phat2h123

Members

View Profile See their activity

Posts
11
Joined
July 29, 2014
Last visited
August 8, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by phat2h123

Possibley keylogged, not sure, need help fast plz

phat2h123 replied to phat2h123's topic in Resolved Malware Removal Logs

update: i ran combofix and then ran rouge killer again except this time the recently identified keyloggers were now marked green and legit. Therefore, I believe it was a false-positive.
- August 8, 2014
- 6 replies
Possibley keylogged, not sure, need help fast plz

phat2h123 replied to phat2h123's topic in Resolved Malware Removal Logs

it says ive submitted a file of 0 bytes, yet heres the result: https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/
- August 8, 2014
- 6 replies
Possibley keylogged, not sure, need help fast plz

phat2h123 posted a topic in Resolved Malware Removal Logs

Earlier today i ran rouge killer and it found 3 KernalMode rootkits, I also ran malwarebytes anti-rookit but that returned nothing. The log from rouge killer has me worried and also I had other problems in this : https://forums.malwarebytes.org/index.php?/topic/153926-svchost-infected-wierd-domain-attempting-to-use-it/#entry862989. Im making a new topic because im not sure if my other topic is related and i feel i might be in serious trouble. Thanks log post below of rouge killer: RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: USER [Admin rights]Mode : Scan -- Date : 08/06/2014 13:48:26 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 24 ¤¤¤[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 3 (Driver: LOADED) ¤¤¤[Filter(Root.Keylogger)] \Driver\kbdclass @ Unknown : \Driver\SynTP @ \Device\0000008f (\SystemRoot\system32\DRIVERS\tunnel.sys)[Filter(Root.Keylogger)] \Driver\kbdclass @ Unknown : \Driver\SynTP @ \Device\0000008a (\SystemRoot\system32\DRIVERS\tunnel.sys)[Filter(Root.Keylogger)] \Driver\kbdclass @ Unknown : \Driver\SynTP @ \Device\00000077 (\SystemRoot\system32\DRIVERS\tunnel.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST9500325AS +++++--- User ---[MBR] 0c7b1bbb597c3925a21eb7f7de5747e9[bSP] 5401513b52712fcd31d78ec15dad466c : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_07302014_045119.log
- August 7, 2014
- 6 replies
Should I be Worried about this

phat2h123 replied to phat2h123's topic in Malwarebytes for Windows Support Forum

ohh ok thank u
- August 6, 2014
- 2 replies
Should I be Worried about this

phat2h123 posted a topic in Malwarebytes for Windows Support Forum

I ran rouge killer after i noticed malwarebytes was blocking suspcious ip's trying to connect to my svchost again. But this time it found rootkits. I am about to run malwarebytes anti rootkit but first i was wondering how bad this is. Heres the log: RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : User [Admin rights]Mode : Scan -- Date : 08/06/2014 13:48:26 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 24 ¤¤¤[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 3 (Driver: LOADED) ¤¤¤[Filter(Root.Keylogger)] \Driver\kbdclass @ Unknown : \Driver\SynTP @ \Device\0000008f (\SystemRoot\system32\DRIVERS\tunnel.sys)[Filter(Root.Keylogger)] \Driver\kbdclass @ Unknown : \Driver\SynTP @ \Device\0000008a (\SystemRoot\system32\DRIVERS\tunnel.sys)[Filter(Root.Keylogger)] \Driver\kbdclass @ Unknown : \Driver\SynTP @ \Device\00000077 (\SystemRoot\system32\DRIVERS\tunnel.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST9500325AS +++++--- User ---[MBR] 0c7b1bbb597c3925a21eb7f7de5747e9[bSP] 5401513b52712fcd31d78ec15dad466c : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_07302014_045119.log
- August 6, 2014
- 2 replies
Svchost infected, wierd domain attempting to use it

phat2h123 replied to phat2h123's topic in Resolved Malware Removal Logs

yes, the infection is now gone and everything seems to be ok, thanks for ur help/time.
- July 31, 2014
- 10 replies
Svchost infected, wierd domain attempting to use it

phat2h123 replied to phat2h123's topic in Resolved Malware Removal Logs

Hey, I needed reinstall windows anyway, so i decided to nuke my computer to the moon and back. I have now re ran malwarebytes and rouge killer and obviously nothing is found so I assume im clear. I will still run the rootkit, but I thought mbytes now had that built in to the full scan.
- July 30, 2014
- 10 replies
Svchost infected, wierd domain attempting to use it

phat2h123 replied to phat2h123's topic in Resolved Malware Removal Logs

http://pastebin.com/a6KLEz3G this is the addition.txt, was to long to post...
- July 29, 2014
- 10 replies
Svchost infected, wierd domain attempting to use it

phat2h123 replied to phat2h123's topic in Resolved Malware Removal Logs

FRST.TXT: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Ran by User (administrator) on USER-PC on 29-07-2014 17:49:33Running from C:\Users\User\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-03] (Dell Inc.)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-06] (Dell)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-10993255-1859570673-1900244754-1001\...\Run: [sidebar] => [X]HKU\S-1-5-21-10993255-1859570673-1900244754-1001\...\Run: [sUPERAntiSpyware] => [X]HKU\S-1-5-21-10993255-1859570673-1900244754-1001\...\Run: [puush] => [X]Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}SearchScopes: HKCU - {19D049C2-3E47-45CD-B23D-07EF9056273D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}SearchScopes: HKCU - {231CE75E-A3C1-43BF-968A-A1229BECF1BE} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}SearchScopes: HKCU - {D9A1FADE-2A1B-467B-BC46-3C1D10DCE667} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000TXUS&apn_uid=C65115B6-1ED1-4D2A-93BD-DBC1D23A3F8F&apn_sauid=E9A595B3-6D62-43ED-AC48-06C1FCE0EA83BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler: cozi - No CLSID Value - Handler-x32: cozi - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\koa7ch3g.defaultFF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=FF NetworkProxy: "backup.ftp", "http://proxy.august4th.us"FF NetworkProxy: "backup.ftp_port", 3128FF NetworkProxy: "backup.socks", "http://proxy.august4th.us"FF NetworkProxy: "backup.socks_port", 3128FF NetworkProxy: "backup.ssl", "http://proxy.august4th.us"FF NetworkProxy: "backup.ssl_port", 3128FF NetworkProxy: "ftp", "http://proxy.august4th.us"FF NetworkProxy: "ftp_port", 3128FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "http://proxy.august4th.us"FF NetworkProxy: "socks_port", 3128FF NetworkProxy: "ssl", "http://proxy.august4th.us"FF NetworkProxy: "ssl_port", 3128FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll (Tamarack Software, Inc.)FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\koa7ch3g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-24] Chrome: =======CHR HomePage: CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (McAfee SiteAdvisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No FileCHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No FileCHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll No FileCHR Plugin: (Windows LiveÃ‚â„¢ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No FileCHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-07-24]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-12-03]CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-01-07]CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]CHR StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-03] (Hi-Rez Studios) [File not signed]S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-03] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)S3 EagleX64; No ImagePathR1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46280 2013-02-21] (AnchorFree Inc.)R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-29] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 17:49 - 2014-07-29 17:50 - 00025373 _____ () C:\Users\User\Downloads\FRST.txt2014-07-29 17:47 - 2014-07-29 17:49 - 00000000 ____D () C:\FRST2014-07-29 17:46 - 2014-07-29 17:46 - 02093568 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe2014-07-29 16:03 - 2014-07-29 16:03 - 00078214 _____ () C:\Users\User\Downloads\Extras.Txt2014-07-29 15:58 - 2014-07-29 15:58 - 00133326 _____ () C:\Users\User\Downloads\OTL.Txt2014-07-29 15:27 - 2014-07-29 15:27 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe2014-07-29 15:23 - 2014-07-29 15:23 - 00854390 _____ () C:\Users\User\Downloads\SecurityCheck.exe2014-07-29 02:50 - 2014-07-29 02:50 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-29 02:49 - 2014-07-29 03:12 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-29 02:47 - 2014-07-29 02:48 - 11188736 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe2014-07-29 02:45 - 2014-07-29 02:48 - 00002010 _____ () C:\Users\User\Desktop\Rkill.txt2014-07-29 00:13 - 2014-07-29 16:50 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-07-29 00:13 - 2014-07-29 00:13 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-29 00:12 - 2014-07-29 00:12 - 05379160 _____ () C:\Users\User\Desktop\RogueKillerX64.exe2014-07-28 23:04 - 2014-07-28 23:04 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-28 20:05 - 2014-07-28 20:05 - 00000000 _____ () C:\Users\User\defogger_reenable2014-07-28 20:04 - 2014-07-28 20:04 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.scr2014-07-28 13:00 - 2014-07-28 13:00 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe2014-07-28 02:08 - 2014-07-28 02:09 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe2014-07-28 02:05 - 2014-07-28 02:06 - 01367289 _____ () C:\Users\User\Downloads\adwcleaner_3.300.exe2014-07-28 01:32 - 2014-07-28 01:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe2014-07-28 00:25 - 2014-07-28 00:25 - 00028869 _____ () C:\ComboFix.txt2014-07-27 23:51 - 2014-07-27 23:51 - 00000000 _____ () C:\Windows\system32\uxucr.dll2014-07-27 23:41 - 2014-07-27 23:41 - 00072704 _____ () C:\Windows\system32\vndzfqf.dll2014-07-27 23:41 - 2014-07-27 23:41 - 00003972 _____ () C:\Windows\System32\Tasks\{086E31A2-35EF-BCCF-8BBD-4E21DEB5DF75}2014-07-26 22:26 - 2014-07-26 22:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\LolClient2014-07-26 22:01 - 2014-07-26 22:35 - 00000000 ____D () C:\Users\User\Desktop\Pics2014-07-25 23:59 - 2014-07-25 23:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\puush2014-07-25 23:58 - 2014-07-25 23:59 - 00000000 ____D () C:\Program Files (x86)\puush2014-07-25 23:58 - 2014-07-25 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush2014-07-25 23:57 - 2014-07-25 23:57 - 01085440 _____ () C:\Users\User\Downloads\puush.msi2014-07-25 15:51 - 2014-07-26 00:28 - 00000000 ____D () C:\Users\User\.android2014-07-25 15:36 - 2014-07-25 15:36 - 00000000 ____D () C:\Program Files (x86)\Android2014-07-24 23:45 - 2014-07-26 00:48 - 00000000 ____D () C:\Users\User\workspace2014-07-24 14:01 - 2014-07-24 14:01 - 00000000 ____D () C:\Program Files (x86)\NirSoft2014-07-24 13:57 - 2014-07-24 13:57 - 00000000 ____D () C:\Program Files (x86)\Windows Kits2014-07-24 13:40 - 2014-07-24 13:40 - 417553870 _____ () C:\Windows\MEMORY.DMP2014-07-24 13:40 - 2014-07-24 13:40 - 00736368 _____ () C:\Windows\Minidump\072414-21730-01.dmp2014-07-24 04:09 - 2014-07-24 04:09 - 00000000 ____D () C:\SUPERDelete2014-07-24 04:06 - 2014-07-24 04:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com2014-07-24 04:06 - 2014-07-24 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-07-24 04:05 - 2014-07-24 04:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-07-24 04:05 - 2014-07-24 04:05 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-07-24 03:03 - 2014-07-29 03:15 - 00000000 ____D () C:\AdwCleaner2014-07-24 02:56 - 2014-07-29 15:14 - 00000728 _____ () C:\Windows\setupact.log2014-07-24 02:56 - 2014-07-28 02:13 - 00011230 _____ () C:\Windows\PFRO.log2014-07-24 02:56 - 2014-07-24 02:56 - 00000000 _____ () C:\Windows\setuperr.log2014-07-21 16:36 - 2014-07-21 16:36 - 00350107 _____ () C:\Users\User\Documents\ts3_clientui-win64-1394624943-2014-07-21 16_36_37.564626.dmp2014-07-20 23:14 - 2014-07-20 23:14 - 00000000 ____D () C:\ProgramData\Riot Games2014-07-20 23:09 - 2014-07-20 23:09 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk2014-07-20 23:09 - 2014-07-20 23:09 - 00000000 ____D () C:\Riot Games2014-07-20 23:06 - 2014-07-29 00:52 - 00000000 ____D () C:\Users\User\AppData\Local\PMB Files2014-07-20 23:06 - 2014-07-27 00:54 - 00000000 ____D () C:\ProgramData\PMB Files2014-07-20 23:05 - 2014-07-20 23:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Riot Games2014-07-19 23:29 - 2014-07-19 23:37 - 00000000 ____D () C:\Users\User\Desktop\Prog2014-07-17 19:44 - 2014-07-17 19:44 - 00000000 ____D () C:\VulcanQuarantine2014-07-17 14:17 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-17 14:16 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-17 14:16 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-17 14:16 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-17 14:15 - 2014-07-17 14:16 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log2014-07-16 02:20 - 2014-07-16 02:20 - 00001033 _____ () C:\Users\User\Desktop\WinDirStat.lnk2014-07-16 02:20 - 2014-07-16 02:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat2014-07-16 02:20 - 2014-07-16 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat2014-07-16 02:20 - 2014-07-16 02:20 - 00000000 ____D () C:\Program Files (x86)\WinDirStat2014-07-15 23:20 - 2014-07-15 23:20 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-07-15 23:20 - 2014-07-15 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-15 23:18 - 2014-07-15 23:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-15 23:18 - 2014-07-15 23:20 - 00000000 ____D () C:\Program Files\iTunes2014-07-15 23:18 - 2014-07-15 23:20 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-15 23:18 - 2014-07-15 23:18 - 00000000 ____D () C:\Program Files\iPod2014-07-14 02:46 - 2014-07-23 05:50 - 00000716 _____ () C:\Users\User\Documents\albums.txt2014-07-14 00:55 - 2014-07-14 00:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-13 00:36 - 2014-07-27 00:35 - 00000258 _____ () C:\Windows\Tasks\CCleanerClean.job2014-07-13 00:36 - 2014-07-13 00:36 - 00002978 _____ () C:\Windows\System32\Tasks\CCleanerClean2014-07-09 14:00 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-09 14:00 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-09 13:59 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-09 13:59 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-09 13:59 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-09 13:59 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-09 13:59 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-09 13:59 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-07-09 13:59 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-09 13:59 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-09 13:59 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-09 13:59 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-07-09 13:59 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-07-09 13:59 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-09 13:59 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-09 13:59 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-09 13:59 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-09 13:59 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-07-09 13:59 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-07-09 13:59 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-09 13:59 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-07-09 13:59 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-09 13:59 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-07-09 13:59 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-09 13:59 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-09 13:59 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-09 13:59 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-09 13:59 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-09 13:59 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-09 13:59 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-07-09 13:59 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-09 13:59 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-09 13:59 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-07-09 13:59 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-09 13:59 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-09 13:59 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-09 13:59 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-09 13:59 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-09 13:59 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-07-09 13:59 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-09 13:59 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-07-09 13:59 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-07-09 13:59 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-09 13:59 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-09 13:59 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-09 13:59 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-09 13:59 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-09 13:59 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-09 13:59 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-09 13:59 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-09 13:59 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-09 13:59 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-09 13:59 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-09 13:59 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-09 13:59 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-09 13:59 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-07-09 13:59 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-09 13:59 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-09 13:59 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-07-09 13:59 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-09 13:59 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-09 13:59 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-09 13:59 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-09 13:59 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-09 13:59 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-09 13:59 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-09 13:59 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-09 13:59 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-09 13:59 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-09 13:59 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-09 13:59 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-09 13:59 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-09 13:59 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-09 13:59 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-09 13:59 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-09 13:59 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-09 13:59 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-09 13:59 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-09 13:56 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-09 13:56 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-09 13:56 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-07 17:17 - 2014-07-07 17:17 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab2014-07-07 17:17 - 2014-07-07 17:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab2014-07-05 16:26 - 2014-07-05 16:29 - 00000000 ____D () C:\Users\User\.idlerc2014-07-05 16:24 - 2014-07-05 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.72014-07-05 16:23 - 2014-07-06 00:03 - 00000000 ____D () C:\Python272014-07-03 19:21 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys2014-07-03 18:57 - 2014-07-03 18:57 - 00000833 _____ () C:\Windows\system32\Drivers\etc\hosts.txt2014-07-03 17:01 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-07-03 17:01 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-07-03 16:32 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys2014-07-03 16:32 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe2014-07-03 16:32 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll2014-07-03 16:32 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll2014-07-03 16:32 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll2014-07-03 16:32 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2014-07-03 16:32 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll2014-07-03 16:32 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll2014-07-03 16:32 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll2014-07-03 16:32 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2014-07-03 16:32 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe2014-07-03 16:32 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2014-07-03 16:32 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-07-03 16:31 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll2014-07-03 16:31 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-07-03 16:31 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll2014-07-03 16:28 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-07-03 16:28 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll2014-07-03 00:43 - 2014-07-03 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-07-03 00:36 - 2014-07-03 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-06-30 19:11 - 2014-06-30 19:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\StunlockStudios2014-06-30 16:08 - 2014-06-30 16:08 - 03009536 _____ (Python Software Foundation) C:\Windows\system32\python27.dll2014-06-29 17:16 - 2014-06-30 17:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2014-06-29 04:02 - 2014-07-13 00:31 - 00000000 ____D () C:\Program Files (x86)\Steam2014-06-29 04:02 - 2014-06-29 04:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 17:50 - 2014-07-29 17:49 - 00025373 _____ () C:\Users\User\Downloads\FRST.txt2014-07-29 17:49 - 2014-07-29 17:47 - 00000000 ____D () C:\FRST2014-07-29 17:48 - 2014-01-16 01:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\foobar20002014-07-29 17:46 - 2014-07-29 17:46 - 02093568 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe2014-07-29 17:33 - 2010-12-29 19:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype2014-07-29 17:28 - 2011-01-28 00:07 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-10993255-1859570673-1900244754-1001UA.job2014-07-29 17:17 - 2011-04-07 17:27 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-29 17:14 - 2014-05-05 02:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-29 16:50 - 2014-07-29 00:13 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-07-29 16:03 - 2014-07-29 16:03 - 00078214 _____ () C:\Users\User\Downloads\Extras.Txt2014-07-29 15:58 - 2014-07-29 15:58 - 00133326 _____ () C:\Users\User\Downloads\OTL.Txt2014-07-29 15:40 - 2014-03-13 23:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client2014-07-29 15:28 - 2011-01-28 00:07 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-10993255-1859570673-1900244754-1001Core.job2014-07-29 15:27 - 2014-07-29 15:27 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe2014-07-29 15:23 - 2014-07-29 15:23 - 00854390 _____ () C:\Users\User\Downloads\SecurityCheck.exe2014-07-29 15:22 - 2009-07-14 00:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-29 15:22 - 2009-07-14 00:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-29 15:20 - 2014-03-23 03:40 - 01281206 _____ () C:\Windows\WindowsUpdate.log2014-07-29 15:17 - 2010-12-29 15:25 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks2014-07-29 15:17 - 2010-12-29 15:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks2014-07-29 15:17 - 2010-10-24 17:52 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup2014-07-29 15:16 - 2011-04-07 17:27 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-29 15:14 - 2014-07-24 02:56 - 00000728 _____ () C:\Windows\setupact.log2014-07-29 15:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-29 03:15 - 2014-07-24 03:03 - 00000000 ____D () C:\AdwCleaner2014-07-29 03:12 - 2014-07-29 02:49 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-29 02:50 - 2014-07-29 02:50 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-29 02:48 - 2014-07-29 02:47 - 11188736 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe2014-07-29 02:48 - 2014-07-29 02:45 - 00002010 _____ () C:\Users\User\Desktop\Rkill.txt2014-07-29 02:16 - 2011-01-06 09:18 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe2014-07-29 00:52 - 2014-07-20 23:06 - 00000000 ____D () C:\Users\User\AppData\Local\PMB Files2014-07-29 00:13 - 2014-07-29 00:13 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-29 00:12 - 2014-07-29 00:12 - 05379160 _____ () C:\Users\User\Desktop\RogueKillerX64.exe2014-07-28 23:04 - 2014-07-28 23:04 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-28 20:05 - 2014-07-28 20:05 - 00000000 _____ () C:\Users\User\defogger_reenable2014-07-28 20:05 - 2010-12-29 15:24 - 00000000 ____D () C:\Users\User2014-07-28 20:04 - 2014-07-28 20:04 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.scr2014-07-28 13:00 - 2014-07-28 13:00 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe2014-07-28 12:52 - 2014-06-02 02:26 - 00001774 _____ () C:\Users\User\Desktop\CyberGhost 5.lnk2014-07-28 12:52 - 2014-04-13 18:09 - 00001072 _____ () C:\Users\User\Desktop\Adobe Audition CC.lnk2014-07-28 12:44 - 2012-11-29 02:13 - 00000000 ____D () C:\Users\User\Desktop\Maintenance2014-07-28 02:13 - 2014-07-24 02:56 - 00011230 _____ () C:\Windows\PFRO.log2014-07-28 02:09 - 2014-07-28 02:08 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe2014-07-28 02:06 - 2014-07-28 02:05 - 01367289 _____ () C:\Users\User\Downloads\adwcleaner_3.300.exe2014-07-28 01:49 - 2014-07-28 01:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe2014-07-28 00:25 - 2014-07-28 00:25 - 00028869 _____ () C:\ComboFix.txt2014-07-28 00:25 - 2014-05-05 02:03 - 00000000 ____D () C:\Qoobox2014-07-28 00:22 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini2014-07-27 23:51 - 2014-07-27 23:51 - 00000000 _____ () C:\Windows\system32\uxucr.dll2014-07-27 23:41 - 2014-07-27 23:41 - 00072704 _____ () C:\Windows\system32\vndzfqf.dll2014-07-27 23:41 - 2014-07-27 23:41 - 00003972 _____ () C:\Windows\System32\Tasks\{086E31A2-35EF-BCCF-8BBD-4E21DEB5DF75}2014-07-27 23:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep2014-07-27 00:54 - 2014-07-20 23:06 - 00000000 ____D () C:\ProgramData\PMB Files2014-07-27 00:35 - 2014-07-13 00:36 - 00000258 _____ () C:\Windows\Tasks\CCleanerClean.job2014-07-26 22:35 - 2014-07-26 22:01 - 00000000 ____D () C:\Users\User\Desktop\Pics2014-07-26 22:28 - 2014-03-10 20:51 - 00000000 ____D () C:\Users\User\Documents\Outlook2014-07-26 22:26 - 2014-07-26 22:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\LolClient2014-07-26 21:45 - 2012-08-10 01:59 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps2014-07-26 00:48 - 2014-07-24 23:45 - 00000000 ____D () C:\Users\User\workspace2014-07-26 00:28 - 2014-07-25 15:51 - 00000000 ____D () C:\Users\User\.android2014-07-25 23:59 - 2014-07-25 23:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\puush2014-07-25 23:59 - 2014-07-25 23:58 - 00000000 ____D () C:\Program Files (x86)\puush2014-07-25 23:58 - 2014-07-25 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush2014-07-25 23:57 - 2014-07-25 23:57 - 01085440 _____ () C:\Users\User\Downloads\puush.msi2014-07-25 22:32 - 2014-02-23 00:37 - 00000000 ____D () C:\ProgramData\ProductData2014-07-25 15:36 - 2014-07-25 15:36 - 00000000 ____D () C:\Program Files (x86)\Android2014-07-25 02:21 - 2014-07-25 02:09 - 93015376 _____ (Google Inc.) C:\Users\User\Downloads\installer_r23.0.2-windows.exe2014-07-24 15:56 - 2010-12-29 15:25 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore2014-07-24 14:01 - 2014-07-24 14:01 - 00000000 ____D () C:\Program Files (x86)\NirSoft2014-07-24 13:57 - 2014-07-24 13:57 - 00000000 ____D () C:\Program Files (x86)\Windows Kits2014-07-24 13:57 - 2014-06-21 00:14 - 00000000 ____D () C:\ProgramData\Package Cache2014-07-24 13:40 - 2014-07-24 13:40 - 417553870 _____ () C:\Windows\MEMORY.DMP2014-07-24 13:40 - 2014-07-24 13:40 - 00736368 _____ () C:\Windows\Minidump\072414-21730-01.dmp2014-07-24 13:40 - 2011-08-24 00:11 - 00000000 ____D () C:\Windows\Minidump2014-07-24 04:09 - 2014-07-24 04:09 - 00000000 ____D () C:\SUPERDelete2014-07-24 04:09 - 2013-08-30 15:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\IObit2014-07-24 04:06 - 2014-07-24 04:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com2014-07-24 04:06 - 2014-07-24 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-07-24 04:06 - 2014-07-24 04:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-07-24 04:05 - 2014-07-24 04:05 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-07-24 02:56 - 2014-07-24 02:56 - 00000000 _____ () C:\Windows\setuperr.log2014-07-23 22:40 - 2013-03-14 02:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-23 22:40 - 2013-03-14 02:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-23 20:29 - 2013-03-14 02:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-23 16:33 - 2014-03-22 02:43 - 00000046 _____ () C:\Users\User\jagex_cl_oldschool_LIVE.dat2014-07-23 05:50 - 2014-07-14 02:46 - 00000716 _____ () C:\Users\User\Documents\albums.txt2014-07-23 05:50 - 2012-12-03 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mp3tag2014-07-22 23:43 - 2014-05-06 22:31 - 00000000 ____D () C:\Users\User\Desktop\Singles2014-07-22 19:57 - 2013-10-22 23:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft2014-07-22 17:34 - 2010-10-24 19:12 - 00000000 ____D () C:\Windows\Wistools2014-07-20 23:14 - 2014-07-20 23:14 - 00000000 ____D () C:\ProgramData\Riot Games2014-07-20 23:09 - 2014-07-20 23:09 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk2014-07-20 23:09 - 2014-07-20 23:09 - 00000000 ____D () C:\Riot Games2014-07-20 23:09 - 2011-05-12 21:12 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin2014-07-20 23:05 - 2014-07-20 23:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Riot Games2014-07-17 19:44 - 2014-07-17 19:44 - 00000000 ____D () C:\VulcanQuarantine2014-07-17 14:16 - 2014-07-17 14:15 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log2014-07-17 14:16 - 2013-10-09 01:50 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-16 17:00 - 2012-11-13 21:39 - 00000000 ____D () C:\Users\User\AppData\Local\CRE2014-07-16 02:20 - 2014-07-16 02:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat2014-07-16 02:20 - 2014-07-16 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat2014-07-16 02:20 - 2014-07-16 02:20 - 00000000 ____D () C:\Program Files (x86)\WinDirStat2014-07-15 23:20 - 2014-07-15 23:20 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-07-15 23:20 - 2014-07-15 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-15 23:20 - 2014-07-15 23:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-15 23:20 - 2014-07-15 23:18 - 00000000 ____D () C:\Program Files\iTunes2014-07-15 23:20 - 2014-07-15 23:18 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-15 23:18 - 2014-07-15 23:18 - 00000000 ____D () C:\Program Files\iPod2014-07-15 14:02 - 2013-05-15 21:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-07-14 14:00 - 2013-08-20 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak2014-07-14 14:00 - 2013-05-15 21:54 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla2014-07-14 00:55 - 2014-07-14 00:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-13 00:36 - 2014-07-13 00:36 - 00002978 _____ () C:\Windows\System32\Tasks\CCleanerClean2014-07-13 00:31 - 2014-06-29 04:02 - 00000000 ____D () C:\Program Files (x86)\Steam2014-07-13 00:28 - 2012-11-14 00:00 - 00000000 ____D () C:\Program Files\CCleaner2014-07-13 00:26 - 2013-02-10 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-11 16:13 - 2009-07-14 01:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-11 03:02 - 2014-07-17 14:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-11 02:56 - 2014-07-17 14:17 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-11 02:56 - 2014-07-17 14:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-11 02:55 - 2014-07-17 14:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-10 16:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-07-10 15:58 - 2009-07-14 00:45 - 05039816 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-10 15:55 - 2014-04-26 17:52 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 15:55 - 2010-10-24 19:23 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 15:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-10 15:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-10 03:16 - 2010-12-29 15:54 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-10 03:13 - 2013-08-08 03:01 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 03:09 - 2011-01-31 18:24 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-07 17:17 - 2014-07-07 17:17 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab2014-07-07 17:17 - 2014-07-07 17:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab2014-07-06 00:03 - 2014-07-05 16:23 - 00000000 ____D () C:\Python272014-07-05 16:29 - 2014-07-05 16:26 - 00000000 ____D () C:\Users\User\.idlerc2014-07-05 16:24 - 2014-07-05 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.72014-07-04 18:23 - 2012-12-03 21:50 - 00000000 ____D () C:\Program Files (x86)\Mp3tag2014-07-04 18:15 - 2014-06-21 00:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\MAXON2014-07-04 01:46 - 2014-07-04 01:38 - 00000000 ____D () C:\Users\User\AppData\Local\pangu2014-07-03 18:57 - 2014-07-03 18:57 - 00000833 _____ () C:\Windows\system32\Drivers\etc\hosts.txt2014-07-03 01:12 - 2010-12-29 23:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer2014-07-03 01:09 - 2010-12-29 23:38 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer2014-07-03 00:54 - 2010-12-29 23:36 - 00000000 ____D () C:\ProgramData\Apple2014-07-03 00:43 - 2014-07-03 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-07-03 00:43 - 2012-01-25 21:35 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-07-03 00:36 - 2014-07-03 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-07-01 17:38 - 2013-09-30 13:35 - 00008528 _____ () C:\Windows\system32\Drivers\fvstore.dat2014-06-30 19:52 - 2013-02-11 00:08 - 00000000 ____D () C:\ProgramData\Origin2014-06-30 19:49 - 2013-02-11 00:08 - 00000000 ____D () C:\Program Files (x86)\Origin2014-06-30 19:11 - 2014-06-30 19:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\StunlockStudios2014-06-30 17:48 - 2014-06-29 17:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2014-06-30 16:08 - 2014-06-30 16:08 - 03009536 _____ (Python Software Foundation) C:\Windows\system32\python27.dll2014-06-29 22:09 - 2014-07-09 14:00 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-09 13:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-29 04:02 - 2014-06-29 04:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam Files to move or delete:====================C:\Users\User\jagex_cl_oldschool_LIVE.datC:\Users\User\jagex_cl_runescape_LIVE.datC:\Users\User\jagex_cl_runescape_LIVE_BETA.datC:\Users\User\random.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 14:47 ==================== End Of Log ============================
- July 29, 2014
- 10 replies
Svchost infected, wierd domain attempting to use it

phat2h123 replied to phat2h123's topic in Resolved Malware Removal Logs

here is a log of rouge killer report i ran recently: Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal modeUser : ********[Admin rights]Mode : Scan -- Date : 07/29/2014 04:03:43 ¤¤¤ Bad processes : 1 ¤¤¤[Proc.Svchost] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill] ¤¤¤ Registry Entries : 14 ¤¤¤[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST9500325AS +++++--- User ---[MBR] af60581b8c93d9928bb91439ebbfd179[bSP] f98238ccf0d53df8bd65d53948a9e926 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_DEL_07292014_015629.log - RKreport_DEL_07292014_023255.log - RKreport_DEL_07292014_033012.log - RKreport_SCN_07292014_011640.logRKreport_SCN_07292014_021628.log - RKreport_SCN_07292014_032724.log
- July 29, 2014
- 10 replies
Svchost infected, wierd domain attempting to use it

phat2h123 posted a topic in Resolved Malware Removal Logs

Hello, yesterday malwarebytes warned me of a domain attempting to connect to my service host. The domain is 'kkjhvudjyaskgjhylarqfjb' and the ip is 217.23.3.200. I ran a full malwarebyte scan only to find nothing as well as numerous other scans including: superantispyware, rkill,tfc,adwcleaner,eset scanner, vulcan scanner, and combo fix. All returned nothing. Afterwards i ran rouge killer. This is where stuff got interesting. Rouge killer flagged two svchost as malware and killed 'nacl.exe' located in my local chrome application folder. In addition some rookits were found in rouge most with 'EAT explorer.IEAT' in the name. The popup from malwarebytes had stopped by this point but today i turn my pc back on and it has begun once more so i have come here for help. I believe it is severly slowing down my internet connection as well.
- July 29, 2014
- 10 replies

Sign In

phat2h123

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by phat2h123

Possibley keylogged, not sure, need help fast plz

Possibley keylogged, not sure, need help fast plz

Possibley keylogged, not sure, need help fast plz

Should I be Worried about this

Should I be Worried about this

Svchost infected, wierd domain attempting to use it

Svchost infected, wierd domain attempting to use it

Svchost infected, wierd domain attempting to use it

Svchost infected, wierd domain attempting to use it

Svchost infected, wierd domain attempting to use it

Svchost infected, wierd domain attempting to use it

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information