[Continuous Adobe Update/Virus]

sorry, after all of that, i was still getting a java update notice, but it is actually a legitimate adobe update. so, it seems to be better. now.  does everything seem good from the logs?  i'm a little newbie with all of this

[Continuous Adobe Update/Virus]

oh, yes.  sorry, here is the last scan.

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Internet

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 289439

Time Elapsed: 1 min, 9 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 5

PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Delete-on-Reboot, [b84f9555cfac7fb7752951294eb48878], 

PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Delete-on-Reboot, [b84f9555cfac7fb7752951294eb48878], 

PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Delete-on-Reboot, [b84f9555cfac7fb7752951294eb48878], 

PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Delete-on-Reboot, [b84f9555cfac7fb7752951294eb48878], 

PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Delete-on-Reboot, [9770fded22597fb7d3d05d5bff039e62], 

 

Registry Values: 2

PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Delete-on-Reboot, [26e138b27ffced49b52e6f84679b44bc]

PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Delete-on-Reboot, [b651d911cab17cbaf6edfdf69d65e21e]

 

Registry Data: 1

PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013),Delete-on-Reboot,[2fd8bd2d90eb64d2470ab134c93b37c9]

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[Continuous Adobe Update/Virus]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x64

Ran by IT Admin on Fri 09/05/2014 at 15:22:06.73

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\IT Admin\AppData\Roaming\getrighttogo"

 

 

here is the JRT log:

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 09/05/2014 at 15:28:44.25

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Continuous Adobe Update/Virus]

Here is the log after running AdwCleaner:

 

# AdwCleaner v3.309 - Report created 05/09/2014 at 14:42:22

# Updated 02/09/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : IT Admin - FBI-FIELD-POST_

# Running from : C:\Users\Internet\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage

File Found : C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

Folder Found : C:\ProgramData\NCH Software

Folder Found : C:\ProgramData\Windows Genuine Advantage

Folder Found : C:\Users\Internet\AppData\Roaming\NCH Software

Folder Found : C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

Folder Found : C:\Users\IT Admin\AppData\Roaming\dvdvideosoftiehelpers

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}]

Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17239

 

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013

 

-\\ Mozilla Firefox v25.0.1 (en-US)

 

[ File : C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hcsn646c.default\prefs.js ]

 

Line Found : user_pref("browser.search.defaultenginename", "Web Search");

Line Found : user_pref("browser.search.selectedEngine", "Web Search");

 

[ File : C:\Users\IT Admin\AppData\Roaming\Mozilla\Firefox\Profiles\og5lskkw.default\prefs.js ]

 

 

-\\ Google Chrome v37.0.2062.103

 

[ File : C:\Users\Internet\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp

 

*************************

 

AdwCleaner[R0].txt - [6118 octets] - [05/09/2014 14:42:22]

 

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [6178 octets] ##########

[Continuous Adobe Update/Virus]

here is the log after the combo fix

combolog.2.txt

[Continuous Adobe Update/Virus]

here are the TDSSKILLER logs after doing what you last told me to do

TDSSKiller.3.0.0.40_05.09.2014_09.39.59_log.txt

TDSSKiller.3.0.0.40_05.09.2014_09.32.46_log.txt

[Continuous Adobe Update/Virus]

Hi, thanks for your help.

I've attached the malware 2.0 log, and i've copied/pasted the roguekiller log

 

RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : https://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : IT Admin [Admin rights]

Mode : Scan -- Date : 09/04/2014  13:58:28

 

¤¤¤ Bad processes : 2 ¤¤¤

[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]

[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]

 

¤¤¤ Registry Entries : 45 ¤¤¤

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | xnareebd : "C:\Users\Internet\AppData\Local\gdmqpuba.exe"  -> FOUND

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | gedadskf : "C:\Users\Internet\AppData\Local\jlnomvvv.exe"  -> FOUND

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | Xyutheik : C:\Users\Internet\AppData\Roaming\Vuotanov\huonrav.exe  -> FOUND

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opdewexuguvyy : C:\Users\Internet\AppData\Roaming\Wuoxloy\kewauf.exe  -> FOUND

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | ibpgsirt : "C:\Users\Internet\AppData\Local\fnjwxcvc.exe"  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | xnareebd : "C:\Users\Internet\AppData\Local\gdmqpuba.exe"  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | gedadskf : "C:\Users\Internet\AppData\Local\jlnomvvv.exe"  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | Xyutheik : C:\Users\Internet\AppData\Roaming\Vuotanov\huonrav.exe  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | Opdewexuguvyy : C:\Users\Internet\AppData\Roaming\Wuoxloy\kewauf.exe  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Run | ibpgsirt : "C:\Users\Internet\AppData\Local\fnjwxcvc.exe"  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{979158D8-6773-4AAF-B65B-63F51D51742C} | DhcpNameServer : 10.0.0.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B69A108C-E85B-4454-9F46-C56AA7E7AE1B} | DhcpNameServer : 10.0.0.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{979158D8-6773-4AAF-B65B-63F51D51742C} | DhcpNameServer : 10.0.0.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B69A108C-E85B-4454-9F46-C56AA7E7AE1B} | DhcpNameServer : 10.0.0.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{979158D8-6773-4AAF-B65B-63F51D51742C} | DhcpNameServer : 10.0.0.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B69A108C-E85B-4454-9F46-C56AA7E7AE1B} | DhcpNameServer : 10.0.0.1  -> FOUND

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND

[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013  -> FOUND

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013  -> FOUND

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013  -> FOUND

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013  -> FOUND

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND

[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND

[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013  -> FOUND

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013  -> FOUND

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013  -> FOUND

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3276732486-4280350040-1888794142-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013  -> FOUND

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 3 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 csmg.lgmobile.com 

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 csmgdl.lgmobile.com

 

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤

[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\Drivers\PxHlpa64.sys)

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5076GSX ATA Device +++++

--- User ---

[MBR] 36d300cdcdc297db364b4a286e8c8414

[bSP] 76c7f1e73a88ce1a5c0d663a6e1c13ba : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

malware.2.txt

[Continuous Adobe Update/Virus]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02

Ran by IT Admin (administrator) on FBI-FIELD-POST_ on 04-09-2014 10:33:44

Running from C:\Users\Internet\Desktop

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Akamai Technologies, Inc.) C:\Users\Internet\AppData\Local\Akamai\netsession_win.exe

(Akamai Technologies, Inc.) C:\Users\Internet\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)

HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6476288 2012-08-06] (Dell Inc.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [b2C_AGENT] => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3276732486-4280350040-1888794142-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-3276732486-4280350040-1888794142-1000\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-3276732486-4280350040-1888794142-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3276732486-4280350040-1888794142-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [Google Update] => C:\Users\Internet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-17] (Google Inc.)

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [GoogleChromeAutoLaunch_223E2B52059A79E544C8556516B55F54] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB)

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Internet\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [xnareebd] => C:\Users\Internet\AppData\Local\gdmqpuba.exe [144384 2014-09-02] ()

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [gedadskf] => C:\Users\Internet\AppData\Local\jlnomvvv.exe [169984 2014-09-03] ()

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [Xyutheik] => C:\Users\Internet\AppData\Roaming\Vuotanov\huonrav.exe [303870 2013-01-16] ()

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [Opdewexuguvyy] => C:\Users\Internet\AppData\Roaming\Wuoxloy\kewauf.exe

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Run: [ibpgsirt] => C:\Users\Internet\AppData\Local\fnjwxcvc.exe [171520 2014-09-04] ()

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3276732486-4280350040-1888794142-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Startup: C:\Users\IT Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (No File)

ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Internet\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

GroupPolicyUsers\S-1-5-21-3276732486-4280350040-1888794142-1001\User: Group Policy restriction detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=hp&installDate=31/07/2013

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013

SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013

SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013

SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=1dd76554-65a6-4cb8-839f-19b3a3bfe1a2&searchtype=ds&q={searchTerms}&installDate=31/07/2013

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)

BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM {FADF41E5-EF98-4428-A224-4982261B2C18} http://www.q-net.or.kr/activex/PrintManagerV.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\IT Admin\AppData\Roaming\Mozilla\Firefox\Profiles\og5lskkw.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-02-07]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://xfinity.comcast.net/?cid=insDate10282012

CHR Profile: C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-07-31]

CHR Extension: (Google Wallet) - C:\Users\IT Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-07]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5820928 2012-08-06] (Dell Inc.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)

S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]

S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]

S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]

S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]

S3 androidusb; System32\Drivers\lgandadb.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]

S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]

S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-04 10:33 - 2014-09-04 10:34 - 00023876 _____ () C:\Users\Internet\Desktop\FRST.txt

2014-09-04 09:24 - 2014-09-04 09:24 - 00003956 _____ () C:\Users\Internet\Desktop\malware.1.txt

2014-09-04 09:14 - 2014-09-04 09:15 - 05576326 _____ (Swearware) C:\Users\Internet\Downloads\ComboFix.exe

2014-09-04 09:13 - 2014-09-04 09:13 - 02104832 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe

2014-09-04 08:48 - 2014-09-04 08:48 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Owreynnu

2014-09-04 08:46 - 2014-09-04 08:46 - 00171520 _____ () C:\Users\Internet\AppData\Local\fnjwxcvc.exe

2014-09-03 15:07 - 2014-09-03 15:07 - 00024960 _____ () C:\Users\Internet\Downloads\[kickass.to]the.bridge.us.s02e08.hdtv.x264.killers.vtv.mp4.torrent

2014-09-03 14:00 - 2014-09-03 14:00 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Ohzocex

2014-09-03 12:24 - 2014-09-04 09:24 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Wuoxloy

2014-09-03 11:54 - 2014-09-03 11:54 - 00000000 ____D () C:\Users\Internet\Downloads\ColdFusionHD

2014-09-03 11:54 - 2014-09-03 11:54 - 00000000 ____D () C:\Users\Internet\Downloads\cold_fusion_hd_icon_pack_by_chrisbanks2-d4leehh

2014-09-03 11:53 - 2014-09-03 11:53 - 11261470 _____ () C:\Users\Internet\Downloads\cold_fusion_hd_icon_pack_by_chrisbanks2-d4leehh.zip

2014-09-03 11:52 - 2014-09-03 13:50 - 00000000 ____D () C:\Users\Internet\Downloads\Geometry Icons Pack

2014-09-03 11:29 - 2014-09-03 11:30 - 00312625 _____ () C:\Users\Internet\Downloads\Geometry_Icons_Pack_by_pk1st.rar

2014-09-03 09:55 - 2014-09-03 09:55 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Vuotanov

2014-09-03 08:40 - 2014-09-03 10:55 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Neryqaw

2014-09-03 08:38 - 2014-09-03 08:38 - 00169984 _____ () C:\Users\Internet\AppData\Local\jlnomvvv.exe

2014-09-02 15:55 - 2014-09-02 16:14 - 1056131795 _____ () C:\Users\Internet\Downloads\Unconfirmed 215257.crdownload

2014-09-02 15:52 - 2014-09-02 15:52 - 00068415 _____ () C:\Users\Internet\AppData\Local\ptktqfwv

2014-09-02 15:39 - 2014-09-02 15:39 - 00144384 _____ () C:\Users\Internet\AppData\Local\gdmqpuba.exe

2014-09-02 15:17 - 2014-09-02 15:19 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Autodesk

2014-09-02 15:17 - 2014-09-02 15:18 - 00000000 ____D () C:\Users\Internet\Documents\maya

2014-09-02 15:17 - 2014-09-02 15:17 - 00000000 ____D () C:\Users\Internet\AppData\Local\Autodesk

2014-09-02 15:17 - 2014-09-02 15:17 - 00000000 ____D () C:\ProgramData\FLEXnet

2014-09-02 14:37 - 2014-09-02 14:37 - 00000000 ____D () C:\Users\IT Admin\Documents\Inventor Server x64 Direct Connect

2014-09-02 14:35 - 2014-09-02 14:35 - 00000000 ____D () C:\Program Files (x86)\Autodesk

2014-09-02 14:30 - 2014-09-02 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk

2014-09-02 14:30 - 2014-09-02 14:30 - 00001792 _____ () C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk

2014-09-02 14:30 - 2014-09-02 14:30 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared

2014-09-02 14:23 - 2014-09-02 14:35 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared

2014-09-02 14:23 - 2014-09-02 14:33 - 00000000 ____D () C:\Program Files\Autodesk

2014-09-02 14:22 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2014-09-02 14:22 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll

2014-09-02 14:22 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll

2014-09-02 14:22 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2014-09-02 14:22 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll

2014-09-02 14:22 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2014-09-02 14:22 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll

2014-09-02 14:22 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2014-09-02 14:22 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll

2014-09-02 14:22 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2014-09-02 14:22 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2014-09-02 14:22 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll

2014-09-02 14:22 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll

2014-09-02 14:22 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2014-09-02 14:22 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll

2014-09-02 14:22 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2014-09-02 14:22 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll

2014-09-02 14:22 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll

2014-09-02 14:22 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2014-09-02 14:22 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll

2014-09-02 14:22 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll

2014-09-02 14:22 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2014-09-02 14:22 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll

2014-09-02 14:22 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2014-09-02 14:22 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll

2014-09-02 14:22 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2014-09-02 14:21 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll

2014-09-02 14:21 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll

2014-09-02 14:21 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll

2014-09-02 14:21 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2014-09-02 14:21 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll

2014-09-02 14:21 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2014-09-02 14:21 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2014-09-02 14:21 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll

2014-09-02 14:21 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll

2014-09-02 14:21 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2014-09-02 14:21 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll

2014-09-02 14:21 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2014-09-02 14:21 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll

2014-09-02 14:21 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll

2014-09-02 14:21 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll

2014-09-02 14:21 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2014-09-02 14:21 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2014-09-02 14:21 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll

2014-09-02 14:21 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll

2014-09-02 14:21 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2014-09-02 14:21 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll

2014-09-02 14:21 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2014-09-02 14:21 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2014-09-02 14:21 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2014-09-02 14:21 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2014-09-02 14:21 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2014-09-02 14:21 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2014-09-02 14:21 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2014-09-02 14:21 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2014-09-02 14:21 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll

2014-09-02 14:21 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll

2014-09-02 14:21 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2014-09-02 14:21 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll

2014-09-02 14:21 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2014-09-02 14:21 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2014-09-02 14:21 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll

2014-09-02 14:21 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-09-02 14:21 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll

2014-09-02 14:21 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2014-09-02 14:21 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll

2014-09-02 14:21 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll

2014-09-02 14:21 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2014-09-02 14:21 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2014-09-02 14:21 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll

2014-09-02 14:21 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll

2014-09-02 14:21 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2014-09-02 14:21 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2014-09-02 14:21 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll

2014-09-02 14:21 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll

2014-09-02 14:21 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2014-09-02 14:21 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll

2014-09-02 14:21 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2014-09-02 14:21 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll

2014-09-02 14:21 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2014-09-02 14:21 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll

2014-09-02 14:21 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2014-09-02 14:21 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2014-09-02 14:21 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll

2014-09-02 14:21 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll

2014-09-02 14:21 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2014-09-02 14:21 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll

2014-09-02 14:21 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2014-09-02 14:21 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll

2014-09-02 14:21 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2014-09-02 14:21 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll

2014-09-02 14:21 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2014-09-02 14:21 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll

2014-09-02 14:21 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll

2014-09-02 14:21 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll

2014-09-02 14:21 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll

2014-09-02 14:21 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll

2014-09-02 14:21 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll

2014-09-02 14:21 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll

2014-09-02 14:21 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll

2014-09-02 14:21 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll

2014-09-02 14:21 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll

2014-09-02 14:21 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll

2014-09-02 14:21 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll

2014-09-02 14:21 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll

2014-09-02 14:21 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll

2014-09-02 14:21 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll

2014-09-02 14:21 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll

2014-09-02 14:21 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll

2014-09-02 14:21 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll

2014-09-02 14:21 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll

2014-09-02 14:21 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll

2014-09-02 14:21 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll

2014-09-02 14:21 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2014-09-02 14:21 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll

2014-09-02 14:21 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll

2014-09-02 14:21 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll

2014-09-02 14:21 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll

2014-09-02 14:21 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll

2014-09-02 14:21 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll

2014-09-02 14:21 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll

2014-09-02 14:21 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2014-09-02 14:21 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll

2014-09-02 14:21 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll

2014-09-02 14:21 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll

2014-09-02 14:21 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2014-09-02 14:21 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll

2014-09-02 14:21 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll

2014-09-02 14:21 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll

2014-09-02 14:21 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll

2014-09-02 14:21 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll

2014-09-02 14:21 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll

2014-09-02 14:21 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll

2014-09-02 14:21 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll

2014-09-02 14:21 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll

2014-09-02 14:21 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll

2014-09-02 14:21 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll

2014-09-02 14:21 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll

2014-09-02 14:21 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll

2014-09-02 14:21 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll

2014-09-02 14:21 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll

2014-09-02 14:21 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll

2014-09-02 14:21 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll

2014-09-02 14:21 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll

2014-09-02 14:21 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll

2014-09-02 14:21 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll

2014-09-02 14:21 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll

2014-09-02 14:21 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll

2014-09-02 14:21 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll

2014-09-02 14:21 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll

2014-09-02 14:20 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll

2014-09-02 14:20 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2014-09-02 14:20 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll

2014-09-02 14:20 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll

2014-09-02 14:20 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll

2014-09-02 14:20 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll

2014-09-02 14:20 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll

2014-09-02 14:20 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll

2014-09-02 14:20 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll

2014-09-02 14:20 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll

2014-09-02 14:20 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll

2014-09-02 14:20 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll

2014-09-02 14:20 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll

2014-09-02 14:20 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll

2014-09-02 14:20 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll

2014-09-02 14:20 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll

2014-09-02 14:20 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll

2014-09-02 14:20 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

2014-09-02 14:15 - 2014-09-02 15:19 - 00000000 ____D () C:\ProgramData\Autodesk

2014-09-02 14:15 - 2014-09-02 14:15 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\Autodesk

2014-09-02 14:11 - 2012-03-02 16:15 - 00026910 _____ () C:\Users\Internet\Desktop\setup.ini

2014-09-02 14:11 - 2012-03-02 16:15 - 00000000 ____D () C:\Users\Internet\Desktop\eula

2014-09-02 13:06 - 2014-09-02 13:06 - 15325800 _____ () C:\Users\Internet\Downloads\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_en-US_Setup1.exe

2014-09-02 13:04 - 2014-09-02 13:04 - 00000000 ____D () C:\Autodesk

2014-09-02 13:00 - 2014-09-02 13:00 - 00000086 _____ () C:\Users\Internet\Desktop\Autodesk Maya 2013.txt

2014-08-29 19:43 - 2014-08-29 19:43 - 00000017 _____ () C:\Users\Internet\Desktop\rugby hemi.txt

2014-08-28 08:44 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-28 08:44 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-28 08:44 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-27 09:06 - 2014-08-27 09:06 - 00001852 _____ () C:\Users\Public\Desktop\Vuze.lnk

2014-08-25 22:33 - 2014-08-25 22:33 - 02398182 _____ () C:\Users\Internet\Desktop\yellow_lined_paper.bmp

2014-08-25 19:02 - 2014-08-25 19:05 - 09881904 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-final-28-bars.wav

2014-08-25 08:15 - 2014-08-25 08:15 - 00000129 ____H () C:\Users\Internet\Downloads\.~lock.How to Fill In Your Time Sheet - Teachers.doc#

2014-08-25 08:15 - 2014-08-25 08:15 - 00000129 ____H () C:\Users\Internet\Downloads\.~lock.2014 Timesheet Usernames.xls#

2014-08-24 12:26 - 2014-08-24 12:26 - 259628247 _____ () C:\Users\Internet\Desktop\adb. birthday video.mp4

2014-08-24 09:41 - 2014-08-24 09:42 - 00000000 ____D () C:\Users\Internet\Desktop\jojo swimming

2014-08-22 15:33 - 2014-08-10 08:39 - 270926004 ____N () C:\Users\Internet\Desktop\break-every-chain-chords.wav

2014-08-21 15:34 - 2014-08-21 15:34 - 00000000 ____D () C:\Users\Internet\Documents\Adobe Scripts

2014-08-21 10:55 - 2014-08-21 10:55 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProjectLibre

2014-08-21 10:55 - 2014-08-21 10:55 - 00000000 ____D () C:\Program Files (x86)\ProjectLibre

2014-08-19 17:12 - 2014-08-19 17:12 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2014-08-19 17:12 - 2014-08-19 17:12 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

2014-08-19 17:12 - 2013-10-17 11:32 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys

2014-08-18 18:27 - 2014-08-18 18:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-18 18:27 - 2014-08-18 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-18 18:26 - 2014-08-18 18:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-18 18:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-18 18:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-18 17:46 - 2014-08-18 17:46 - 00001391 _____ () C:\Users\Internet\AppData\Local\recently-used.xbel

2014-08-18 10:53 - 2014-08-18 10:53 - 00000129 ____H () C:\Users\Internet\Desktop\.~lock.rce text logo.doc#

2014-08-18 10:50 - 2014-08-12 13:28 - 00009216 _____ () C:\Users\Internet\Desktop\SCAD Questions.odt

2014-08-14 20:47 - 2014-08-14 20:48 - 00708912 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-final-close.wav

2014-08-14 20:26 - 2014-08-14 20:32 - 00356656 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-1-2-ending.wav

2014-08-14 15:52 - 2014-08-14 20:19 - 00000000 ____D () C:\Users\Internet\Desktop\crazy jo and abcdefg

2014-08-13 22:47 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-13 22:47 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-13 22:47 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-13 22:47 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-13 22:47 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-13 22:47 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-13 22:47 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-13 22:47 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-13 08:37 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-13 08:37 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-13 08:36 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-13 08:36 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-13 08:36 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-13 08:36 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-13 08:36 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-13 08:36 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-13 08:36 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-13 08:36 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-13 08:36 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-13 08:36 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-13 08:36 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-13 08:36 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-13 08:36 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-13 08:36 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-13 08:36 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-13 08:36 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-13 08:36 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-13 08:36 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-13 08:36 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-13 08:36 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-13 08:36 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-13 08:36 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-13 08:36 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-13 08:36 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-13 08:36 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-13 08:36 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-13 08:36 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-13 08:36 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-13 08:36 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-13 08:36 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-13 08:36 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-13 08:36 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-13 08:36 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-13 08:36 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-13 08:36 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-13 08:36 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-13 08:36 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-13 08:36 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-13 08:36 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-13 08:36 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-13 08:36 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-13 08:36 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-13 08:36 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-13 08:36 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-13 08:36 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-13 08:36 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-13 08:36 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-13 08:36 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-13 08:36 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-13 08:36 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-13 08:36 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-13 08:36 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-13 08:36 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-13 08:36 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-13 08:36 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-13 08:36 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-13 08:36 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-13 08:36 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-13 08:36 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-13 08:36 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-13 08:36 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-13 08:36 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-13 08:36 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-13 08:35 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-13 08:35 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-13 08:35 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-13 08:35 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-13 08:35 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-13 08:35 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-13 08:35 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-13 08:35 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-13 08:35 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-13 08:35 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-13 08:35 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-13 08:35 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-13 08:35 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-13 08:35 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-13 08:35 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-13 08:35 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-13 08:35 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-13 08:35 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-13 08:35 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-12 17:00 - 2014-08-12 16:56 - 32780188 _____ () C:\Users\Internet\Desktop\rce intro.mp4

2014-08-12 13:50 - 2014-08-12 13:51 - 45185410 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-1.wav

2014-08-12 08:54 - 2014-08-12 08:54 - 00001578 _____ () C:\Users\IT Admin\Desktop\DivX Movies.lnk

2014-08-12 08:54 - 2014-08-12 08:54 - 00001066 _____ () C:\Users\Public\Desktop\DivX Player.lnk

2014-08-12 08:53 - 2014-08-12 08:54 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\DivX

2014-08-12 08:53 - 2014-08-12 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2014-08-12 08:53 - 2014-08-12 08:53 - 00001131 _____ () C:\Users\Public\Desktop\DivX Converter.lnk

2014-08-12 08:53 - 2014-08-12 08:53 - 00000000 ____D () C:\Program Files\DivX

2014-08-12 08:51 - 2014-08-12 08:54 - 00000000 ____D () C:\Program Files (x86)\DivX

2014-08-12 08:50 - 2014-08-12 08:54 - 00000000 ____D () C:\ProgramData\DivX

2014-08-06 12:18 - 2014-08-06 12:18 - 00000000 ____D () C:\ProgramData\Automatic Duck

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-04 10:34 - 2014-09-04 10:33 - 00023876 _____ () C:\Users\Internet\Desktop\FRST.txt

2014-09-04 10:33 - 2012-11-12 23:27 - 00000000 ____D () C:\FRST

2014-09-04 10:31 - 2012-08-26 15:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-04 10:27 - 2013-04-12 22:53 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3276732486-4280350040-1888794142-1001UA.job

2014-09-04 09:57 - 2012-08-16 15:42 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-04 09:36 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-04 09:36 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-04 09:33 - 2012-08-03 21:07 - 01423444 _____ () C:\Windows\WindowsUpdate.log

2014-09-04 09:31 - 2012-08-16 10:52 - 00000000 ____D () C:\Users\Internet\AppData\Local\Adobe

2014-09-04 09:30 - 2013-06-16 07:09 - 00000000 ___RD () C:\Users\Internet\Google Drive

2014-09-04 09:29 - 2012-08-16 15:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-04 09:27 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-04 09:27 - 2009-07-14 00:51 - 00187663 _____ () C:\Windows\setupact.log

2014-09-04 09:24 - 2014-09-04 09:24 - 00003956 _____ () C:\Users\Internet\Desktop\malware.1.txt

2014-09-04 09:24 - 2014-09-03 12:24 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Wuoxloy

2014-09-04 09:15 - 2014-09-04 09:14 - 05576326 _____ (Swearware) C:\Users\Internet\Downloads\ComboFix.exe

2014-09-04 09:13 - 2014-09-04 09:13 - 02104832 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe

2014-09-04 08:48 - 2014-09-04 08:48 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Owreynnu

2014-09-04 08:46 - 2014-09-04 08:46 - 00171520 _____ () C:\Users\Internet\AppData\Local\fnjwxcvc.exe

2014-09-03 20:36 - 2013-04-12 22:53 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3276732486-4280350040-1888794142-1001Core.job

2014-09-03 19:15 - 2013-07-17 21:32 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\vlc

2014-09-03 15:38 - 2012-08-22 20:46 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Azureus

2014-09-03 15:07 - 2014-09-03 15:07 - 00024960 _____ () C:\Users\Internet\Downloads\[kickass.to]the.bridge.us.s02e08.hdtv.x264.killers.vtv.mp4.torrent

2014-09-03 14:00 - 2014-09-03 14:00 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Ohzocex

2014-09-03 13:50 - 2014-09-03 11:52 - 00000000 ____D () C:\Users\Internet\Downloads\Geometry Icons Pack

2014-09-03 11:54 - 2014-09-03 11:54 - 00000000 ____D () C:\Users\Internet\Downloads\ColdFusionHD

2014-09-03 11:54 - 2014-09-03 11:54 - 00000000 ____D () C:\Users\Internet\Downloads\cold_fusion_hd_icon_pack_by_chrisbanks2-d4leehh

2014-09-03 11:53 - 2014-09-03 11:53 - 11261470 _____ () C:\Users\Internet\Downloads\cold_fusion_hd_icon_pack_by_chrisbanks2-d4leehh.zip

2014-09-03 11:30 - 2014-09-03 11:29 - 00312625 _____ () C:\Users\Internet\Downloads\Geometry_Icons_Pack_by_pk1st.rar

2014-09-03 10:55 - 2014-09-03 08:40 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Neryqaw

2014-09-03 09:55 - 2014-09-03 09:55 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Vuotanov

2014-09-03 08:38 - 2014-09-03 08:38 - 00169984 _____ () C:\Users\Internet\AppData\Local\jlnomvvv.exe

2014-09-02 16:14 - 2014-09-02 15:55 - 1056131795 _____ () C:\Users\Internet\Downloads\Unconfirmed 215257.crdownload

2014-09-02 15:52 - 2014-09-02 15:52 - 00068415 _____ () C:\Users\Internet\AppData\Local\ptktqfwv

2014-09-02 15:50 - 2012-10-03 13:13 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\Adobe

2014-09-02 15:40 - 2013-02-03 20:31 - 00000000 ___RD () C:\Users\Internet\Dropbox

2014-09-02 15:39 - 2014-09-02 15:39 - 00144384 _____ () C:\Users\Internet\AppData\Local\gdmqpuba.exe

2014-09-02 15:19 - 2014-09-02 15:17 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Autodesk

2014-09-02 15:19 - 2014-09-02 14:15 - 00000000 ____D () C:\ProgramData\Autodesk

2014-09-02 15:18 - 2014-09-02 15:17 - 00000000 ____D () C:\Users\Internet\Documents\maya

2014-09-02 15:17 - 2014-09-02 15:17 - 00000000 ____D () C:\Users\Internet\AppData\Local\Autodesk

2014-09-02 15:17 - 2014-09-02 15:17 - 00000000 ____D () C:\ProgramData\FLEXnet

2014-09-02 15:16 - 2013-10-16 16:38 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\TeamViewer

2014-09-02 15:09 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-02 14:37 - 2014-09-02 14:37 - 00000000 ____D () C:\Users\IT Admin\Documents\Inventor Server x64 Direct Connect

2014-09-02 14:35 - 2014-09-02 14:35 - 00000000 ____D () C:\Program Files (x86)\Autodesk

2014-09-02 14:35 - 2014-09-02 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk

2014-09-02 14:35 - 2014-09-02 14:23 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared

2014-09-02 14:33 - 2014-09-02 14:23 - 00000000 ____D () C:\Program Files\Autodesk

2014-09-02 14:30 - 2014-09-02 14:30 - 00001792 _____ () C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk

2014-09-02 14:30 - 2014-09-02 14:30 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared

2014-09-02 14:21 - 2013-05-20 06:41 - 00010849 _____ () C:\Windows\DirectX.log

2014-09-02 14:15 - 2014-09-02 14:15 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\Autodesk

2014-09-02 14:12 - 2012-08-06 11:29 - 00071496 _____ () C:\Users\IT Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-02 13:06 - 2014-09-02 13:06 - 15325800 _____ () C:\Users\Internet\Downloads\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_en-US_Setup1.exe

2014-09-02 13:04 - 2014-09-02 13:04 - 00000000 ____D () C:\Autodesk

2014-09-02 13:00 - 2014-09-02 13:00 - 00000086 _____ () C:\Users\Internet\Desktop\Autodesk Maya 2013.txt

2014-08-29 19:43 - 2014-08-29 19:43 - 00000017 _____ () C:\Users\Internet\Desktop\rugby hemi.txt

2014-08-29 19:00 - 2012-08-06 15:45 - 00000306 _____ () C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job

2014-08-29 18:00 - 2012-08-06 15:45 - 00000332 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job

2014-08-28 17:08 - 2009-07-14 00:45 - 05004728 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-27 09:06 - 2014-08-27 09:06 - 00001852 _____ () C:\Users\Public\Desktop\Vuze.lnk

2014-08-27 09:06 - 2012-08-22 20:46 - 00001852 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk

2014-08-27 09:06 - 2012-08-22 20:46 - 00000000 ____D () C:\Program Files (x86)\Vuze

2014-08-26 12:44 - 2014-08-04 12:50 - 00000000 ____D () C:\abd

2014-08-25 22:33 - 2014-08-25 22:33 - 02398182 _____ () C:\Users\Internet\Desktop\yellow_lined_paper.bmp

2014-08-25 19:05 - 2014-08-25 19:02 - 09881904 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-final-28-bars.wav

2014-08-25 08:15 - 2014-08-25 08:15 - 00000129 ____H () C:\Users\Internet\Downloads\.~lock.How to Fill In Your Time Sheet - Teachers.doc#

2014-08-25 08:15 - 2014-08-25 08:15 - 00000129 ____H () C:\Users\Internet\Downloads\.~lock.2014 Timesheet Usernames.xls#

2014-08-24 12:26 - 2014-08-24 12:26 - 259628247 _____ () C:\Users\Internet\Desktop\adb. birthday video.mp4

2014-08-24 09:42 - 2014-08-24 09:41 - 00000000 ____D () C:\Users\Internet\Desktop\jojo swimming

2014-08-22 22:07 - 2014-08-28 08:44 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 21:45 - 2014-08-28 08:44 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 20:59 - 2014-08-28 08:44 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 15:34 - 2014-08-21 15:34 - 00000000 ____D () C:\Users\Internet\Documents\Adobe Scripts

2014-08-21 15:33 - 2012-08-06 15:46 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Adobe

2014-08-21 15:20 - 2012-08-06 15:42 - 00071496 _____ () C:\Users\Internet\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-21 14:01 - 2012-08-06 10:20 - 00000000 ____D () C:\Users\IT Admin

2014-08-21 10:55 - 2014-08-21 10:55 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProjectLibre

2014-08-21 10:55 - 2014-08-21 10:55 - 00000000 ____D () C:\Program Files (x86)\ProjectLibre

2014-08-20 13:59 - 2013-06-16 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-08-19 20:23 - 2014-07-19 23:32 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Skype

2014-08-19 17:12 - 2014-08-19 17:12 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2014-08-19 17:12 - 2014-08-19 17:12 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

2014-08-19 17:12 - 2012-08-06 13:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

2014-08-18 23:29 - 2014-05-12 17:58 - 00000000 ____D () C:\Users\Internet\Documents\Adobe

2014-08-18 18:27 - 2014-08-18 18:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-18 18:27 - 2014-08-18 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-18 18:27 - 2014-08-18 18:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-18 18:27 - 2012-10-23 12:22 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\Malwarebytes

2014-08-18 18:27 - 2012-10-23 12:22 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-18 17:50 - 2013-10-23 10:52 - 00000000 ____D () C:\Users\Internet\.gimp-2.8

2014-08-18 17:46 - 2014-08-18 17:46 - 00001391 _____ () C:\Users\Internet\AppData\Local\recently-used.xbel

2014-08-18 17:46 - 2013-10-23 10:56 - 00000000 ____D () C:\Users\Internet\AppData\Local\gtk-2.0

2014-08-18 10:53 - 2014-08-18 10:53 - 00000129 ____H () C:\Users\Internet\Desktop\.~lock.rce text logo.doc#

2014-08-14 20:48 - 2014-08-14 20:47 - 00708912 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-final-close.wav

2014-08-14 20:32 - 2014-08-14 20:26 - 00356656 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-1-2-ending.wav

2014-08-14 20:27 - 2012-10-16 12:41 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Audacity

2014-08-14 20:19 - 2014-08-14 15:52 - 00000000 ____D () C:\Users\Internet\Desktop\crazy jo and abcdefg

2014-08-14 10:57 - 2013-09-14 20:45 - 00000000 ____D () C:\Windows\rescache

2014-08-13 23:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-13 22:57 - 2013-07-29 05:03 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-13 22:53 - 2012-08-08 18:23 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-13 22:46 - 2014-04-30 12:43 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-12 16:56 - 2014-08-12 17:00 - 32780188 _____ () C:\Users\Internet\Desktop\rce intro.mp4

2014-08-12 13:51 - 2014-08-12 13:50 - 45185410 _____ () C:\Users\Internet\Desktop\straight-cheese-vibra-1.wav

2014-08-12 13:28 - 2014-08-18 10:50 - 00009216 _____ () C:\Users\Internet\Desktop\SCAD Questions.odt

2014-08-12 08:54 - 2014-08-12 08:54 - 00001578 _____ () C:\Users\IT Admin\Desktop\DivX Movies.lnk

2014-08-12 08:54 - 2014-08-12 08:54 - 00001066 _____ () C:\Users\Public\Desktop\DivX Player.lnk

2014-08-12 08:54 - 2014-08-12 08:53 - 00000000 ____D () C:\Users\IT Admin\AppData\Roaming\DivX

2014-08-12 08:54 - 2014-08-12 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2014-08-12 08:54 - 2014-08-12 08:51 - 00000000 ____D () C:\Program Files (x86)\DivX

2014-08-12 08:54 - 2014-08-12 08:50 - 00000000 ____D () C:\ProgramData\DivX

2014-08-12 08:54 - 2013-11-17 16:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-12 08:53 - 2014-08-12 08:53 - 00001131 _____ () C:\Users\Public\Desktop\DivX Converter.lnk

2014-08-12 08:53 - 2014-08-12 08:53 - 00000000 ____D () C:\Program Files\DivX

2014-08-10 08:39 - 2014-08-22 15:33 - 270926004 ____N () C:\Users\Internet\Desktop\break-every-chain-chords.wav

2014-08-06 22:06 - 2014-08-13 08:35 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-06 22:01 - 2014-08-13 08:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-06 12:18 - 2014-08-06 12:18 - 00000000 ____D () C:\ProgramData\Automatic Duck

 

Some content of TEMP:

====================

C:\Users\Internet\AppData\Local\temp\i4jdel0.exe

C:\Users\Internet\AppData\Local\temp\i4jdel1.exe

C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_34526e17.exe

C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_4e2750a2.exe

C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_a33d8b8f.exe

C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_a7334f52.exe

C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_b536614a.exe

C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_c670fa94.exe

C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_e17a2f25.exe

C:\Users\Internet\AppData\Local\temp\UpdateFlashPlayer_fc933515.exe

C:\Users\IT Admin\AppData\Local\temp\AcDeltree.exe

C:\Users\IT Admin\AppData\Local\temp\converter.exe

C:\Users\IT Admin\AppData\Local\temp\DeleteInstall.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

 

 

LastRegBack: 2014-08-27 01:12

 

==================== End Of Log ============================

 

 

 

===============

FRST.txt

Addition.txt

[FBI GreenDot Ransomware]

absolutely no problems. just hoping for the all clear

[FBI GreenDot Ransomware]

...ugh..sorry.

here ya go. thanks for your patience.

ComboFix.txt

[FBI GreenDot Ransomware]

ok, thanks again,

here is the combofix log after running the script:

ComboFix.txt

[FBI GreenDot Ransomware]

sorry,

i was away from the computer yesterday. i ran the scan from your last post and didn't see anything particulary scary, but it did find over 30 potential threats. i've attached the text.

potentialthreats.txt

[FBI GreenDot Ransomware]

update:

after that last scan, i rebooted and scanned again and it came up all clear. what do you think?

[FBI GreenDot Ransomware]

thanks,

I just got back to my computer, and it looks like it's running fine. the ransom pop-up is gone. however, i ran a malwarebytes scan and it still found the 3 same files. log attached:

mbam-log-2012-11-13 (22-25-59).txt

[FBI GreenDot Ransomware]

Ok. Here is the Combofix .txt:

combofix.txt

[FBI GreenDot Ransomware]

Thank you for the prompt response. I have attached the aswMBR file you asked for:

aswMBR.txt

[FBI GreenDot Ransomware]

My laptop has 2 user profiles: one with admin access and one withiout. the user without admin access is infected and i'm running from the admin user. I'm a seasoned googler, and have tried various methods of removal for this malware, but nothing has worked. I've run malwarebytes which found 3 harmful files/folders and removed them (i did this a few times.)

I would appreciate any help i can get. i've attached logs per the request in the forum sticky.

I've trolled these forums for a while, and I know how much you guys rock, so Thanks in advance,

Jonathan

DDS.1.txt

Attach.2.txt