atljatl

sorry, after all of that, i was still getting a java update notice, but it is actually a legitimate adobe update. so, it seems to be better. now. does everything seem good from the logs? i'm a little newbie with all of this

oh, yes. sorry, here is the last scan. OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Internet Scan Type: Custom Scan Result: Completed Objects Scanned: 289439 Time Elapsed: 1 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 5 PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Delete-on-Reboot, [b84f9555cfac7fb7752951294eb48878], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Delete-on-Reboot, [b84f9555cfac7fb7752951294eb48878], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Delete-on-Reboot, [b84f9555cfac7fb7752951294eb48878], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Delete-on-Reboot, [b84f9555cfac7fb7752951294eb48878], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Delete-on-Reboot, [9770fded22597fb7d3d05d5bff039e62], Registry Values: 2 PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Delete-on-Reboot, [26e138b27ffced49b52e6f84679b44bc] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Delete-on-Reboot, [b651d911cab17cbaf6edfdf69d65e21e] Registry Data: 1 PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013),Delete-on-Reboot,[2fd8bd2d90eb64d2470ab134c93b37c9] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by IT Admin on Fri 09/05/2014 at 15:22:06.73 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\IT Admin\AppData\Roaming\getrighttogo" here is the JRT log: ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 09/05/2014 at 15:28:44.25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is the log after running AdwCleaner: # AdwCleaner v3.309 - Report created 05/09/2014 at 14:42:22 # Updated 02/09/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : IT Admin - FBI-FIELD-POST_ # Running from : C:\Users\Internet\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage File Found : C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal Folder Found : C:\ProgramData\NCH Software Folder Found : C:\ProgramData\Windows Genuine Advantage Folder Found : C:\Users\Internet\AppData\Roaming\NCH Software Folder Found : C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Folder Found : C:\Users\IT Admin\AppData\Roaming\dvdvideosoftiehelpers ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Found : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17239 Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013 Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hcsn646c.default\prefs.js ] Line Found : user_pref("browser.search.defaultenginename", "Web Search"); Line Found : user_pref("browser.search.selectedEngine", "Web Search"); [ File : C:\Users\IT Admin\AppData\Roaming\Mozilla\Firefox\Profiles\og5lskkw.default\prefs.js ] -\\ Google Chrome v37.0.2062.103 [ File : C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp ************************* AdwCleaner[R0].txt - [6118 octets] - [05/09/2014 14:42:22] ########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [6178 octets] ##########

here is the log after the combo fix combolog.2.txt

here are the TDSSKILLER logs after doing what you last told me to do TDSSKiller.3.0.0.40_05.09.2014_09.39.59_log.txt TDSSKiller.3.0.0.40_05.09.2014_09.32.46_log.txt

Hi, thanks for your help. I've attached the malware 2.0 log, and i've copied/pasted the roguekiller log RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : https://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : IT Admin [Admin rights] Mode : Scan -- Date : 09/04/2014 13:58:28 ¤¤¤ Bad processes : 2 ¤¤¤ [Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill] [Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill] ¤¤¤ Registry Entries : 45 ¤¤¤ [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | xnareebd : "C:\Users\Internet\AppData\Local\gdmqpuba.exe" -> FOUND [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | gedadskf : "C:\Users\Internet\AppData\Local\jlnomvvv.exe" -> FOUND [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | Xyutheik : C:\Users\Internet\AppData\Roaming\Vuotanov\huonrav.exe -> FOUND [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opdewexuguvyy : C:\Users\Internet\AppData\Roaming\Wuoxloy\kewauf.exe -> FOUND [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | ibpgsirt : "C:\Users\Internet\AppData\Local\fnjwxcvc.exe" -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | xnareebd : "C:\Users\Internet\AppData\Local\gdmqpuba.exe" -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | gedadskf : "C:\Users\Internet\AppData\Local\jlnomvvv.exe" -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | Xyutheik : C:\Users\Internet\AppData\Roaming\Vuotanov\huonrav.exe -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opdewexuguvyy : C:\Users\Internet\AppData\Roaming\Wuoxloy\kewauf.exe -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | ibpgsirt : "C:\Users\Internet\AppData\Local\fnjwxcvc.exe" -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{979158D8-6773-4AAF-B65B-63F51D51742C} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B69A108C-E85B-4454-9F46-C56AA7E7AE1B} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{979158D8-6773-4AAF-B65B-63F51D51742C} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B69A108C-E85B-4454-9F46-C56AA7E7AE1B} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{979158D8-6773-4AAF-B65B-63F51D51742C} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B69A108C-E85B-4454-9F46-C56AA7E7AE1B} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013 -> FOUND [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013 -> FOUND [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013 -> FOUND [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013 -> FOUND [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 3 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 csmg.lgmobile.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 csmgdl.lgmobile.com ¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤ [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\Drivers\PxHlpa64.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5076GSX ATA Device +++++ --- User --- [MBR] 36d300cdcdc297db364b4a286e8c8414 [bSP] 76c7f1e73a88ce1a5c0d663a6e1c13ba : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) malware.2.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02 Ran by IT Admin (administrator) on FBI-FIELD-POST_ on 04-09-2014 10:33:44 Running from C:\Users\Internet\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Akamai Technologies, Inc.) C:\Users\Internet\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Internet\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6476288 2012-08-06] (Dell Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [b2C_AGENT] => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3276732486-4280350040-1888794142-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-3276732486-4280350040-1888794142-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3276732486-4280350040-1888794142-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3276732486-4280350040-1888794142-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [Google Update] => C:\Users\Internet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-17] (Google Inc.) HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [GoogleChromeAutoLaunch_223E2B52059A79E544C8556516B55F54] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.) HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB) HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Internet\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [xnareebd] => C:\Users\Internet\AppData\Local\gdmqpuba.exe [144384 2014-09-02] () HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [gedadskf] => C:\Users\Internet\AppData\Local\jlnomvvv.exe [169984 2014-09-03] () HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [Xyutheik] => C:\Users\Internet\AppData\Roaming\Vuotanov\huonrav.exe [303870 2013-01-16] () HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [Opdewexuguvyy] => C:\Users\Internet\AppData\Roaming\Wuoxloy\kewauf.exe HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [ibpgsirt] => C:\Users\Internet\AppData\Local\fnjwxcvc.exe [171520 2014-09-04] () HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\IT Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (No File) ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File GroupPolicyUsers\S-1-5-21-3276732486-4280350040-1888794142-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013 BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM {FADF41E5-EF98-4428-A224-4982261B2C18} http://www.q-net.or.kr/activex/PrintManagerV.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF ProfilePath: C:\Users\IT Admin\AppData\Roaming\Mozilla\Firefox\Profiles\og5lskkw.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-02-07] Chrome: ======= CHR HomePage: Default -> hxxp://xfinity.comcast.net/?cid=insDate10282012 CHR Profile: C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18] CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-07-31] CHR Extension: (Google Wallet) - C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-07] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5820928 2012-08-06] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] () S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 androidusb; System32\Drivers\lgandadb.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 usbbus; system32\DRIVERS\lgx64bus.sys [X] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X] S3 USBModem; system32\DRIVERS\lgx64modem.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 10:33 - 2014-09-04 10:34 - 00023876 _____ () C:\Users\Internet\Desktop\FRST.txt 2014-09-04 09:24 - 2014-09-04 09:24 - 00003956 _____ () C:\Users\Internet\Desktop\malware.1.txt 2014-09-04 09:14 - 2014-09-04 09:15 - 05576326 _____ (Swearware) C:\Users\Internet\Downloads\ComboFix.exe 2014-09-04 09:13 - 2014-09-04 09:13 - 02104832 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe 2014-09-04 08:48 - 2014-09-04 08:48 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Owreynnu 2014-09-04 08:46 - 2014-09-04 08:46 - 00171520 _____ () C:\Users\Internet\AppData\Local\fnjwxcvc.exe 2014-09-03 15:07 - 2014-09-03 15:07 - 00024960 _____ () C:\Users\Internet\Downloads\[kickass.to]the.bridge.us.s02e08.hdtv.x264.killers.vtv.mp4.torrent 2014-09-03 14:00 - 2014-09-03 14:00 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Ohzocex 2014-09-03 12:24 - 2014-09-04 09:24 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Wuoxloy 2014-09-03 11:54 - 2014-09-03 11:54 - 00000000 ____D () C:\Users\Internet\Downloads\ColdFusionHD 2014-09-03 11:54 - 2014-09-03 11:54 - 00000000 ____D () C:\Users\Internet\Downloads\cold_fusion_hd_icon_pack_by_chrisbanks2-d4leehh 2014-09-03 11:53 - 2014-09-03 11:53 - 11261470 _____ () C:\Users\Internet\Downloads\cold_fusion_hd_icon_pack_by_chrisbanks2-d4leehh.zip 2014-09-03 11:52 - 2014-09-03 13:50 - 00000000 ____D () C:\Users\Internet\Downloads\Geometry Icons Pack 2014-09-03 11:29 - 2014-09-03 11:30 - 00312625 _____ () C:\Users\Internet\Downloads\Geometry_Icons_Pack_by_pk1st.rar 2014-09-03 09:55 - 2014-09-03 09:55 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Vuotanov 2014-09-03 08:40 - 2014-09-03 10:55 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Neryqaw 2014-09-03 08:38 - 2014-09-03 08:38 - 00169984 _____ () C:\Users\Internet\AppData\Local\jlnomvvv.exe 2014-09-02 15:55 - 2014-09-02 16:14 - 1056131795 _____ () C:\Users\Internet\Downloads\Unconfirmed 215257.crdownload 2014-09-02 15:52 - 2014-09-02 15:52 - 00068415 _____ () C:\Users\Internet\AppData\Local\ptktqfwv 2014-09-02 15:39 - 2014-09-02 15:39 - 00144384 _____ () C:\Users\Internet\AppData\Local\gdmqpuba.exe 2014-09-02 15:17 - 2014-09-02 15:19 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Autodesk 2014-09-02 15:17 - 2014-09-02 15:18 - 00000000 ____D () C:\Users\Internet\Documents\maya 2014-09-02 15:17 - 2014-09-02 15:17 - 00000000 ____D () C:\Users\Internet\AppData\Local\Autodesk 2014-09-02 15:17 - 2014-09-02 15:17 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-09-02 14:37 - 2014-09-02 14:37 - 00000000 ____D () C:\Users\IT Admin\Documents\Inventor Server x64 Direct Connect 2014-09-02 14:35 - 2014-09-02 14:35 - 00000000 ____D () C:\Program Files (x86)\Autodesk 2014-09-02 14:30 - 2014-09-02 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2014-09-02 14:30 - 2014-09-02 14:30 - 00001792 _____ () C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk 2014-09-02 14:30 - 2014-09-02 14:30 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared 2014-09-02 14:23 - 2014-09-02 14:35 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared 2014-09-02 14:23 - 2014-09-02 14:33 - 00000000 ____D () C:\Program Files\Autodesk 2014-09-02 14:22 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2014-09-02 14:22 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2014-09-02 14:22 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2014-09-02 14:22 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-09-02 14:22 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2014-09-02 14:22 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2014-09-02 14:22 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2014-09-02 14:22 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2014-09-02 14:22 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2014-09-02 14:22 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2014-09-02 14:22 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2014-09-02 14:22 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2014-09-02 14:22 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2014-09-02 14:22 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2014-09-02 14:22 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2014-09-02 14:22 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2014-09-02 14:22 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-09-02 14:22 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2014-09-02 14:22 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2014-09-02 14:22 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-09-02 14:22 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-09-02 14:22 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2014-09-02 14:22 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2014-09-02 14:22 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2014-09-02 14:22 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2014-09-02 14:22 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2014-09-02 14:21 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-09-02 14:21 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2014-09-02 14:21 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2014-09-02 14:21 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2014-09-02 14:21 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2014-09-02 14:21 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2014-09-02 14:21 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2014-09-02 14:21 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2014-09-02 14:21 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2014-09-02 14:21 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2014-09-02 14:21 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2014-09-02 14:21 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2014-09-02 14:21 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2014-09-02 14:21 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2014-09-02 14:21 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-09-02 14:21 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2014-09-02 14:21 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2014-09-02 14:21 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-09-02 14:21 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-09-02 14:21 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2014-09-02 14:21 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-09-02 14:21 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2014-09-02 14:21 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-09-02 14:21 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2014-09-02 14:21 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-09-02 14:21 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2014-09-02 14:21 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-09-02 14:21 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2014-09-02 14:21 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2014-09-02 14:21 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-09-02 14:21 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-09-02 14:21 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2014-09-02 14:21 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-09-02 14:21 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2014-09-02 14:21 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2014-09-02 14:21 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-09-02 14:21 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2014-09-02 14:21 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-09-02 14:21 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-09-02 14:21 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-09-02 14:21 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2014-09-02 14:21 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2014-09-02 14:21 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2014-09-02 14:21 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2014-09-02 14:21 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2014-09-02 14:21 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2014-09-02 14:21 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2014-09-02 14:21 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2014-09-02 14:21 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2014-09-02 14:21 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2014-09-02 14:21 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2014-09-02 14:21 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2014-09-02 14:21 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2014-09-02 14:21 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2014-09-02 14:21 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2014-09-02 14:21 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2014-09-02 14:21 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2014-09-02 14:21 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2014-09-02 14:21 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2014-09-02 14:21 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2014-09-02 14:21 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2014-09-02 14:21 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2014-09-02 14:21 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2014-09-02 14:21 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2014-09-02 14:21 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2014-09-02 14:21 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2014-09-02 14:21 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2014-09-02 14:21 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2014-09-02 14:21 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2014-09-02 14:21 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2014-09-02 14:21 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2014-09-02 14:21 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2014-09-02 14:21 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2014-09-02 14:21 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2014-09-02 14:21 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2014-09-02 14:21 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2014-09-02 14:21 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2014-09-02 14:21 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2014-09-02 14:21 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2014-09-02 14:21 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2014-09-02 14:21 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2014-09-02 14:21 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2014-09-02 14:21 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2014-09-02 14:21 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2014-09-02 14:21 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2014-09-02 14:21 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2014-09-02 14:21 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2014-09-02 14:21 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2014-09-02 14:21 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2014-09-02 14:21 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2014-09-02 14:21 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2014-09-02 14:21 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2014-09-02 14:21 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2014-09-02 14:21 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2014-09-02 14:21 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2014-09-02 14:21 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2014-09-02 14:21 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2014-09-02 14:21 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2014-09-02 14:21 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2014-09-02 14:21 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2014-09-02 14:21 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2014-09-02 14:21 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2014-09-02 14:21 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-09-02 14:21 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2014-09-02 14:21 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2014-09-02 14:21 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2014-09-02 14:21 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2014-09-02 14:21 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2014-09-02 14:21 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2014-09-02 14:21 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2014-09-02 14:21 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2014-09-02 14:21 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2014-09-02 14:21 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2014-09-02 14:21 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2014-09-02 14:21 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2014-09-02 14:21 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2014-09-02 14:21 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2014-09-02 14:21 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2014-09-02 14:21 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2014-09-02 14:21 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2014-09-02 14:21 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2014-09-02 14:21 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2014-09-02 14:21 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2014-09-02 14:21 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2014-09-02 14:20 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2014-09-02 14:20 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2014-09-02 14:20 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2014-09-02 14:20 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2014-09-02 14:20 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2014-09-02 14:20 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2014-09-02 14:20 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2014-09-02 14:20 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2014-09-02 14:20 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-09-02 14:20 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2014-09-02 14:20 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-09-02 14:20 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2014-09-02 14:20 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-09-02 14:20 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2014-09-02 14:20 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2014-09-02 14:20 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2014-09-02 14:20 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-09-02 14:20 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2014-09-02 14:15 - 2014-09-02 15:19 - 00000000 ____D () C:\ProgramData\Autodesk 2014-09-02 14:15 - 2014-09-02 14:15 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\Autodesk 2014-09-02 14:11 - 2012-03-02 16:15 - 00026910 _____ () C:\Users\Internet\Desktop\setup.ini 2014-09-02 14:11 - 2012-03-02 16:15 - 00000000 ____D () C:\Users\Internet\Desktop\eula 2014-09-02 13:06 - 2014-09-02 13:06 - 15325800 _____ () C:\Users\Internet\Downloads\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_en-US_Setup1.exe 2014-09-02 13:04 - 2014-09-02 13:04 - 00000000 ____D () C:\Autodesk 2014-09-02 13:00 - 2014-09-02 13:00 - 00000086 _____ () C:\Users\Internet\Desktop\Autodesk Maya 2013.txt 2014-08-29 19:43 - 2014-08-29 19:43 - 00000017 _____ () C:\Users\Internet\Desktop\rugby hemi.txt 2014-08-28 08:44 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 08:44 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 08:44 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-27 09:06 - 2014-08-27 09:06 - 00001852 _____ () C:\Users\Public\Desktop\Vuze.lnk 2014-08-25 22:33 - 2014-08-25 22:33 - 02398182 _____ () C:\Users\Internet\Desktop\yellow_lined_paper.bmp 2014-08-25 19:02 - 2014-08-25 19:05 - 09881904 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-final-28-bars.wav 2014-08-25 08:15 - 2014-08-25 08:15 - 00000129 ____H () C:\Users\Internet\Downloads\.~lock.How to Fill In Your Time Sheet - Teachers.doc# 2014-08-25 08:15 - 2014-08-25 08:15 - 00000129 ____H () C:\Users\Internet\Downloads\.~lock.2014 Timesheet Usernames.xls# 2014-08-24 12:26 - 2014-08-24 12:26 - 259628247 _____ () C:\Users\Internet\Desktop\adb. birthday video.mp4 2014-08-24 09:41 - 2014-08-24 09:42 - 00000000 ____D () C:\Users\Internet\Desktop\jojo swimming 2014-08-22 15:33 - 2014-08-10 08:39 - 270926004 ____N () C:\Users\Internet\Desktop\break-every-chain-chords.wav 2014-08-21 15:34 - 2014-08-21 15:34 - 00000000 ____D () C:\Users\Internet\Documents\Adobe Scripts 2014-08-21 10:55 - 2014-08-21 10:55 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProjectLibre 2014-08-21 10:55 - 2014-08-21 10:55 - 00000000 ____D () C:\Program Files (x86)\ProjectLibre 2014-08-19 17:12 - 2014-08-19 17:12 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-08-19 17:12 - 2014-08-19 17:12 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-08-19 17:12 - 2013-10-17 11:32 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys 2014-08-18 18:27 - 2014-08-18 18:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-18 18:27 - 2014-08-18 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-18 18:26 - 2014-08-18 18:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-18 18:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-18 18:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-18 17:46 - 2014-08-18 17:46 - 00001391 _____ () C:\Users\Internet\AppData\Local\recently-used.xbel 2014-08-18 10:53 - 2014-08-18 10:53 - 00000129 ____H () C:\Users\Internet\Desktop\.~lock.rce text logo.doc# 2014-08-18 10:50 - 2014-08-12 13:28 - 00009216 _____ () C:\Users\Internet\Desktop\SCAD Questions.odt 2014-08-14 20:47 - 2014-08-14 20:48 - 00708912 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-final-close.wav 2014-08-14 20:26 - 2014-08-14 20:32 - 00356656 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-1-2-ending.wav 2014-08-14 15:52 - 2014-08-14 20:19 - 00000000 ____D () C:\Users\Internet\Desktop\crazy jo and abcdefg 2014-08-13 22:47 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-13 22:47 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-13 22:47 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-13 22:47 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 22:47 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 22:47 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-13 22:47 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-13 22:47 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-13 08:37 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-13 08:37 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-13 08:36 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-13 08:36 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-13 08:36 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-13 08:36 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-13 08:36 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-13 08:36 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-13 08:36 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-13 08:36 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-13 08:36 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-13 08:36 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-13 08:36 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-13 08:36 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-13 08:36 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-13 08:36 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-13 08:36 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-13 08:36 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-13 08:36 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-13 08:36 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-13 08:36 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-13 08:36 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-13 08:36 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-13 08:36 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-13 08:36 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-13 08:36 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-13 08:36 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-13 08:36 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-13 08:36 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-13 08:36 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-13 08:36 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-13 08:36 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-13 08:36 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-13 08:36 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-13 08:36 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-13 08:36 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-13 08:36 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-13 08:36 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-13 08:36 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-13 08:36 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-13 08:36 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-13 08:36 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-13 08:36 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-13 08:36 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-13 08:36 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-13 08:36 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-13 08:36 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-13 08:36 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-13 08:36 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-13 08:36 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-13 08:36 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-13 08:36 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-13 08:36 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-13 08:36 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-13 08:36 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-13 08:36 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-13 08:36 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-13 08:36 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 08:36 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 08:36 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 08:36 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-13 08:36 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 08:36 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-13 08:36 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-13 08:36 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-13 08:35 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-13 08:35 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-13 08:35 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-13 08:35 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-13 08:35 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-13 08:35 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-13 08:35 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-13 08:35 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-13 08:35 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-13 08:35 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-13 08:35 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-13 08:35 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-13 08:35 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-13 08:35 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-13 08:35 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-13 08:35 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-13 08:35 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-13 08:35 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-13 08:35 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-12 17:00 - 2014-08-12 16:56 - 32780188 _____ () C:\Users\Internet\Desktop\rce intro.mp4 2014-08-12 13:50 - 2014-08-12 13:51 - 45185410 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-1.wav 2014-08-12 08:54 - 2014-08-12 08:54 - 00001578 _____ () C:\Users\IT Admin\Desktop\DivX Movies.lnk 2014-08-12 08:54 - 2014-08-12 08:54 - 00001066 _____ () C:\Users\Public\Desktop\DivX Player.lnk 2014-08-12 08:53 - 2014-08-12 08:54 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\DivX 2014-08-12 08:53 - 2014-08-12 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-08-12 08:53 - 2014-08-12 08:53 - 00001131 _____ () C:\Users\Public\Desktop\DivX Converter.lnk 2014-08-12 08:53 - 2014-08-12 08:53 - 00000000 ____D () C:\Program Files\DivX 2014-08-12 08:51 - 2014-08-12 08:54 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-08-12 08:50 - 2014-08-12 08:54 - 00000000 ____D () C:\ProgramData\DivX 2014-08-06 12:18 - 2014-08-06 12:18 - 00000000 ____D () C:\ProgramData\Automatic Duck ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 10:34 - 2014-09-04 10:33 - 00023876 _____ () C:\Users\Internet\Desktop\FRST.txt 2014-09-04 10:33 - 2012-11-12 23:27 - 00000000 ____D () C:\FRST 2014-09-04 10:31 - 2012-08-26 15:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-04 10:27 - 2013-04-12 22:53 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3276732486-4280350040-1888794142-1001UA.job 2014-09-04 09:57 - 2012-08-16 15:42 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-04 09:36 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-04 09:36 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-04 09:33 - 2012-08-03 21:07 - 01423444 _____ () C:\Windows\WindowsUpdate.log 2014-09-04 09:31 - 2012-08-16 10:52 - 00000000 ____D () C:\Users\Internet\AppData\Local\Adobe 2014-09-04 09:30 - 2013-06-16 07:09 - 00000000 ___RD () C:\Users\Internet\Google Drive 2014-09-04 09:29 - 2012-08-16 15:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-04 09:27 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-04 09:27 - 2009-07-14 00:51 - 00187663 _____ () C:\Windows\setupact.log 2014-09-04 09:24 - 2014-09-04 09:24 - 00003956 _____ () C:\Users\Internet\Desktop\malware.1.txt 2014-09-04 09:24 - 2014-09-03 12:24 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Wuoxloy 2014-09-04 09:15 - 2014-09-04 09:14 - 05576326 _____ (Swearware) C:\Users\Internet\Downloads\ComboFix.exe 2014-09-04 09:13 - 2014-09-04 09:13 - 02104832 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe 2014-09-04 08:48 - 2014-09-04 08:48 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Owreynnu 2014-09-04 08:46 - 2014-09-04 08:46 - 00171520 _____ () C:\Users\Internet\AppData\Local\fnjwxcvc.exe 2014-09-03 20:36 - 2013-04-12 22:53 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3276732486-4280350040-1888794142-1001Core.job 2014-09-03 19:15 - 2013-07-17 21:32 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\vlc 2014-09-03 15:38 - 2012-08-22 20:46 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Azureus 2014-09-03 15:07 - 2014-09-03 15:07 - 00024960 _____ () C:\Users\Internet\Downloads\[kickass.to]the.bridge.us.s02e08.hdtv.x264.killers.vtv.mp4.torrent 2014-09-03 14:00 - 2014-09-03 14:00 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Ohzocex 2014-09-03 13:50 - 2014-09-03 11:52 - 00000000 ____D () C:\Users\Internet\Downloads\Geometry Icons Pack 2014-09-03 11:54 - 2014-09-03 11:54 - 00000000 ____D () C:\Users\Internet\Downloads\ColdFusionHD 2014-09-03 11:54 - 2014-09-03 11:54 - 00000000 ____D () C:\Users\Internet\Downloads\cold_fusion_hd_icon_pack_by_chrisbanks2-d4leehh 2014-09-03 11:53 - 2014-09-03 11:53 - 11261470 _____ () C:\Users\Internet\Downloads\cold_fusion_hd_icon_pack_by_chrisbanks2-d4leehh.zip 2014-09-03 11:30 - 2014-09-03 11:29 - 00312625 _____ () C:\Users\Internet\Downloads\Geometry_Icons_Pack_by_pk1st.rar 2014-09-03 10:55 - 2014-09-03 08:40 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Neryqaw 2014-09-03 09:55 - 2014-09-03 09:55 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Vuotanov 2014-09-03 08:38 - 2014-09-03 08:38 - 00169984 _____ () C:\Users\Internet\AppData\Local\jlnomvvv.exe 2014-09-02 16:14 - 2014-09-02 15:55 - 1056131795 _____ () C:\Users\Internet\Downloads\Unconfirmed 215257.crdownload 2014-09-02 15:52 - 2014-09-02 15:52 - 00068415 _____ () C:\Users\Internet\AppData\Local\ptktqfwv 2014-09-02 15:50 - 2012-10-03 13:13 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\Adobe 2014-09-02 15:40 - 2013-02-03 20:31 - 00000000 ___RD () C:\Users\Internet\Dropbox 2014-09-02 15:39 - 2014-09-02 15:39 - 00144384 _____ () C:\Users\Internet\AppData\Local\gdmqpuba.exe 2014-09-02 15:19 - 2014-09-02 15:17 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Autodesk 2014-09-02 15:19 - 2014-09-02 14:15 - 00000000 ____D () C:\ProgramData\Autodesk 2014-09-02 15:18 - 2014-09-02 15:17 - 00000000 ____D () C:\Users\Internet\Documents\maya 2014-09-02 15:17 - 2014-09-02 15:17 - 00000000 ____D () C:\Users\Internet\AppData\Local\Autodesk 2014-09-02 15:17 - 2014-09-02 15:17 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-09-02 15:16 - 2013-10-16 16:38 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\TeamViewer 2014-09-02 15:09 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-02 14:37 - 2014-09-02 14:37 - 00000000 ____D () C:\Users\IT Admin\Documents\Inventor Server x64 Direct Connect 2014-09-02 14:35 - 2014-09-02 14:35 - 00000000 ____D () C:\Program Files (x86)\Autodesk 2014-09-02 14:35 - 2014-09-02 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2014-09-02 14:35 - 2014-09-02 14:23 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared 2014-09-02 14:33 - 2014-09-02 14:23 - 00000000 ____D () C:\Program Files\Autodesk 2014-09-02 14:30 - 2014-09-02 14:30 - 00001792 _____ () C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk 2014-09-02 14:30 - 2014-09-02 14:30 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared 2014-09-02 14:21 - 2013-05-20 06:41 - 00010849 _____ () C:\Windows\DirectX.log 2014-09-02 14:15 - 2014-09-02 14:15 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\Autodesk 2014-09-02 14:12 - 2012-08-06 11:29 - 00071496 _____ () C:\Users\IT Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-02 13:06 - 2014-09-02 13:06 - 15325800 _____ () C:\Users\Internet\Downloads\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_en-US_Setup1.exe 2014-09-02 13:04 - 2014-09-02 13:04 - 00000000 ____D () C:\Autodesk 2014-09-02 13:00 - 2014-09-02 13:00 - 00000086 _____ () C:\Users\Internet\Desktop\Autodesk Maya 2013.txt 2014-08-29 19:43 - 2014-08-29 19:43 - 00000017 _____ () C:\Users\Internet\Desktop\rugby hemi.txt 2014-08-29 19:00 - 2012-08-06 15:45 - 00000306 _____ () C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job 2014-08-29 18:00 - 2012-08-06 15:45 - 00000332 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job 2014-08-28 17:08 - 2009-07-14 00:45 - 05004728 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-27 09:06 - 2014-08-27 09:06 - 00001852 _____ () C:\Users\Public\Desktop\Vuze.lnk 2014-08-27 09:06 - 2012-08-22 20:46 - 00001852 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk 2014-08-27 09:06 - 2012-08-22 20:46 - 00000000 ____D () C:\Program Files (x86)\Vuze 2014-08-26 12:44 - 2014-08-04 12:50 - 00000000 ____D () C:\abd 2014-08-25 22:33 - 2014-08-25 22:33 - 02398182 _____ () C:\Users\Internet\Desktop\yellow_lined_paper.bmp 2014-08-25 19:05 - 2014-08-25 19:02 - 09881904 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-final-28-bars.wav 2014-08-25 08:15 - 2014-08-25 08:15 - 00000129 ____H () C:\Users\Internet\Downloads\.~lock.How to Fill In Your Time Sheet - Teachers.doc# 2014-08-25 08:15 - 2014-08-25 08:15 - 00000129 ____H () C:\Users\Internet\Downloads\.~lock.2014 Timesheet Usernames.xls# 2014-08-24 12:26 - 2014-08-24 12:26 - 259628247 _____ () C:\Users\Internet\Desktop\adb. birthday video.mp4 2014-08-24 09:42 - 2014-08-24 09:41 - 00000000 ____D () C:\Users\Internet\Desktop\jojo swimming 2014-08-22 22:07 - 2014-08-28 08:44 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-22 21:45 - 2014-08-28 08:44 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-22 20:59 - 2014-08-28 08:44 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-21 15:34 - 2014-08-21 15:34 - 00000000 ____D () C:\Users\Internet\Documents\Adobe Scripts 2014-08-21 15:33 - 2012-08-06 15:46 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Adobe 2014-08-21 15:20 - 2012-08-06 15:42 - 00071496 _____ () C:\Users\Internet\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-21 14:01 - 2012-08-06 10:20 - 00000000 ____D () C:\Users\IT Admin 2014-08-21 10:55 - 2014-08-21 10:55 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProjectLibre 2014-08-21 10:55 - 2014-08-21 10:55 - 00000000 ____D () C:\Program Files (x86)\ProjectLibre 2014-08-20 13:59 - 2013-06-16 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-08-19 20:23 - 2014-07-19 23:32 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Skype 2014-08-19 17:12 - 2014-08-19 17:12 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-08-19 17:12 - 2014-08-19 17:12 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-08-19 17:12 - 2012-08-06 13:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-08-18 23:29 - 2014-05-12 17:58 - 00000000 ____D () C:\Users\Internet\Documents\Adobe 2014-08-18 18:27 - 2014-08-18 18:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-18 18:27 - 2014-08-18 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-18 18:27 - 2014-08-18 18:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-18 18:27 - 2012-10-23 12:22 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\Malwarebytes 2014-08-18 18:27 - 2012-10-23 12:22 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-18 17:50 - 2013-10-23 10:52 - 00000000 ____D () C:\Users\Internet\.gimp-2.8 2014-08-18 17:46 - 2014-08-18 17:46 - 00001391 _____ () C:\Users\Internet\AppData\Local\recently-used.xbel 2014-08-18 17:46 - 2013-10-23 10:56 - 00000000 ____D () C:\Users\Internet\AppData\Local\gtk-2.0 2014-08-18 10:53 - 2014-08-18 10:53 - 00000129 ____H () C:\Users\Internet\Desktop\.~lock.rce text logo.doc# 2014-08-14 20:48 - 2014-08-14 20:47 - 00708912 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-final-close.wav 2014-08-14 20:32 - 2014-08-14 20:26 - 00356656 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-1-2-ending.wav 2014-08-14 20:27 - 2012-10-16 12:41 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Audacity 2014-08-14 20:19 - 2014-08-14 15:52 - 00000000 ____D () C:\Users\Internet\Desktop\crazy jo and abcdefg 2014-08-14 10:57 - 2013-09-14 20:45 - 00000000 ____D () C:\Windows\rescache 2014-08-13 23:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-13 22:57 - 2013-07-29 05:03 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-13 22:53 - 2012-08-08 18:23 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-13 22:46 - 2014-04-30 12:43 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-12 16:56 - 2014-08-12 17:00 - 32780188 _____ () C:\Users\Internet\Desktop\rce intro.mp4 2014-08-12 13:51 - 2014-08-12 13:50 - 45185410 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-1.wav 2014-08-12 13:28 - 2014-08-18 10:50 - 00009216 _____ () C:\Users\Internet\Desktop\SCAD Questions.odt 2014-08-12 08:54 - 2014-08-12 08:54 - 00001578 _____ () C:\Users\IT Admin\Desktop\DivX Movies.lnk 2014-08-12 08:54 - 2014-08-12 08:54 - 00001066 _____ () C:\Users\Public\Desktop\DivX Player.lnk 2014-08-12 08:54 - 2014-08-12 08:53 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\DivX 2014-08-12 08:54 - 2014-08-12 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-08-12 08:54 - 2014-08-12 08:51 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-08-12 08:54 - 2014-08-12 08:50 - 00000000 ____D () C:\ProgramData\DivX 2014-08-12 08:54 - 2013-11-17 16:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-12 08:53 - 2014-08-12 08:53 - 00001131 _____ () C:\Users\Public\Desktop\DivX Converter.lnk 2014-08-12 08:53 - 2014-08-12 08:53 - 00000000 ____D () C:\Program Files\DivX 2014-08-10 08:39 - 2014-08-22 15:33 - 270926004 ____N () C:\Users\Internet\Desktop\break-every-chain-chords.wav 2014-08-06 22:06 - 2014-08-13 08:35 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-06 22:01 - 2014-08-13 08:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-06 12:18 - 2014-08-06 12:18 - 00000000 ____D () C:\ProgramData\Automatic Duck Some content of TEMP: ==================== C:\Users\Internet\AppData\Local\temp\i4jdel0.exe C:\Users\Internet\AppData\Local\temp\i4jdel1.exe C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_34526e17.exe C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_4e2750a2.exe C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_a33d8b8f.exe C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_a7334f52.exe C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_b536614a.exe C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_c670fa94.exe C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_e17a2f25.exe C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_fc933515.exe C:\Users\IT Admin\AppData\Local\temp\AcDeltree.exe C:\Users\IT Admin\AppData\Local\temp\converter.exe C:\Users\IT Admin\AppData\Local\temp\DeleteInstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD, see Addition.txt for additional information. LastRegBack: 2014-08-27 01:12 ==================== End Of Log ============================ =============== FRST.txt Addition.txt

absolutely no problems. just hoping for the all clear

...ugh..sorry. here ya go. thanks for your patience. ComboFix.txt

ok, thanks again, here is the combofix log after running the script: ComboFix.txt

sorry, i was away from the computer yesterday. i ran the scan from your last post and didn't see anything particulary scary, but it did find over 30 potential threats. i've attached the text. potentialthreats.txt

update: after that last scan, i rebooted and scanned again and it came up all clear. what do you think?

thanks, I just got back to my computer, and it looks like it's running fine. the ransom pop-up is gone. however, i ran a malwarebytes scan and it still found the 3 same files. log attached: mbam-log-2012-11-13 (22-25-59).txt

Ok. Here is the Combofix .txt: combofix.txt