Jump to content


Photo

If you need your thread reopened, reply here


  • Please log in to reply
6 replies to this topic

#1 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 26 January 2006 - 10:39 PM

Reply here if we have closed your thread and you want it reopened.
Give the link to your thread.
Note that the request must come from the owner of the thread. Others should start a new topic.

Your reply here will be deleted once your thread has been reopened, so don't post logs or info here.

If your thread is several months old, or if you have a new problem, then please start a new thread.
We will usually not reopen the same thread twice.

Edited by cnm, 28 February 2010 - 07:48 PM.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#2 spindoctor7

spindoctor7

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 15 August 2014 - 12:43 PM

Dear Mod,

Please reopen this thread http://www.spywarein...t-pc-wont-boot/

I tired to follow some of the info on the thread and copied this file for you to take a look at and possibly find a solution.

Thank you.

 

 

Startup Repair diagnosis and repair log
---------------------------
Number of repair attempts: 1
 
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1
 
Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 15 ms
 
Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
 
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms
 
Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 265 ms
 
Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 94 ms
 
Root cause found: 
---------------------------
The operating system version is incompatible with Startup Repair
 
---------------------------
---------------------------
 


#3 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 6,995 posts

Posted 15 August 2014 - 06:43 PM

spindoctor7---that topic belonged to amhilliard, you should have started your own topic. Please start a new topic in Malware Removal. Please read the Instructions and post the requested logs (MBAM, DDS, Security Check). We need the information in order to help you.


a43.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#4 champion1214

champion1214

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 21 August 2014 - 01:29 AM

Please reopen:

 

http://www.spywarein...tact-sys-admin/

 

Thank you!

Champion1214



#5 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 20,385 posts

Posted 21 August 2014 - 06:18 AM

Topic opened - Rocket Grannie notified...  Please post the logs requested earlier...

 

 

EDIT: Champion1214, we do not open topics that are more than two months old. Please open a new topic in Malware Removal and post your logs there.

http://www.spywarein...alware-removal/


Edited by Rocket Grannie, 21 August 2014 - 05:48 PM.

Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#6 champion1214

champion1214

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 21 August 2014 - 08:57 AM

# AdwCleaner v3.308 - Report created 21/08/2014 at 01:51:08
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Billing7 - BILLING7-PC
# Running from : C:\Users\Billing7\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Billing7\AppData\Local\Slick Savings
Folder Deleted : C:\Users\Billing7\AppData\Local\Temp\Video Converter
Folder Deleted : C:\Users\Billing7\Documents\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
File Deleted : C:\END
File Deleted : C:\Users\Billing7\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Billing7\AppData\Roaming\Mozilla\Firefox\Profiles\dkfckpl6.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Billing7\AppData\Roaming\Mozilla\Firefox\Profiles\dkfckpl6.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iijmpjamifmplbakhgikofogdfackici
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Billing7\AppData\Roaming\Mozilla\Firefox\Profiles\dkfckpl6.default\prefs.js ]

Line Deleted : user_pref("extensions.enabledItems", "helperbar@helperbar.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=0AFA67E1-CCA1-433B-9F94-2B626FF38812&n=77ed250b&ind=2012030219&id=XNxdm003YYus&ptnrS=X[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=0AFA67E1-CCA1-433B-9F94-2B626FF38812&n=77ed250b&ptnrS=XNxdm003YYus&si=CIHO4K7Bya4CFQpY7AodLH[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.installDate", "2012030219");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerId", "XNxdm003YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerSubId", "CIHO4K7Bya4CFQpY7AodLHr3_g");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.installation.toolbarId", "0AFA67E1-CCA1-433B-9F94-2B626FF38812");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.lastActivePing", "1330736025606");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.weather.isFahrenheit", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.weather.location", "31085");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "weatherblink@mindspark.com");

*************************

AdwCleaner[R0].txt - [8004 octets] - [21/08/2014 01:47:51]
AdwCleaner[S0].txt - [7694 octets] - [21/08/2014 01:51:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7754 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Billing7 on Thu 08/21/2014 at  2:10:52.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2051438C-5FB8-4515-86EB-1C1C06062D76}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{00317237-0D31-475A-89AE-D8E74E434C69}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{005990E7-75B0-478B-9FB5-8E95BC5D9292}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{031E9604-8266-4AED-8E79-745AE3FB8964}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{05EBF7DF-55C4-452B-A75F-78DF0F726EAB}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{061720D5-E514-4C8D-9037-A2C3D206BB62}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{062DE8B7-00EA-42FA-B4FB-8030751B592D}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{08E3ABBB-D08A-41DB-B448-90748DCD70C0}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{0A858DB5-BCCA-4722-9387-6E081DF05770}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{0AF4CCEE-AA1D-4D61-89F0-0F29BC13F5DC}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{0F17DEE3-B4FE-400B-9F25-6D0759D6B7B2}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{101E8FD0-0B32-4335-95CE-3C3494055ADF}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{14E52BF0-0DD7-4C7B-918C-7406F5BFA2D7}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{16B335DA-E18A-4C8D-838C-2AEA415FD81D}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{20F1F0FC-8BF0-4CB6-A873-03BC461C9EC9}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{2130DDEE-4C89-4DB3-AA6F-3863EAB0E662}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{248697C1-D9DA-4F9B-BC2C-9BD9C195EB2B}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{254167AE-0821-4146-90B0-2A55A6E4F8A0}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{281650B6-4835-4C96-B41D-B15DDD11B867}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{28419D4E-D561-492E-8BE0-5ED0A0A93DC2}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{2D7BAC9D-4027-4F34-9BCB-7364BB1D75B5}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{2E10A26C-DBAB-480A-862B-73435ECFA6BF}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{3320E33C-5C55-40EF-8E44-9CAC478D0622}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{33C3E078-2327-4CFC-AFBB-78292344F4E5}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{34CB5CA4-01E6-4A6B-9B8B-2A1C435D4D8A}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{35197C95-896B-416D-915A-C1D9C8DED034}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{35214A5C-5474-47B3-9160-4762B3897205}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{3906099E-28E3-472D-9340-5305D4E5FF23}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{39201F3F-9A31-45E2-9244-CF021A2EA728}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{3D62A810-03EA-400A-B311-FB05D75E2917}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{42096CCE-0AB5-4F44-8E8C-68F277DDC9C1}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{440222C9-40D7-4832-B00F-69C85CFDBB1E}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{4930FD89-D3F2-4C95-B36D-B9DFC257FFE6}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{49B184CC-FE4A-4B18-B354-EC8A6FE6DAD0}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{4A0D27B8-478C-4372-93C7-2A30D511B3FA}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{4AC62B25-1C5B-4D80-A244-355D4FCCC784}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{4D51C592-E63C-442C-A47E-AE524F5133D6}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{4E05F10C-EA96-4394-9ABB-F2A16A8473B1}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{4E0A49D9-06A2-4427-B8EB-19B1A8B42918}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{51479C02-95D1-4739-889D-B8BE0A4DD6A5}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{52DBA792-A345-49D3-8A6C-B37F66404095}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{557CAD26-FE95-453C-8A12-8CB2F2140A37}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{58DA9139-E391-4BD6-ADF7-7DD83F627B7A}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{5D273A87-03C3-4927-A9B1-3CC26AB4F18A}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{5E57B75E-0AC2-4075-AB21-C97455577100}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{5F68A6C5-DCA3-4533-B485-75BB974F8332}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{631A021A-CD4D-40A5-8C42-3858AC18E245}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{631D4D59-0C5C-451B-9674-E21ED9DCD518}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{644FF34E-98CB-4B1F-BA58-5FCBB930A32A}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{6BF060EF-1329-4763-B047-130C7A4C52FD}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{6CB19400-AC39-4989-B34E-65A6B45C8B72}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{6ECA1DAC-38CF-4524-BE3F-1D650F563533}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{7119ADA4-B17F-4DA3-9CD5-48DC5BD2F59A}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{728AA7AD-969F-48E4-B416-3A48BE02EEA1}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{73DDE435-16D4-406B-9D89-7C94F48EA73B}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{78B3F378-03B4-41EC-A77B-94E61FC61DE0}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{7C807681-DA3D-4BB4-B281-8CF6918AAC39}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{7C9EAFAC-5FED-4A81-935B-74CC04F8C4E1}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{7E7D203F-FB96-4BDF-B5F9-9C67DED5514D}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{7EC0174E-F510-4E67-916C-EB99F91BA29E}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{876F9BFE-4911-4F86-92A0-C5E976C76BB0}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{8BAC38D0-67DF-4E26-B38E-45AE6789AFE7}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{8C68859A-AE1B-48FD-B47F-175F1D5DCCDD}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{8CDDC67A-7123-43C4-9585-8E3CC33DCA86}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{9025C3C8-F0E3-495E-81E3-214F3F38824A}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{9419B7A0-49D6-400F-9622-DFA7CAF1093D}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{958EC020-5EAD-4255-812D-E9869A547F03}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{96C0B87A-BE11-4005-B1C8-EF590B69F82C}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{997C9BC2-8A0D-4BFD-AA31-050723AE75B4}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{9DAB6046-7B2A-4BC2-88A3-3303202D5C74}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{9EF76F6B-5FF3-4E99-A921-A2FB3D233C48}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{A0270CE9-552F-444E-8FB3-50D55C9A0061}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{A16F7C86-8438-4507-8BCE-07CA6AB3085D}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{A4BF7106-52A6-4D64-9D2A-248BF04424D3}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{A5C2BF34-C12D-4588-A898-9B0C803AC7F1}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{A9118FA6-AEAC-48EB-94F2-6AFEBA2B1F6C}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{A9CC88CC-8A8B-4348-99E0-6FBC18F20F6B}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{B2C623CF-72CB-4483-91CF-0F1DE1E40501}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{B34D41DB-3E6A-48AD-8F39-FAF0EDEC684C}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{B7D5E032-B45C-4034-BCD1-9C002D459B8A}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{B98BCCD4-E218-4641-9B87-A99E47DE5B12}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{BA8148C8-783B-4775-A187-134D3671EBBF}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{BB0EF0AB-C19E-4B30-9A16-6B91F67A40E1}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{BCBD994E-AC26-48AE-9754-8F49617747C0}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{BE255ED8-4215-41A4-967C-D097D3A7E187}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{BFD1E8D6-7409-4ED7-AC43-2890DDBAD8BD}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{C06C20B3-702A-4D3E-8906-C0EF0226E266}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{C20DE14F-92B6-49AB-9E7D-4E51F1E1961D}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{C241EA46-92B6-41CD-BDAC-E72C738E623F}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{CC9A45C8-545C-4609-9F6E-82DA3C5FBE80}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{CDC245D1-14C2-4AC9-B9F4-5C2DB37F3574}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{CFB70FC6-8AB7-40A5-AA05-FFFA7B6501AE}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{D125F4CA-1BFD-46B1-A882-0ED78BA147EA}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{D6C23E25-E090-4970-8C8B-0D93791F65F2}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{D9EDD350-DB39-49C8-8E82-243988175142}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{DA38F79F-2BC4-4F5A-A042-36511FD8A121}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{DC332FC5-D63F-439E-A300-72B66BF8ED77}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{E0A58121-D84D-4052-B7D8-6E807C0B0DF0}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{E201F4F8-7E2D-461B-A8C3-7DBF23866056}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{E4498461-9D2A-4B5C-9EEE-BFC58BCA3355}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{E4B54BCE-A95A-4A2A-9E68-2F285ACE46A0}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{E7A6EA15-A59C-4A59-BB43-E9D802FCD96F}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{E7B211EE-EB8D-48E9-85A8-4132607D51FF}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{E7B72678-BF49-49EA-A183-E55EF7250EC3}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{EBCEE88F-1050-44EF-8453-03C97341F486}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{EF9709FD-F19F-40C3-A5F1-61CCACDCEA42}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{F1672094-3B2B-40E8-8474-A51A05AF7601}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{F3C87CFC-0A7E-4FB5-93DE-806F8A04FD5F}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{F3F851B2-E15E-4304-927A-6D1796BFA32E}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{F719064D-00D4-4DCC-B7D9-3E3C3C09D7FB}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{FE3996FA-FD26-494A-AC55-B65DB8E38745}
Successfully deleted: [Empty Folder] C:\Users\Billing7\appdata\local\{FF334C3A-7D6A-4AEF-B4A9-906F3B4F7EAA}



~~~ FireFox

Successfully deleted: [File] C:\Users\Billing7\AppData\Roaming\mozilla\firefox\profiles\dkfckpl6.default\extensions\pjpjiwftve@pjpjiwftve.org.xpi [Tracur]
Successfully deleted the following from C:\Users\Billing7\AppData\Roaming\mozilla\firefox\profiles\dkfckpl6.default\prefs.js

user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1-Stop-Florists\":{\"nam
Emptied folder: C:\Users\Billing7\AppData\Roaming\mozilla\firefox\profiles\dkfckpl6.default\minidumps [1806 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/21/2014 at  2:16:49.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Billing7 (administrator) on BILLING7-PC on 21-08-2014 02:18:24
Running from C:\Users\Billing7\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\ScVssService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\SecCopy.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [{D6C23E25-E090-4970-8C8B-0D93791F65F2}] => rundll32 "C:\Users\Billing7\AppData\Local\{8719DEFC-249C-44C9-B0E2-1D1E9990F7E6}\{D6C23E25-E090-4970-8C8B-0D93791F65F2}\mjbi.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-19\...\Run: [Google] => rundll32 "C:\Users\Billing7\AppData\Local\{0B1D0329-F0E6-49D9-B6FE-87183FC8F03A}\Google\abmiod.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-20\...\Run: [{D6C23E25-E090-4970-8C8B-0D93791F65F2}] => rundll32 "C:\Users\Billing7\AppData\Local\{8719DEFC-249C-44C9-B0E2-1D1E9990F7E6}\{D6C23E25-E090-4970-8C8B-0D93791F65F2}\mjbi.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-20\...\Run: [Google] => rundll32 "C:\Users\Billing7\AppData\Local\{0B1D0329-F0E6-49D9-B6FE-87183FC8F03A}\Google\abmiod.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-1836283156-2902722254-2506520899-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Billing7\AppData\Local\Google\Desktop\Install\{5d49a875-5bf3-642b-ac81-50640ce1009f}\d'x"Ù"\", &h#\. ùû[\{5d49a875-5bf3-642b-ac81-50640ce1009f}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1836283156-2902722254-2506520899-1000\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\SecCopy.exe [2996008 2011-09-19] (Centered Systems)
HKU\S-1-5-21-1836283156-2902722254-2506520899-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-08-17] (Glarysoft Ltd)
HKU\S-1-5-21-1836283156-2902722254-2506520899-1000\...\MountPoints2: {60966b86-78cd-11e3-ab41-c89cdc6d1ff4} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1836283156-2902722254-2506520899-1000\...\MountPoints2: {6be19609-5671-11e2-8f3a-c89cdc6d1ff4} - K:\TL_Bootstrap.exe
HKU\S-1-5-21-1836283156-2902722254-2506520899-1000\...\MountPoints2: {9c89b3e7-db7b-11e3-b8d7-c89cdc6d1ff4} - L:\setup.exe -a
HKU\S-1-5-21-1836283156-2902722254-2506520899-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Billing7\AppData\Local\Temp\svrspne\sowpbst\wow.dll ATTENTION! ====> ZeroAccess?
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {03D2C8DC-EDFC-41BE-87C8-57F8047C2563} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {2248815F-F5FC-4825-A7EC-242824D0B650} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL No File
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\ART\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Billing7\AppData\Roaming\Mozilla\Firefox\Profiles\dkfckpl6.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Billing7\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Billing7\AppData\Roaming\Mozilla\Firefox\Profiles\dkfckpl6.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2012-02-19]
FF Extension: FireFTP - C:\Users\Billing7\AppData\Roaming\Mozilla\Firefox\Profiles\dkfckpl6.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-02-19]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]
FF Extension: No Name - C:\Users\Billing7\AppData\Roaming\Mozilla\Firefox\Profiles\dkfckpl6.default\extensions\pjpjiwftve@pjpjiwftve.org.xpi []

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-04-12] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-04-12] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\ART\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S3 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2011-09-19] (Centered Systems)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-08-05] (Glarysoft Ltd)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S1 hiyspwai; \??\C:\Windows\system32\drivers\hiyspwai.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgdiska.sys D89F8E4E025DAA0C39FF61AC0199E101
C:\Windows\System32\DRIVERS\avgidsdrivera.sys F9984B8432204D000E15DE0A40D6F9AD
C:\Windows\System32\DRIVERS\avgidsha.sys 73B684F26AD82BABC2A1B3E539ED027A
C:\Windows\System32\DRIVERS\avgldx64.sys 18A542A22A31DFFEA51666E75393E7A5
C:\Windows\System32\DRIVERS\avgloga.sys EC0E347F6C95541504CCF1B85D74F91F
C:\Windows\System32\DRIVERS\avgmfx64.sys ADC65C6074A994D91CA9C6339C3DC978
C:\Windows\System32\DRIVERS\avgrkx64.sys 7D206FA06603E95984EFF9822C9FC958
C:\Windows\System32\DRIVERS\avgtdia.sys 6FB25E61AC5885F5BD8BC5202D129BDF
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\BootDefragDriver.sys 369D7E0E01117A1A4A23C9C6A04EED06
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\drivers\ftdibus.sys 7442BCA60ED46CC31C2F39728BBDD9AD
C:\Windows\System32\drivers\ftser2k.sys 121AF3148CDDA212CFFBC4F6240699C2
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\GUBootStartup.sys 500CBE92D24D21B78120BF0FD0196F58
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys 0D1B8C64BDF0E5CDC523A1409FFB5EF0
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 88798B4381FD58FAE2DA07880C177C5C
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B
C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys 0F28935ECF1FBDEC22BAF720A5A94564
C:\Windows\System32\DRIVERS\lmimirr.sys 413ECDCFAD9A82804D3674C8D7EEC24E
C:\Windows\system32\drivers\LMIRfsDriver.sys C57D3FAA50E6F395759FFB7C709BD944
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvrs64.sys 0C85B2B6FB74B36A251792D45E0EF860
C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8
C:\Windows\System32\DRIVERS\MarvinBus64.sys 024DA28053D57E9E32BEE52600576BBB
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 68CDB276A3009F0CF000C6352C1F72E7
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MarvinAVS64.sys 0050E6BEC926C98AC6C16714FF1AD450
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 02:18 - 2014-08-21 02:18 - 00030636 _____ () C:\Users\Billing7\Desktop\FRST.txt
2014-08-21 02:17 - 2014-08-21 02:18 - 00000000 ____D () C:\FRST
2014-08-21 02:16 - 2014-08-21 02:16 - 00013830 _____ () C:\Users\Billing7\Desktop\JRT.txt
2014-08-21 02:10 - 2014-08-21 02:10 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 02:09 - 2014-08-21 02:09 - 14427808 _____ () C:\Users\Billing7\Downloads\gup5setup.exe
2014-08-21 02:05 - 2014-08-21 02:05 - 00003352 ____N () C:\bootsqm.dat
2014-08-21 01:47 - 2014-08-21 01:51 - 00000000 ____D () C:\AdwCleaner
2014-08-21 01:42 - 2014-08-21 01:42 - 02101760 _____ (Farbar) C:\Users\Billing7\Desktop\FRST64.exe
2014-08-21 01:42 - 2014-08-21 01:42 - 01016261 _____ (Thisisu) C:\Users\Billing7\Desktop\JRT.exe
2014-08-21 01:39 - 2014-08-21 01:39 - 01364531 _____ () C:\Users\Billing7\Desktop\adwcleaner_3.308.exe
2014-08-21 01:33 - 2014-08-21 01:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 01:33 - 2014-08-21 01:33 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 01:33 - 2014-08-21 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 01:33 - 2014-08-21 01:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 01:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 01:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 01:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-18 15:37 - 2014-08-18 15:37 - 00000000 ____D () C:\Users\Billing7\AppData\Local\Adobe
2014-08-16 18:49 - 2014-08-16 18:49 - 00000000 ___HD () C:\Users\Billing7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-08-15 12:59 - 2014-08-15 12:59 - 00002276 _____ () C:\Users\Billing7\Desktop\Gary's Public Videos.lnk
2014-08-15 12:32 - 2014-08-15 12:32 - 00000000 ____D () C:\Users\Billing7\AppData\Roaming\MPC-HC
2014-08-15 12:10 - 2014-06-14 10:03 - 00218200 _____ () C:\Windows\SysWOW64\unrar.dll
2014-08-14 09:20 - 2014-08-14 09:23 - 00000000 ____D () C:\Users\Billing7\Desktop\Geico
2014-08-12 14:28 - 2014-08-12 14:28 - 00000000 ____D () C:\ProgramData\Movavi Video Converter 15
2014-08-11 13:53 - 2014-08-11 13:53 - 00000000 ____D () C:\Users\Billing7\AppData\Roaming\metamorphose2
2014-08-11 13:53 - 2014-08-11 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Métamorphose2
2014-08-11 13:52 - 2014-08-11 13:53 - 00000000 ____D () C:\Program Files (x86)\metamorphose2
2014-08-11 13:47 - 2014-08-11 13:50 - 00000000 ____D () C:\Program Files (x86)\DVRSoft
2014-08-11 13:41 - 2014-08-11 13:41 - 00000000 ____D () C:\Users\Billing7\Documents\Wondershare Video Converter Ultimate
2014-08-11 13:41 - 2014-08-11 13:41 - 00000000 ____D () C:\Users\Billing7\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2014-08-11 13:40 - 2014-08-11 13:43 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-08-11 13:40 - 2014-08-11 13:42 - 00000000 ____D () C:\ProgramData\Wondershare Video Converter Ultimate
2014-08-11 13:40 - 2014-08-11 13:40 - 00000000 ____D () C:\Users\Billing7\AppData\Roaming\Wondershare Video Converter Ultimate
2014-08-11 13:40 - 2014-08-11 13:40 - 00000000 ____D () C:\Users\Billing7\AppData\Local\Wondershare
2014-08-11 13:30 - 2014-08-11 13:30 - 00000000 ____D () C:\Users\Billing7\AppData\Roaming\AVS4YOU
2014-08-11 13:28 - 2014-08-11 13:37 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-08-11 13:28 - 2014-08-11 13:30 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-08-11 13:28 - 2012-03-23 19:59 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-08-11 13:28 - 2012-03-23 19:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-08-10 01:01 - 2014-08-10 01:01 - 00000000 ____D () C:\Users\Billing7\AppData\Roaming\iSkysoft Video Converter Ultimate
2014-08-10 00:33 - 2014-08-10 01:04 - 00000000 ____D () C:\Users\Billing7\Documents\iSkysoft Video Converter Ultimate
2014-08-10 00:32 - 2014-08-11 13:26 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-08-10 00:32 - 2014-08-11 13:20 - 00000000 ____D () C:\ProgramData\iSkysoft Video Converter Ultimate
2014-08-10 00:32 - 2014-08-10 00:32 - 00000000 ____D () C:\Users\Billing7\AppData\Local\iSkysoft
2014-08-10 00:19 - 2014-08-10 00:19 - 00000000 ____D () C:\Users\Billing7\AppData\Local\Movavi
2014-08-10 00:06 - 2014-08-10 00:19 - 00000000 ____D () C:\Program Files (x86)\Movavi Video Converter 15
2014-08-10 00:06 - 2014-08-10 00:06 - 00001167 _____ () C:\Users\Public\Desktop\Movavi Video Converter 15.lnk
2014-08-10 00:06 - 2014-08-10 00:06 - 00000000 ____D () C:\ProgramData\Movavi
2014-08-10 00:06 - 2014-08-10 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 15
2014-08-08 19:20 - 2014-08-08 20:49 - 00000122 _____ () C:\Users\Billing7\AppData\Roaming\com.synchrimedia.sccdecoder.prefs
2014-08-08 19:14 - 2014-08-08 19:14 - 00000004 _____ () C:\Users\Billing7\AppData\Roaming\com.synchrimedia.sccr.prefs
2014-08-05 13:32 - 2014-08-05 13:32 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-05 12:21 - 2014-08-16 18:40 - 00000000 ___RD () C:\Users\Billing7\Dropbox
2014-08-05 12:00 - 2014-08-21 02:09 - 00002646 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-08-05 12:00 - 2014-08-21 02:09 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-05 12:00 - 2014-08-21 02:09 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-05 12:00 - 2014-08-21 02:09 - 00000338 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-05 12:00 - 2014-08-21 02:09 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-08-05 12:00 - 2014-08-21 02:05 - 00000000 ____D () C:\Users\Billing7\AppData\Roaming\DiskDefrag
2014-08-05 12:00 - 2014-08-05 12:00 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-05 12:00 - 2014-08-05 12:00 - 00000000 ____D () C:\Users\Billing7\AppData\Roaming\GlarySoft
2014-08-05 12:00 - 2014-08-05 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-05 12:00 - 2014-08-03 21:42 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-08-05 12:00 - 2014-07-18 03:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-08-04 01:35 - 2014-08-05 16:21 - 00000000 ____D () C:\Users\Billing7\Downloads\Beyond TV
2014-07-30 02:44 - 2014-07-30 02:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 02:18 - 2014-08-21 02:18 - 00030636 _____ () C:\Users\Billing7\Desktop\FRST.txt
2014-08-21 02:18 - 2014-08-21 02:17 - 00000000 ____D () C:\FRST
2014-08-21 02:16 - 2014-08-21 02:16 - 00013830 _____ () C:\Users\Billing7\Desktop\JRT.txt
2014-08-21 02:14 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 02:14 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 02:10 - 2014-08-21 02:10 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 02:10 - 2012-02-19 02:00 - 01625237 ____H () C:\Windows\WindowsUpdate.log
2014-08-21 02:09 - 2014-08-21 02:09 - 14427808 _____ () C:\Users\Billing7\Downloads\gup5setup.exe
2014-08-21 02:09 - 2014-08-05 12:00 - 00002646 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-08-21 02:09 - 2014-08-05 12:00 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-21 02:09 - 2014-08-05 12:00 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-21 02:09 - 2014-08-05 12:00 - 00000338 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-21 02:09 - 2014-08-05 12:00 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-08-21 02:06 - 2012-08-14 09:14 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 02:06 - 2012-08-14 09:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 02:06 - 2012-05-03 11:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 02:06 - 2010-11-20 23:47 - 00257688 ____H () C:\Windows\PFRO.log
2014-08-21 02:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 02:06 - 2009-07-14 00:51 - 00170367 ____H () C:\Windows\setupact.log
2014-08-21 02:05 - 2014-08-21 02:05 - 00003352 ____N () C:\bootsqm.dat
2014-08-21 02:05 - 2014-08-05 12:


#7 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,416 posts

Posted 22 August 2014 - 08:27 PM

Champion1214, this topic is only to request re-opening of logs that were recently closed.

Please see the prior reply - you need to open a new topic in Malware Removal,


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button