Obstinate irritating pop-under adware

bonzodog2

While trying to find an older version of some HTC software for an older phone, I've contracted some kind of adware infection that seems resistant to my attempts to cut out its heart.
I have Iron (aka Chrome) running on a laptop with Win7.

I have uninstalled bloatware via Programs & Features, also found a Chrome extension I hadn't asked for (Chromebook Backup Image Restore Utility or somesuch)
I have scanned with Malwarebytes, Avast, Win Defender and Spybot, (all updated) several times with some reboots thrown in.
Also Ccleaner
I have Adblock Plus (updated) as an Iron extension.

I'm still getting ad pages opening in popunder mode.
Also I've noticed some links here on boards that don't look like the poster put them there, they link to the thread they are already in.

What more can I try?

jsa112

run adwcleaner, delete what it finds, post the log

http://www.bleepingcomputer.com/download/adwcleaner/

bonzodog2

# AdwCleaner v5.200 - Logfile created 28/06/2016 at 09:17:54
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-26.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : admin - DELL-E6400
# Running from : C:\Users\admin\Downloads\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\admin\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.inbox.com_0.localstorage
[-] File Deleted : C:\Users\admin\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.inbox.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [986 bytes] - [28/06/2016 09:17:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [1035 bytes] - [28/06/2016 09:06:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1131 bytes] ##########

inbox.com is my email provider

Another odd thing I have noticed recently is when I start either Iron or Tor Browser, it doesn't open with a start page as before, but with a directory listing of its installation directory

bonzodog2

Did a few more MBAM scans, also Spybot, AdwCleaner and JRT (by Malwarebytes), found nothing. New tabs still getting created.
Uninstalled MBAM and reinstalled ,selecting the free trial of the Premium version. It did a scan by itself last night and found some registry entries.
Still getting popups.

Some sites it tries to open get blocked as adult content by Three

I could list the sites it opens if that would help

Any more suggestions?

jsa112

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files here

bonzodog2

OTL.txt

OTL logfile created on: 02/07/2016 09:55:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.95 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.78% Memory free
7.90 Gb Paging File | 6.54 Gb Available in Paging File | 82.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 61.04 Gb Free Space | 40.98% Space Free | Partition Type: NTFS
Drive | 49.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.81 Gb Total Space | 6.76 Gb Free Space | 86.57% Space Free | Partition Type: FAT32

Computer Name: DELL-E6400 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/07/02 09:54:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2014/01/15 04:42:40 | 000,238,160 | RH-- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2013/10/26 10:45:14 | 000,651,856 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2016/03/25 20:04:04 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2016/03/25 19:59:37 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2016/03/25 19:54:59 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2015/07/22 17:56:14 | 001,390,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2010/03/09 16:56:02 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe -- (AESTFilters)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/19 06:32:43 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/15 04:42:44 | 000,351,824 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2013/10/26 10:45:14 | 000,651,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010/03/09 16:56:02 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe -- (STacSV)
SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/07/02 09:52:12 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/06/28 12:54:09 | 000,046,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2016/03/25 20:09:48 | 000,088,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2016/03/25 20:09:47 | 000,023,272 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2016/03/25 20:09:46 | 000,107,752 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2016/03/25 20:09:46 | 000,026,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2016/03/25 18:44:12 | 000,110,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/09/30 09:51:52 | 000,380,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_wwanecm.sys -- (hwusb_wwanecm)
DRV:64bit: - [2014/07/25 10:08:22 | 000,125,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_cdcacm.sys -- (hwusb_cdcacm)
DRV:64bit: - [2013/11/30 10:10:22 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/01/25 02:16:40 | 000,109,568 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/12/22 02:46:12 | 000,014,976 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/08/23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 20:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 20:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/09 16:56:02 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/13 02:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/18 18:03:00 | 000,315,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/06/03 10:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2006/11/17 18:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found



O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [SpybotPostWindows10UpgradeReInstall] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1464253423207 (MUCatalogWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06A4D521-5542-442B-BEC3-C5C291B9D416}: NameServer = 172.30.224.65 172.30.224.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53E54183-C6C5-4182-86F4-D77FA0840B85}: NameServer = 172.30.224.65 172.30.224.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD3D57C2-5F4E-44A4-8ED6-06DD8A8A83E0}: NameServer = 8.8.8.8
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/06/19 17:18:35 | 000,000,087 | R--- | M] () - \AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{71d099c4-3dd4-11e6-ada4-0026b9a9aeb6}\Shell - "" = AutoRun
O33 - MountPoints2\{71d099c4-3dd4-11e6-ada4-0026b9a9aeb6}\Shell\AutoRun\command - "" = \Install MegaFon Internet.exe -- [2015/06/19 17:18:35 | 023,431,184 | R--- | M] (RooX)
O33 - MountPoints2\{cd8273c9-330e-11e6-a185-0024d67981ca}\Shell - "" = AutoRun
O33 - MountPoints2\{cd8273c9-330e-11e6-a185-0024d67981ca}\Shell\AutoRun\command - "" = \Install MegaFon Internet.exe -- [2015/06/19 17:18:35 | 023,431,184 | R--- | M] (RooX)
O33 - MountPoints2\{cd8273da-330e-11e6-a185-0024d67981ca}\Shell - "" = AutoRun
O33 - MountPoints2\{cd8273da-330e-11e6-a185-0024d67981ca}\Shell\AutoRun\command - "" = \Install MegaFon Internet.exe -- [2015/06/19 17:18:35 | 023,431,184 | R--- | M] (RooX)
O33 - MountPoints2\{fb475319-3eab-11e6-983f-0024d67981ca}\Shell - "" = AutoRun
O33 - MountPoints2\{fb475319-3eab-11e6-983f-0024d67981ca}\Shell\AutoRun\command - "" = \Install MegaFon Internet.exe -- [2015/06/19 17:18:35 | 023,431,184 | R--- | M] (RooX)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\Install MegaFon Internet.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/07/02 09:54:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2016/06/30 11:06:11 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/06/30 11:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/06/30 11:05:44 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/06/30 11:05:44 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/06/30 11:05:44 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/06/30 11:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/06/30 11:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
[2016/06/30 11:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SRWare Iron
[2016/06/30 07:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2016/06/30 06:59:47 | 000,457,728 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys
[2016/06/30 06:59:47 | 000,380,672 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_wwanecm.sys
[2016/06/30 06:59:47 | 000,248,320 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2016/06/30 06:59:47 | 000,226,176 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2016/06/30 06:59:47 | 000,125,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_cdcacm.sys
[2016/06/30 06:59:47 | 000,110,592 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2016/06/30 06:59:47 | 000,109,568 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2016/06/30 06:59:47 | 000,091,648 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2016/06/30 06:59:47 | 000,077,312 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2016/06/30 06:59:47 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2016/06/30 06:59:47 | 000,030,720 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2016/06/30 06:59:47 | 000,022,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys
[2016/06/30 06:59:47 | 000,014,976 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2016/06/30 06:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2016/06/28 12:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2016/06/28 12:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2016/06/28 09:05:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/06/25 10:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2016/06/25 10:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016/06/24 09:45:24 | 000,821,920 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
[2016/06/24 09:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2016/06/24 09:41:49 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2016/06/24 09:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2016/06/24 09:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2016/06/24 09:04:50 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\CEF
[2016/06/24 08:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2016/06/24 08:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AV
[2016/06/24 08:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2016/06/24 08:46:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2016/06/22 18:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/06/22 18:31:13 | 022,851,472 | ---- | C] (Malwarebytes ) -- C:\Users\admin\Desktop\mbam-setup-2.2.1.1043.exe
[2016/06/20 14:05:59 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\h2testw check usb drive size
[2016/06/16 13:24:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\TextPad
[2016/06/16 13:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TEXTPAD
[2016/06/16 13:13:34 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016/06/16 13:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2016/06/16 11:36:43 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Tor Browser
[2016/06/16 09:47:46 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Macromedia
[2016/06/16 09:46:43 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Adobe
[2016/06/15 20:05:54 | 000,000,000 | ---D | C] -- C:\move fromgreen320
[2016/06/15 20:04:44 | 000,000,000 | ---D | C] -- C:\e4200downloads
[2016/06/15 20:04:26 | 000,000,000 | ---D | C] -- C:\e4200docs
[2016/06/15 18:16:11 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\MegaFon
[2016/06/15 18:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MegaFon
[2016/06/15 18:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner
[2016/06/15 18:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DataCardService
[2016/06/15 18:12:45 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2016/06/15 18:12:45 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01007.dll

========== Files - Modified Within 30 Days ==========

[2016/07/02 09:54:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2016/07/02 09:52:12 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/07/02 09:51:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/07/02 09:51:09 | 3183,398,912 | -HS- | M] () -- C:\hiberfil.sys
[2016/07/02 09:01:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job
[2016/06/30 19:12:26 | 000,132,274 | ---- | M] () -- C:\Users\admin\Documents\b154ew02-v1_connections.jpg
[2016/06/30 19:10:23 | 000,000,000 | ---- | M] () -- C:\Users\admin\Documents\New Bitmap Image.bmp
[2016/06/30 11:27:39 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/06/30 11:27:39 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/06/30 11:23:15 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/06/30 11:23:15 | 000,666,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/06/30 11:23:15 | 000,125,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/06/30 11:05:47 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/06/30 11:02:50 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/06/30 11:02:50 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/06/30 11:02:00 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Iron Config and Backup.lnk
[2016/06/30 11:02:00 | 000,001,044 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2016/06/30 11:02:00 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\SRWare Iron.lnk
[2016/06/30 07:30:13 | 000,000,446 | ---- | M] () -- C:\Windows\SysWow64\prod-pgm.vpx
[2016/06/30 07:30:12 | 000,002,869 | ---- | M] () -- C:\Windows\SysWow64\servers.def.vpx
[2016/06/30 07:00:17 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2016/06/28 12:54:09 | 000,046,960 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2016/06/28 12:52:45 | 000,000,514 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2016/06/25 10:48:52 | 000,014,018 | ---- | M] () -- C:\Users\admin\Documents\cc_20160625_104844.reg
[2016/06/25 10:45:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/06/24 09:41:54 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2016/06/24 08:25:58 | 000,126,517 | ---- | M] () -- C:\Users\admin\Documents\bookmarks_6_24_16.html
[2016/06/22 19:18:00 | 000,001,445 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2016/06/22 19:18:00 | 000,000,290 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2016/06/22 19:18:00 | 000,000,272 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2016/06/22 19:17:59 | 000,002,617 | ---- | M] () -- C:\Users\admin\Desktop\µTorrent.lnk
[2016/06/22 19:17:59 | 000,002,041 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Iron App Launcher.lnk
[2016/06/22 19:17:59 | 000,002,017 | ---- | M] () -- C:\Users\admin\Desktop\Iron App Launcher.lnk
[2016/06/22 19:17:59 | 000,001,926 | ---- | M] () -- C:\Users\admin\Desktop\FAHControl.lnk
[2016/06/22 19:17:59 | 000,001,394 | ---- | M] () -- C:\Users\admin\Desktop\WinRAR.exe - Shortcut.lnk
[2016/06/22 19:17:59 | 000,000,787 | ---- | M] () -- C:\Users\admin\Desktop\Start Tor Browser.lnk
[2016/06/19 10:29:34 | 000,000,134 | ---- | M] () -- C:\Users\admin\Desktop\Internet Explorer Troubleshooting.url
[2016/06/17 14:17:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2016/06/17 12:45:36 | 000,269,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/06/16 10:42:40 | 000,121,540 | ---- | M] () -- C:\Users\admin\Desktop\bookmarks_6_16_16.html
[2016/06/15 18:13:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

========== Files Created - No Company Name ==========

[2016/06/30 19:12:26 | 000,132,274 | ---- | C] () -- C:\Users\admin\Documents\b154ew02-v1_connections.jpg
[2016/06/30 19:10:23 | 000,000,000 | ---- | C] () -- C:\Users\admin\Documents\New Bitmap Image.bmp
[2016/06/30 11:05:47 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/06/30 11:02:00 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Iron Config and Backup.lnk
[2016/06/30 11:02:00 | 000,001,044 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\SRWare Iron.lnk
[2016/06/30 11:02:00 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\SRWare Iron.lnk
[2016/06/30 07:30:13 | 000,000,446 | ---- | C] () -- C:\Windows\SysWow64\prod-pgm.vpx
[2016/06/30 07:30:12 | 000,002,869 | ---- | C] () -- C:\Windows\SysWow64\servers.def.vpx
[2016/06/30 07:00:17 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2016/06/28 12:54:09 | 000,046,960 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2016/06/28 12:52:45 | 000,000,514 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2016/06/25 10:48:47 | 000,014,018 | ---- | C] () -- C:\Users\admin\Documents\cc_20160625_104844.reg
[2016/06/25 10:45:19 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/06/24 09:41:54 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2016/06/24 09:41:54 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2016/06/24 08:25:58 | 000,126,517 | ---- | C] () -- C:\Users\admin\Documents\bookmarks_6_24_16.html
[2016/06/19 10:51:26 | 000,522,440 | R--- | C] () -- C:\Users\admin\Desktop\Bapsi Sidhwa - The Crow Eaters.epub
[2016/06/17 14:17:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2016/06/16 13:24:18 | 000,000,962 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
[2016/06/16 13:14:14 | 000,001,394 | ---- | C] () -- C:\Users\admin\Desktop\WinRAR.exe - Shortcut.lnk
[2016/06/16 11:37:09 | 000,000,811 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
[2016/06/16 11:37:09 | 000,000,787 | ---- | C] () -- C:\Users\admin\Desktop\Start Tor Browser.lnk
[2016/06/16 10:45:21 | 000,121,540 | ---- | C] () -- C:\Users\admin\Desktop\bookmarks_6_16_16.html
[2016/06/15 18:13:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2016/05/31 12:46:17 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2016/05/18 20:43:19 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2015/03/17 16:16:09 | 000,749,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/03/25 20:03:16 | 014,185,472 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/03/25 19:32:19 | 012,881,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras.txt

OTL Extras logfile created on: 02/07/2016 09:55:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.95 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.78% Memory free
7.90 Gb Paging File | 6.54 Gb Available in Paging File | 82.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 61.04 Gb Free Space | 40.98% Space Free | Partition Type: NTFS
Drive | 49.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.81 Gb Total Space | 6.76 Gb Free Space | 86.57% Space Free | Partition Type: FAT32

Computer Name: DELL-E6400 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15C15144-C85C-415E-948A-7A5E0CBA03D5}" = lport=138 | protocol=17 | dir=in | app=system |
"{1CB6DA07-11B1-427B-9463-58CC1874D00A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{256064A9-49F0-4F8D-8442-C59A5412C1B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{272E0237-0FEC-4C2F-96BE-7B3EA1614C1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42F9FE26-1038-44DA-9F4A-BEF5D9B22E22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46949C33-C5D6-4D80-BB24-82DAE64136E2}" = lport=137 | protocol=17 | dir=in | app=system |
"{51E2C0D7-93A7-4ACB-B4D5-033960A4D5F3}" = rport=139 | protocol=6 | dir=out | app=system |
"{5622006A-4DE8-4D9A-AAB2-1CFDD0AB03BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5F00D9B0-6B58-4EF3-8BAA-C47FBB234A8B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{64EE1A10-6935-4190-A79E-DAFCEFDF5C8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6558E12B-5DEA-46CD-91FC-17F6E6323AAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{659F2248-3D40-4621-BF18-CF4B0EBD4794}" = lport=139 | protocol=6 | dir=in | app=system |
"{79E6875D-8981-469F-86E7-104E41F95B7D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99202266-B9D5-48BA-819D-7D3295A03F23}" = rport=138 | protocol=17 | dir=out | app=system |
"{9ACD0A72-8C83-4076-89FD-29AC920F53EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A602BAD3-A976-41FD-A6DA-13DA659DE684}" = lport=445 | protocol=6 | dir=in | app=system |
"{A7847C46-163C-4CD5-9A0C-8540B1026F54}" = rport=445 | protocol=6 | dir=out | app=system |
"{B1C726FD-51EE-4978-B7CE-6165C6E488D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{C1A1E1F5-B5B6-4452-BA05-021F39EEAE17}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2C7F934-DD45-4724-906C-178AA7D7F51C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FADE0968-4CA5-43AF-B8B1-27DA2273B592}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04621F03-AAEE-47AC-8FFE-A32CD243D7CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{280D1EC6-5166-4162-9C07-7129C4A02E7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31B6C01D-3B85-4781-A3A4-0BF3A4C26534}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{377D9CE9-967C-4D50-8B03-D27345DCC48B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EED221B-9AA2-4D2F-A5A4-2B904E179605}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40B39B60-EFF3-41B9-A837-10E32BC23C11}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"{491D268B-22C8-40EF-B18C-223C8071098F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4E3CE355-B79C-4EC0-B96E-E72D4D018B68}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{52150E98-C5B4-4CEC-96AE-D003EF9DD5FD}" = protocol=17 | dir=out | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"{5E967665-B30F-4C34-9191-5674D8BBEF6C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{75FA640F-04EE-4B2C-97A7-6D0A56B043DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8C8C6263-F7E7-4873-8D22-229744B7B537}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"{97E273ED-1821-4793-B24F-DA62435BC1A1}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"{9D45CC9E-D8D8-41FF-BE9B-57912D4712BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C29DE6AB-57CC-4684-9000-755398F33F7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF7C2618-822F-47A4-9B80-C2B70BB6A54D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D483279A-193E-4C2F-ACB1-9BF5FBDFFC35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5AD9142-8D02-42DB-9C45-2108B05C8679}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DCD658BB-B4B3-426D-B8E1-2E5ABA524538}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F0934EBC-FC31-421B-9066-DD0E138D2544}" = protocol=6 | dir=out | app=system |
"{F58B1DA8-0CFB-407A-9A68-A93A799A2CDD}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"{FA1F27C9-9B7D-4E16-A268-6A0A2B18F693}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAACA14C-CF15-450A-8D80-DCA5ADCDDA9D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC253D45-EE57-4A57-80D9-4B67DB92E002}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD0D10F7-73E6-4BF8-9E1C-CB781F481F49}" = protocol=6 | dir=out | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{1DF8F933-0B96-435F-938F-D435C30047D3}C:\program files (x86)\fahclient\fahclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe |
"TCP Query User{63BCE9C4-2533-4EE8-8259-702AEFE9EEA0}C:\program files (x86)\fahclient\fahclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe |
"UDP Query User{965C7ABF-E7D4-4320-920C-80CBA7E8A92F}C:\program files (x86)\fahclient\fahclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe |
"UDP Query User{E0472F82-987A-4461-A4AF-D65709235663}C:\program files (x86)\fahclient\fahclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron version 50.2650.0
"{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1" = Win32DiskImager version 0.9.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 22 ActiveX
"Adobe Flash Player PPAPI" = Adobe Flash Player 22 PPAPI
"FAHClient" = FAHClient
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.8.0 (Full)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"Mobile Partner" = Mobile Partner

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/06/2016 05:58:05 | Computer Name = dell-e6400 | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswKbd. System Error: The system cannot find the file specified. .

Error - 30/06/2016 05:58:05 | Computer Name = dell-e6400 | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswMonFlt. System Error: The system cannot find the file specified. .

Error - 30/06/2016 05:58:05 | Computer Name = dell-e6400 | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswRdr. System Error: The system cannot find the file specified. .

Error - 30/06/2016 05:58:05 | Computer Name = dell-e6400 | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary avast! Revert. System Error: The system cannot find the file specified.
.

Error - 30/06/2016 05:58:05 | Computer Name = dell-e6400 | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswSnx. System Error: The system cannot find the file specified. .

Error - 30/06/2016 05:58:05 | Computer Name = dell-e6400 | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswSP. System Error: The system cannot find the file specified. .

Error - 30/06/2016 05:58:05 | Computer Name = dell-e6400 | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary avast! VM Monitor. System Error: The system cannot find the file specified.
.

Error - 30/06/2016 05:58:05 | Computer Name = dell-e6400 | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service Avast Antivirus since QueryServiceConfig API failed System Error: The
system cannot find the file specified. .

Error - 30/06/2016 06:19:42 | Computer Name = dell-e6400 | Source = WinMgmt | ID = 10
Description =

Error - 02/07/2016 04:51:55 | Computer Name = dell-e6400 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 02/07/2016 04:49:54 | Computer Name = dell-e6400 | Source = Service Control Manager | ID = 7031
Description = The Spybot-S&D 2 Updating Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 02/07/2016 04:49:55 | Computer Name = dell-e6400 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 02/07/2016 04:49:58 | Computer Name = dell-e6400 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 02/07/2016 04:50:14 | Computer Name = dell-e6400 | Source = Service Control Manager | ID = 7031
Description = The Spybot-S&D 2 Security Center Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 02/07/2016 04:50:25 | Computer Name = dell-e6400 | Source = Service Control Manager | ID = 7038
Description = The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with
the currently configured password due to the following error: %%50 To ensure that
the service is configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error - 02/07/2016 04:50:25 | Computer Name = dell-e6400 | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1069

Error - 02/07/2016 04:50:28 | Computer Name = dell-e6400 | Source = Service Control Manager | ID = 7038
Description = The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 02/07/2016 04:50:28 | Computer Name = dell-e6400 | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%1069

Error - 02/07/2016 04:51:23 | Computer Name = dell-e6400 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (60000 milliseconds) while waiting for the Mobile
Partner. OUC service to connect.

Error - 02/07/2016 04:51:23 | Computer Name = dell-e6400 | Source = Service Control Manager | ID = 7000
Description = The Mobile Partner. OUC service failed to start due to the following
error: %%1053


< End of report >

I notice several references to Vista in Extras.txt. It was a clean install of Win7.

bonzodog2

I also recently reinstalled Iron and ran sfc /scannow

edit: the logs above are from the Scan button, not the QuickScan button

jsa112

Do you recognise Install MegaFon Internet.exe ?

bonzodog2

Yes it's a driver for a 4G USB dongle

jsa112

do you have a log from ma lwarebytes?


chances are its an extension, disable them all, issue still occur?

bonzodog2

The only extension on Iron is Adblock plus, added recently to the re-install of Iron

bonzodog2

I just tried a scan with Avira Rescue System from a USB drive, it found nothing

jsa112

check your plugins

type chrome://plugins/ into your browser


your issue isn't malware related, its some thing installed in iron

bonzodog2

jsa112 wrote: »

check your plugins

type chrome://plugins/ into your browser


your issue isn't malware related, its some thing installed in iron

Flash and PDF viewers and a couple of things I hadn't heard of but seem legit, Native Client and Widevine Content Decryption Module