <br/>Description: Faulting application name: SUPERAntiSpyware.exe, version: 5.6.0.1032, time stamp: 0x520c207d <br/>Faulting module name: SUPERAntiSpyware.exe, version: 5.6.0.1032, time stamp: 0x520c207d <br/>Exception code: 0xc0000005 <br/>Fault offset: 0x00000000000c2f42 <br/>Faulting process id: 0xb70 <br/>Faulting application start time: 0xSUPERAntiSpyware.exe0 <br/>Faulting application path: SUPERAntiSpyware.exe1 <br/>Faulting module path: SUPERAntiSpyware.exe2 <br/>Report Id: SUPERAntiSpyware.exe3 <br/> <br/>Error: (02/07/2014 10:14:37 PM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/07/2014 04:46:20 PM) (Source: Application Hang) (User: ) <br/>Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. <br/> <br/>Process ID: 14e8 <br/> <br/>Start Time: 01cf242314f6066e <br/> <br/>Termination Time: 50 <br/> <br/>Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE <br/> <br/>Report Id: <br/> <br/> <br/>System errors: <br/>============= <br/>Error: (02/11/2014 03:57:55 PM) (Source: Disk) (User: ) <br/>Description: The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error: (02/11/2014 03:57:52 PM) (Source: Disk) (User: ) <br/>Description: The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error: (02/11/2014 03:57:49 PM) (Source: Disk) (User: ) <br/>Description: The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error: (02/11/2014 03:57:46 PM) (Source: Disk) (User: ) <br/>Description: The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error: (02/11/2014 03:57:43 PM) (Source: Disk) (User: ) <br/>Description: The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error: (02/11/2014 03:57:40 PM) (Source: Disk) (User: ) <br/>Description: The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error: (02/11/2014 03:57:37 PM) (Source: Disk) (User: ) <br/>Description: The device, \Device\Harddisk0\DR0, has a bad block. <br/> <br/>Error: (02/11/2014 03:57:12 PM) (Source: Service Control Manager) (User: ) <br/>Description: The HP Network Devices Support service terminated with the following error: <br/>%%126 <br/> <br/>Error: (02/11/2014 03:55:11 PM) (Source: Service Control Manager) (User: ) <br/>Description: The Internet Connection Sharing (ICS) service hung on starting. <br/> <br/>Error: (02/11/2014 03:52:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY) <br/>Description: WLAN Extensibility Module has failed to start. <br/> <br/>Module Path: C:\Windows\system32\athExt.dll <br/>Error Code: 126 <br/> <br/> <br/>Microsoft Office Sessions: <br/>========================= <br/>Error: (02/11/2014 03:55:37 PM) (Source: WinMgmt)(User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/11/2014 03:44:10 PM) (Source: WinMgmt)(User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/11/2014 10:47:37 AM) (Source: WinMgmt)(User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/10/2014 02:35:45 PM) (Source: Application Hang)(User: ) <br/>Description: IEXPLORE.EXE11.0.9600.16428294801cf266d12e0028b202C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE <br/> <br/>Error: (02/10/2014 02:21:18 AM) (Source: WinMgmt)(User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/09/2014 11:06:58 AM) (Source: WinMgmt)(User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/08/2014 10:55:43 AM) (Source: WinMgmt)(User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/07/2014 10:16:43 PM) (Source: Application Error)(User: ) <br/>Description: SUPERAntiSpyware.exe5.6.0.1032520c207dSUPERAntiSpyware.exe5.6.0.1032520c207dc000000500000000000c2f42b7001cf2451e5980459C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe85cd2fa1-9045-11e3-b9eb-5404a61ccd4d <br/> <br/>Error: (02/07/2014 10:14:37 PM) (Source: WinMgmt)(User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/> <br/>Error: (02/07/2014 04:46:20 PM) (Source: Application Hang)(User: ) <br/>Description: IEXPLORE.EXE11.0.9600.1642814e801cf242314f6066e50C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE <br/> <br/> <br/>CodeIntegrity Errors: <br/>=================================== <br/> Date: 2014-01-09 19:00:10.533 <br/> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. <br/> <br/> Date: 2014-01-09 19:00:10.502 <br/> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. <br/> <br/> Date: 2014-01-09 19:00:10.455 <br/> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. <br/> <br/> Date: 2014-01-09 19:00:10.424 <br/> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. <br/> <br/> Date: 2013-05-03 10:58:06.777 <br/> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. <br/> <br/> Date: 2013-05-03 10:58:06.746 <br/> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. <br/> <br/> <br/>==================== Memory info =========================== <br/> <br/>Percentage of memory in use: 26% <br/>Total physical RAM: 8174.31 MB <br/>Available physical RAM: 6048.94 MB <br/>Total Pagefile: 16346.8 MB <br/>Available Pagefile: 14021.06 MB <br/>Total Virtual: 8192 MB <br/>Available Virtual: 8191.82 MB <br/> <br/>==================== Drives ================================ <br/> <br/>Drive c: () (Fixed) (Total:465.75 GB) (Free:176.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)] <br/>Drive e: (Transcend) (Fixed) (Total:931.28 GB) (Free:881.59 GB) FAT32 <br/> <br/>==================== MBR & Partition Table ================== <br/> <br/>======================================================== <br/>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A392A392) <br/>Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) <br/> <br/>======================================================== <br/>Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00370B06) <br/>Partition 1: (Active) - (Size=932 GB) - (Type=0C) <br/> <br/>==================== End Of Log ============================
Posted 2/11/2014 4:04 PM
#96603
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
This is after running a Trojan Remover tool which 'found' something and allegedly fixed it.
Posted 2/12/2014 8:19 AM
#96608
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Do you have a filename and/or Folder of the possible removed infection ? <br/> <br/> <br/> <br/>Open notepad and copy/paste the text present inside the code box below. <br/>To do this highlight the contents of the box and right click on it. Paste this into the open notepad. <br/> <br/> <br/>[code] <br/>start <br/>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) <br/>HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [] - [X] <br/>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) <br/>HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1704720 2014-01-23] (Simply Super Software) <br/>Task: {11EEBA92-6997-4736-8CF4-0375AE56CDDC} - System32\Tasks\{B6045275-FFC4-4BAB-ACA5-B6AB0C47780D} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] () <br/>Task: {1823E0C9-C468-42D1-9565-428AE8277DB7} - System32\Tasks\{2860BEB2-B765-4F19-ADBA-5CAE5BCB9983} => C:\Storm Eagle Studios\Jutland\DG_WWIp.exe <br/>Task: {1992421D-42D8-4B47-A35C-B4FADC96ABCF} - System32\Tasks\{A5A491A1-3802-4FAD-B97E-2A64E08B9FA9} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] () <br/>Task: {4A343132-F11D-4A24-B2DA-0A795FBE99E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated) <br/>Task: {6B30FBA1-23F5-4999-8DB9-E6B93B969FFC} - System32\Tasks\4897 => Wscript.exe C:\Users\Welcome\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION <br/>Task: {6C033CB6-6BBC-42E2-8BDA-050CCE5334D9} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION <br/>Task: {72A8FF8A-B01F-4E31-BE4B-2EC0C4A5863B} - System32\Tasks\{ECF2DC9C-896B-45B9-ACA5-9F2AC924B8D2} => C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe [2011-06-20] () <br/>Task: {8E2CB453-597D-458C-BF36-C124F88D3C29} - System32\Tasks\hpUrlLauncher.exe_{3E553E69-35B9-4C59-837A-FFAEE476B8D5} => C:\Program Files\HP\HP Photosmart 6520 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.) <br/>Task: {9CFBC5EE-11DB-44DB-94A2-34BE9B6342CC} - System32\Tasks\{6D0533BE-4C21-4DC1-BAE6-490337B3DD78} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation) <br/>Task: {D7A3B54C-6092-434D-84EF-4EBAF1990F5B} - System32\Tasks\{7AF73AB7-29F1-466B-B9EF-CF200678AA65} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] () <br/>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>C:\Users\Welcome\AppData\Local\Temp\launchie.vbs <br/>AlternateDataStreams: C:\ProgramData:gs5sys <br/>AlternateDataStreams: C:\Users\All Users:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome:gs5sys <br/>AlternateDataStreams: C:\ProgramData\Application Data:gs5sys <br/>AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys <br/>AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 <br/>AlternateDataStreams: C:\ProgramData\Templates:gs5sys <br/>AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Application Data:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Cookies:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Local Settings:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Templates:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Desktop\desktop.ini:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Local:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Roaming:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Local\Application Data:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Local\History:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Documents\desktop.ini:gs5sys <br/>MSCONFIG\startupreg: dscmse => rundll32.exe "C:\Users\Welcome\AppData\Roaming\dscmse.dll",CreateLogFile <br/>MSCONFIG\startupreg: tbrpes => "C:\Windows\System32\rundll32.exe" "C:\Users\Welcome\AppData\Roaming\tbrpes.dll",get_error_ptr <br/>end <br/>[/code] <br/> <br/> <br/>NOTICE: This script was written specifically for this user, for use on that particular machine. <br/>Running this on another machine may cause damage to the operating system <br/> <br/>Save notepad as fixlist.txt <br/>NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. <br/> <br/> <br/>Run FRST/FRST64 and press the Fix button just once and wait. <br/>If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart. <br/>The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. <br/> <br/>Note: If the tool warned you about the outdated version please download and run the updated version.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/12/2014 3:03 PM
#96610
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk - this links to gram Files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll - this Shortcut has been removed <br/> <br/>Pretty sure this is what TR removed. No idea what TR thought it was removing, though. About to do your fixlst.
Posted 2/12/2014 3:09 PM
#96611
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
Fixlist log: <br/> <br/> <br/>Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01 <br/>Ran by Welcome at 2014-02-12 15:08:11 Run:1 <br/>Running from C:\Users\Welcome\Downloads\FRST <br/>Boot Mode: Normal <br/>============================================== <br/> <br/>Content of fixlist: <br/>***************** <br/>start <br/>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) <br/>HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [] - [X] <br/>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) <br/>HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1704720 2014-01-23] (Simply Super Software) <br/>Task: {11EEBA92-6997-4736-8CF4-0375AE56CDDC} - System32\Tasks\{B6045275-FFC4-4BAB-ACA5-B6AB0C47780D} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] () <br/>Task: {1823E0C9-C468-42D1-9565-428AE8277DB7} - System32\Tasks\{2860BEB2-B765-4F19-ADBA-5CAE5BCB9983} => C:\Storm Eagle Studios\Jutland\DG_WWIp.exe <br/>Task: {1992421D-42D8-4B47-A35C-B4FADC96ABCF} - System32\Tasks\{A5A491A1-3802-4FAD-B97E-2A64E08B9FA9} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] () <br/>Task: {4A343132-F11D-4A24-B2DA-0A795FBE99E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated) <br/>Task: {6B30FBA1-23F5-4999-8DB9-E6B93B969FFC} - System32\Tasks\4897 => Wscript.exe C:\Users\Welcome\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION <br/>Task: {6C033CB6-6BBC-42E2-8BDA-050CCE5334D9} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION <br/>Task: {72A8FF8A-B01F-4E31-BE4B-2EC0C4A5863B} - System32\Tasks\{ECF2DC9C-896B-45B9-ACA5-9F2AC924B8D2} => C:\Program Files (x86)\Battlefront\Combat Mission Shock Force\CM Shock Force.exe [2011-06-20] () <br/>Task: {8E2CB453-597D-458C-BF36-C124F88D3C29} - System32\Tasks\hpUrlLauncher.exe_{3E553E69-35B9-4C59-837A-FFAEE476B8D5} => C:\Program Files\HP\HP Photosmart 6520 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.) <br/>Task: {9CFBC5EE-11DB-44DB-94A2-34BE9B6342CC} - System32\Tasks\{6D0533BE-4C21-4DC1-BAE6-490337B3DD78} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation) <br/>Task: {D7A3B54C-6092-434D-84EF-4EBAF1990F5B} - System32\Tasks\{7AF73AB7-29F1-466B-B9EF-CF200678AA65} => C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy\CM Fortress Italy.exe [2013-11-11] () <br/>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>C:\Users\Welcome\AppData\Local\Temp\launchie.vbs <br/>AlternateDataStreams: C:\ProgramData:gs5sys <br/>AlternateDataStreams: C:\Users\All Users:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome:gs5sys <br/>AlternateDataStreams: C:\ProgramData\Application Data:gs5sys <br/>AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys <br/>AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 <br/>AlternateDataStreams: C:\ProgramData\Templates:gs5sys <br/>AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Application Data:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Cookies:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Local Settings:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Templates:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Desktop\desktop.ini:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Local:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Roaming:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Local\Application Data:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\AppData\Local\History:gs5sys <br/>AlternateDataStreams: C:\Users\Welcome\Documents\desktop.ini:gs5sys <br/>MSCONFIG\startupreg: dscmse => rundll32.exe "C:\Users\Welcome\AppData\Roaming\dscmse.dll",CreateLogFile <br/>MSCONFIG\startupreg: tbrpes => "C:\Windows\System32\rundll32.exe" "C:\Users\Welcome\AppData\Roaming\tbrpes.dll",get_error_ptr <br/>end <br/>***************** <br/> <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully. <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value deleted successfully. <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully. <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TrojanScanner => Value deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11EEBA92-6997-4736-8CF4-0375AE56CDDC} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11EEBA92-6997-4736-8CF4-0375AE56CDDC} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\{B6045275-FFC4-4BAB-ACA5-B6AB0C47780D} => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B6045275-FFC4-4BAB-ACA5-B6AB0C47780D} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1823E0C9-C468-42D1-9565-428AE8277DB7} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1823E0C9-C468-42D1-9565-428AE8277DB7} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\{2860BEB2-B765-4F19-ADBA-5CAE5BCB9983} => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2860BEB2-B765-4F19-ADBA-5CAE5BCB9983} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1992421D-42D8-4B47-A35C-B4FADC96ABCF} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1992421D-42D8-4B47-A35C-B4FADC96ABCF} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\{A5A491A1-3802-4FAD-B97E-2A64E08B9FA9} => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A5A491A1-3802-4FAD-B97E-2A64E08B9FA9} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A343132-F11D-4A24-B2DA-0A795FBE99E2} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A343132-F11D-4A24-B2DA-0A795FBE99E2} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B30FBA1-23F5-4999-8DB9-E6B93B969FFC} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B30FBA1-23F5-4999-8DB9-E6B93B969FFC} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\4897 => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4897 => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C033CB6-6BBC-42E2-8BDA-050CCE5334D9} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C033CB6-6BBC-42E2-8BDA-050CCE5334D9} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\0 => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72A8FF8A-B01F-4E31-BE4B-2EC0C4A5863B} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72A8FF8A-B01F-4E31-BE4B-2EC0C4A5863B} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\{ECF2DC9C-896B-45B9-ACA5-9F2AC924B8D2} => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ECF2DC9C-896B-45B9-ACA5-9F2AC924B8D2} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E2CB453-597D-458C-BF36-C124F88D3C29} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E2CB453-597D-458C-BF36-C124F88D3C29} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\hpUrlLauncher.exe_{3E553E69-35B9-4C59-837A-FFAEE476B8D5} => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hpUrlLauncher.exe_{3E553E69-35B9-4C59-837A-FFAEE476B8D5} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CFBC5EE-11DB-44DB-94A2-34BE9B6342CC} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CFBC5EE-11DB-44DB-94A2-34BE9B6342CC} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\{6D0533BE-4C21-4DC1-BAE6-490337B3DD78} => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6D0533BE-4C21-4DC1-BAE6-490337B3DD78} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7A3B54C-6092-434D-84EF-4EBAF1990F5B} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7A3B54C-6092-434D-84EF-4EBAF1990F5B} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\{7AF73AB7-29F1-466B-B9EF-CF200678AA65} => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AF73AB7-29F1-466B-B9EF-CF200678AA65} => Key deleted successfully. <br/>C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully. <br/>"C:\Users\Welcome\AppData\Local\Temp\launchie.vbs" => File/Directory not found. <br/>C:\ProgramData => ":gs5sys" ADS removed successfully. <br/>"C:\Users\All Users" => ":gs5sys" ADS not found. <br/>C:\Users\Welcome => ":gs5sys" ADS removed successfully. <br/>"C:\ProgramData\Application Data" => ":gs5sys" ADS not found. <br/>C:\ProgramData\desktop.ini => ":gs5sys" ADS removed successfully. <br/>C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully. <br/>"C:\ProgramData\Templates" => ":gs5sys" ADS not found. <br/>C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully. <br/>"C:\Users\Welcome\Application Data" => ":gs5sys" ADS not found. <br/>"C:\Users\Welcome\Cookies" => ":gs5sys" ADS not found. <br/>"C:\Users\Welcome\Local Settings" => ":gs5sys" ADS not found. <br/>"C:\Users\Welcome\Templates" => ":gs5sys" ADS not found. <br/>C:\Users\Welcome\Desktop\desktop.ini => ":gs5sys" ADS removed successfully. <br/>C:\Users\Welcome\AppData\Local => ":gs5sys" ADS removed successfully. <br/>C:\Users\Welcome\AppData\Roaming => ":gs5sys" ADS removed successfully. <br/>"C:\Users\Welcome\AppData\Local\Application Data" => ":gs5sys" ADS not found. <br/>"C:\Users\Welcome\AppData\Local\History" => ":gs5sys" ADS not found. <br/>C:\Users\Welcome\Documents\desktop.ini => ":gs5sys" ADS removed successfully. <br/> <br/>========= MSCONFIG\startupdscmse => rundll32.exe "C:\Users\Welcome\AppData\Roaming\dscmse.dll",CreateLogFile ========= <br/> <br/>The system cannot find the path specified. <br/> <br/> <br/>========= End of Reg: ========= <br/> <br/> <br/>========= MSCONFIG\startuptbrpes => "C:\Windows\System32\rundll32.exe" "C:\Users\Welcome\AppData\Roaming\tbrpes.dll",get_error_ptr ========= <br/> <br/>The system cannot find the path specified. <br/> <br/> <br/>========= End of Reg: ========= <br/> <br/> <br/>==== End of Fixlog ====
Posted 2/13/2014 4:25 PM
#96625
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
That´s odd if trojanremover found this as a threat -> "HP Photosmart 6520 series\bin\HPStatusBL.dll" <br/> <br/> <br/> <br/> <br/> <br/>How are things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/14/2014 5:28 PM
#96627
User avatar

rlow Valued member

Date Joined Nov 2016
Total Posts: 14
I thought so too, but it flagged it up right off and I ran it again afterwards and it found nothing. Doesn't TRpatch hide itself in the oddest places (which is why Bullguard never finds it)? I am running much as before - though I wait, with trepidation, to see if my Yahoo list is spammed again. Already had to move some functions to Gmail, just to see if they are also compromised, which would mean its on my computer somewhere rather than some Yahoo-based insanity. I have changed my passwords so often even I don't know them now.
Posted 2/15/2014 8:13 AM
#96630
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
"Doesn't TRpatch hide itself in the oddest places (which is why Bullguard never finds it)?" <br/> <br/> <br/>If it is trojan remover there found it, I´ll suggest you remove the program, especially since other programs (Bullguard, combofix, malwarebyte) don´t find anything. <br/> <br/> <br/>It is, however, possible it is hiding in a quarantine, I´ll therefore suggest you remove the tools we have used, including quarantine folders: <br/> <br/> <br/> <br/>Please download: Delfix <br/> <br/> <br/>by "Xplode" to your Desktop. <br/> <br/>Run the tool and check the following boxes below; <br/>• Remove disinfection tools <br/>• Create registry backup <br/>• Purge System Restore <br/> <br/>Now click on "Run" button. Wait for the programme completes his work. <br/>All the tools we used should be gone. <br/> <br/>Tool will create and open an log report (DelFix.txt) <br/>Note: The report will also be stored on C:\DelFix.txt <br/> <br/> <br/>> I don't need DelFix log report.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 5:38 PM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.