Johnbird

Members

View Profile See their activity

Posts
3
Joined
October 19, 2014
Last visited
October 20, 2014

Reputation

0 Neutral

my MBAM Premium scan detected Trojan.Agent.ED

Johnbird replied to Johnbird's topic in Malwarebytes for Windows Support Forum

Ok, thanks for the links
- October 19, 2014
- 5 replies
MBAM Premium scan detected Trojan.Agent.ED

Johnbird posted a topic in Resolved Malware Removal Logs

Hi guys , Well, my MBAM Premium scan detected Trojan.Agent.ED today 19th October. When I try to run combofix, my laptop has been acting a bit estrange lately, so I decide to run McAfee internet security Antivirus software which found nothing on the system and my MBAM Premium which detected Trojan.Agent.ED. I thought that the reading of the Trojan.Agent.ED by MBAM Premium might be because I was running combofix. Now the strange thing is that when I run combofix, the program found an infected file on my C: drive which is the following: c:\windows\SysWow64\userinit.exe and disinfected but also Restored a copy form - c:\windows\erdnt\cache86\userinit.exe Now this is really strange because this seems to be the same infection that combofix disinfected few weeks ago. After installing and uninstalled Bitdefender and ESE antivirus from my computer. Because before my computer was running really smooth. So I don’t know if theses softwares left any traces on my computer and this is what is causing problems. Here are the reports from combofix the first passed when the infected file was identify and second combofix passed after disinfected. The last note, I found combofix after the second pass that was taking way too long to provide me with the report, when usually doesn’t take that long. I will appreciate a helpful hand out there. PS: I have follow the guidelines on your post here are the logs from FARBAR Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01 Ran by Arkly (administrator) on ARKLY-PC on 19-10-2014 17:07:01 Running from C:\Users\Arkly\Desktop Loaded Profile: Arkly (Available profiles: Arkly & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe (Akamai Technologies, Inc.) C:\Users\Arkly\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Arkly\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6560360 2010-12-08] (Realtek Semiconductor) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-11-30] (Realtek Semiconductor) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4283612145-3875195018-3230280069-1000\...\Run: [batteryCare] => C:\Program Files (x86)\BatteryCare\BatteryCare.exe [740864 2012-12-03] (Filipe Lourenço) HKU\S-1-5-21-4283612145-3875195018-3230280069-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Arkly\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-4283612145-3875195018-3230280069-1000\...\Policies\Explorer: [HideSCAPower] 0 AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5 FireFox: ======== FF ProfilePath: C:\Users\Arkly\AppData\Roaming\Mozilla\Firefox\Profiles\ekiuipjb.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-12] FF Extension: No Name - C:\Users\Arkly\AppData\Roaming\Mozilla\Firefox\Profiles\ekiuipjb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [Not Found] Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.com/" CHR Profile: C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-15] CHR Extension: (Google Docs) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-15] CHR Extension: (Google Drive) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15] CHR Extension: (WOT) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-15] CHR Extension: (YouTube) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-15] CHR Extension: (Adblock Plus) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-15] CHR Extension: (Google Search) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-15] CHR Extension: (Google Sheets) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-15] CHR Extension: (Google Wallet) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-15] CHR Extension: (Gmail) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-29] (CyberLink) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2014-10-14] (TuneUp Software) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-05-31] (TuneUp Software) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.) R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation) S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] () U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-19] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software) S4 NVHDA; system32\drivers\nvhda64v.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-19 17:07 - 2014-10-19 17:07 - 00015315 _____ () C:\Users\Arkly\Desktop\FRST.txt 2014-10-19 17:06 - 2014-10-19 17:07 - 00000000 ____D () C:\FRST 2014-10-19 17:05 - 2014-10-19 17:05 - 02112000 _____ (Farbar) C:\Users\Arkly\Desktop\FRST64.exe 2014-10-19 15:24 - 2014-10-19 15:24 - 00027538 _____ () C:\Users\Arkly\Desktop\combo_second_paas.txt 2014-10-19 15:24 - 2014-10-19 15:24 - 00027538 _____ () C:\ComboFix.txt 2014-10-19 15:04 - 2014-10-19 15:04 - 00028073 _____ () C:\Users\Arkly\Desktop\conbo_first_pass.txt 2014-10-19 14:46 - 2014-10-19 14:46 - 00000756 _____ () C:\Users\Arkly\Desktop\JRT.txt 2014-10-19 14:24 - 2014-10-19 14:24 - 00003855 _____ () C:\Users\Arkly\Desktop\RKreport_DEL_10192014_142435.log 2014-10-19 14:17 - 2014-10-19 14:17 - 00008890 _____ () C:\Users\Arkly\Desktop\RKreport_DEL_10192014_141657.log 2014-10-19 13:56 - 2014-10-19 13:56 - 15725144 _____ () C:\Users\Arkly\Desktop\RogueKiller.exe 2014-10-19 13:47 - 2014-10-19 16:46 - 00001604 _____ () C:\Windows\PFRO.log 2014-10-19 13:44 - 2014-10-19 13:46 - 00000000 ____D () C:\AdwCleaner 2014-10-19 13:43 - 2014-10-19 13:53 - 00000000 ____D () C:\Users\Arkly\Desktop\RogueKillerX64 2014-10-19 13:43 - 2014-10-19 13:43 - 01976320 _____ () C:\Users\Arkly\Desktop\adwcleaner_4.000.exe 2014-10-19 13:43 - 2014-10-19 13:43 - 00000000 ____D () C:\Users\Arkly\Desktop\Junkware Removal Tool 2014-10-19 13:43 - 2014-08-29 17:25 - 04161313 _____ () C:\Users\Arkly\Desktop\tdsskiller.zip 2014-10-19 13:18 - 2014-10-19 13:18 - 00071416 _____ () C:\Users\Arkly\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-19 13:15 - 2014-10-19 16:46 - 00000392 _____ () C:\Windows\setupact.log 2014-10-19 13:15 - 2014-10-19 13:15 - 04930392 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-19 13:15 - 2014-10-19 13:15 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-18 21:01 - 2014-10-18 21:01 - 02001408 _____ () C:\Users\Arkly\Downloads\102 - The building blocks of story.ppt 2014-10-18 20:41 - 2014-10-18 20:41 - 00024417 _____ () C:\Users\Arkly\Desktop\relevance - Dictionary Definition Vocabulary.com.htm 2014-10-18 20:41 - 2014-10-18 20:41 - 00000000 ____D () C:\Users\Arkly\Desktop\relevance - Dictionary Definition Vocabulary.com_files 2014-10-17 22:04 - 2014-10-17 22:05 - 00000000 ____D () C:\Users\Arkly\Desktop\BRANDING_BUSINESS 2014-10-17 15:15 - 2014-10-17 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2014-10-17 15:15 - 2014-10-17 15:15 - 00000000 ____D () C:\Program Files (x86)\Foxit Software 2014-10-17 12:04 - 2014-10-17 12:04 - 00815504 _____ (Ginger Software) C:\Users\Arkly\Downloads\Ginger.exe 2014-10-17 00:35 - 2014-10-17 00:35 - 00000000 ____D () C:\ProgramData\Autodesk 2014-10-17 00:34 - 2014-10-17 00:35 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Akamai 2014-10-17 00:23 - 2014-10-17 00:24 - 11463040 _____ () C:\Users\Arkly\Downloads\Autodesk_Maya_2014_wi_en-US_Setup.exe 2014-10-15 23:16 - 2014-10-15 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-15 23:15 - 2014-10-19 16:47 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-15 23:15 - 2014-10-19 16:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-15 23:15 - 2014-10-17 14:20 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-15 23:15 - 2014-10-17 13:24 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-15 23:15 - 2014-10-15 23:15 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-15 23:14 - 2014-10-15 23:14 - 00880272 _____ (Google Inc.) C:\Users\Arkly\Downloads\ChromeSetup.exe 2014-10-15 02:44 - 2014-10-15 02:44 - 00000000 ____D () C:\Users\Arkly\Desktop\kh 2014-10-15 00:05 - 2014-10-15 00:15 - 1310170560 _____ (Unity Technologies ApS) C:\Users\Arkly\Downloads\UnitySetup-4.5.5.exe 2014-10-14 13:16 - 2014-10-14 13:17 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-10-14 13:16 - 2014-10-14 13:16 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows 2014-10-14 13:16 - 2014-10-14 13:16 - 00000000 ____D () C:\Program Files\Dell Support Center 2014-10-14 13:14 - 2014-10-14 13:16 - 00000000 ____D () C:\Program Files\My Dell 2014-10-14 12:54 - 2014-10-14 12:54 - 00003838 _____ () C:\Windows\System32\Tasks\Mantenimiento automático 2014-10-14 12:37 - 2011-05-31 19:52 - 00036160 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-10-14 12:37 - 2011-05-31 19:52 - 00025920 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-10-14 12:37 - 2011-05-31 19:52 - 00021312 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll 2014-10-14 12:37 - 2011-05-31 19:51 - 00030016 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll 2014-10-12 21:47 - 2014-10-14 12:37 - 00002193 _____ () C:\Users\Arkly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk 2014-10-12 21:47 - 2014-10-12 21:47 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014-10-12 21:46 - 2014-10-14 12:37 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2010 2014-10-12 21:46 - 2014-10-12 21:46 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-10-12 21:41 - 2014-10-19 16:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-12 21:41 - 2014-10-17 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-12 21:41 - 2014-10-17 21:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-12 21:41 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-12 21:41 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-12 21:39 - 2014-10-12 21:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-10-12 21:39 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-12 19:09 - 2014-10-12 19:09 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Macromedia 2014-10-12 19:08 - 2014-10-14 23:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-12 19:08 - 2014-10-14 23:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-12 17:50 - 2014-10-12 17:50 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-12 17:50 - 2014-10-12 17:50 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Mozilla 2014-10-12 17:50 - 2014-10-12 17:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-12 17:24 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2014-10-12 17:16 - 2014-10-12 17:16 - 00244136 _____ () C:\Users\Arkly\Downloads\Firefox Setup Stub 32.0.3.exe 2014-10-12 17:16 - 2014-10-12 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-10-12 15:49 - 2014-10-12 17:16 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-10-12 15:48 - 2014-10-12 15:49 - 00000000 ____D () C:\Program Files\McAfee 2014-10-12 15:48 - 2014-10-12 15:48 - 00000000 ____D () C:\Program Files\McAfee.com 2014-10-12 15:48 - 2014-10-12 15:48 - 00000000 ____D () C:\Program Files (x86)\McAfee.com 2014-10-12 15:42 - 2014-10-12 17:23 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2014-10-12 15:42 - 2014-07-18 09:01 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe 2014-10-12 13:16 - 2014-10-19 16:51 - 00369054 _____ () C:\Windows\WindowsUpdate.log 2014-10-11 19:51 - 2014-10-12 21:48 - 00003304 _____ () C:\Windows\System32\Tasks\ToolwizCareFree 2014-10-11 19:40 - 2014-10-11 19:51 - 00001082 _____ () C:\Users\UpdatusUser\Desktop\Toolwiz Care.lnk 2014-10-11 19:40 - 2014-10-11 19:40 - 00000000 ___HD () C:\Users\Arkly\Desktop\TOOLWIZ 2014-10-11 00:45 - 2014-10-11 00:45 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-10-11 00:45 - 2014-10-11 00:45 - 00000000 ____D () C:\Windows\system32\NV 2014-10-11 00:36 - 2014-10-11 00:44 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-11 00:36 - 2014-10-11 00:36 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2014-10-11 00:36 - 2014-04-20 21:04 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia 2014-10-11 00:36 - 2013-10-23 09:20 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-10-11 00:36 - 2013-10-23 09:20 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-10-11 00:36 - 2013-10-23 09:20 - 03426956 _____ () C:\Windows\system32\nvcoproc.bin 2014-10-11 00:36 - 2013-10-23 09:20 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-10-11 00:36 - 2013-10-23 09:20 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2014-10-11 00:36 - 2013-10-23 09:20 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-10-11 00:36 - 2013-10-23 09:20 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-10-11 00:36 - 2013-10-23 09:20 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2014-10-11 00:36 - 2013-10-23 09:20 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-10-11 00:36 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-11 00:36 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-11 00:35 - 2014-10-11 00:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-10-11 00:35 - 2014-10-11 00:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-10-11 00:35 - 2014-10-11 00:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-10-11 00:35 - 2013-12-18 14:42 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-10-11 00:35 - 2013-12-18 14:42 - 00023287 _____ () C:\Windows\system32\nvinfo.pb 2014-10-11 00:35 - 2011-11-04 05:19 - 01543488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll 2014-10-11 00:35 - 2011-11-04 05:19 - 01454912 _____ (NVIDIA Corporation) C:\Windows\system32\nvgenco64.dll 2014-10-11 00:35 - 2011-11-04 05:19 - 00371520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoptimusmft.dll 2014-10-11 00:35 - 2011-11-04 05:19 - 00364352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll 2014-10-11 00:35 - 2011-11-04 05:19 - 00330560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoptimusmft.dll 2014-10-11 00:35 - 2011-11-04 05:19 - 00301888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll 2014-10-11 00:35 - 2011-11-04 05:19 - 00068928 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-10-11 00:35 - 2011-11-04 05:19 - 00061248 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-10-10 23:34 - 2011-05-31 19:57 - 00034624 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe 2014-10-10 21:24 - 2014-10-10 21:25 - 00000000 ____D () C:\Users\Arkly\Desktop\computer games development 2014-10-09 11:05 - 2014-10-11 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate 2014-10-07 18:45 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-07 18:45 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-07 18:45 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-07 18:45 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-07 18:45 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-07 18:45 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-07 18:45 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-07 18:45 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-07 18:45 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-07 18:45 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-07 18:45 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-07 18:45 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-07 18:45 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-07 18:45 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-07 18:45 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-07 18:45 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-07 18:45 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-07 18:45 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-07 18:45 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-07 18:45 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-07 18:45 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-07 18:45 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-07 18:45 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-07 18:45 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-07 18:45 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-07 18:45 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-07 18:45 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-07 18:45 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-07 18:45 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-07 18:45 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-07 18:45 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-07 18:45 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-07 18:45 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-07 18:45 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-07 18:45 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-07 18:45 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-07 18:45 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-07 18:45 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-07 18:45 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-07 18:45 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-07 18:45 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-07 18:45 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-07 18:45 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-07 18:45 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-07 18:45 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-07 18:45 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-07 18:45 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-07 18:45 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-07 18:45 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-07 18:45 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-07 18:45 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-07 18:45 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-07 18:45 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-07 18:45 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-07 18:45 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-07 18:45 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-04 20:20 - 2014-10-04 20:20 - 00000000 ____D () C:\ProgramData\Citrix 2014-10-04 20:13 - 2014-10-04 20:13 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Citrix 2014-10-04 20:13 - 2014-10-04 20:13 - 00000000 ____D () C:\Program Files (x86)\Citrix 2014-10-04 19:51 - 2014-10-12 21:43 - 00000000 ____D () C:\ProgramData\McAfee 2014-10-04 18:05 - 2014-10-06 00:15 - 00000000 ____D () C:\Users\Arkly\AppData\Temp 2014-10-04 17:57 - 2014-10-04 17:57 - 00000385 _____ () C:\Windows\system32\user_gensett.xml 2014-10-04 17:57 - 2014-10-04 17:57 - 00000385 _____ () C:\Users\Arkly\AppData\Roaminguser_gensett.xml 2014-10-04 17:56 - 2014-10-04 17:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2014-10-04 17:56 - 2014-10-04 17:56 - 00000000 ____D () C:\ProgramData\BDLogging 2014-10-04 17:56 - 2013-11-04 15:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll 2014-10-04 17:56 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll 2014-10-04 16:54 - 2014-10-04 16:54 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\ESET 2014-10-04 16:54 - 2014-10-04 16:54 - 00000000 ____D () C:\Users\Arkly\AppData\Local\ESET 2014-10-04 16:50 - 2014-10-04 16:50 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\QuickScan 2014-10-04 16:50 - 2014-10-04 16:50 - 00000000 _____ () C:\Windows\system32\BDSandBoxUISkin32.dll 2014-10-04 16:50 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll 2014-10-04 16:50 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll 2014-10-04 16:16 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-10-04 16:16 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-10-04 16:15 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-10-04 16:15 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-10-04 16:14 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-04 16:14 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-10-04 16:14 - 2014-09-05 03:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-04 16:14 - 2014-09-05 03:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-04 16:14 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-10-04 16:14 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-10-04 16:14 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-10-04 16:14 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-10-04 16:14 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-10-04 16:14 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-10-04 16:14 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-10-04 16:14 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-10-04 16:14 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-27 15:54 - 2014-09-27 15:54 - 00319326 _____ () C:\Users\Arkly\Downloads\crimson.zip 2014-09-22 19:41 - 2014-09-23 12:29 - 00000000 ____D () C:\Users\Arkly\AppData\Local\NVIDIA Corporation ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-19 17:06 - 2014-04-03 15:01 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\SoftGrid Client 2014-10-19 16:55 - 2009-07-14 05:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-19 16:55 - 2009-07-14 05:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-19 16:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-19 15:48 - 2014-04-24 15:18 - 00000000 ____D () C:\Windows\erdnt 2014-10-19 15:14 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-19 14:28 - 2014-08-03 14:42 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-10-19 14:17 - 2014-04-24 16:41 - 00000000 ____D () C:\Users\Arkly\AppData\Local\CrashDumps 2014-10-19 13:55 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Arkly\Desktop\TDSSKiller.exe 2014-10-19 13:48 - 2014-04-03 15:20 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\BatteryCare 2014-10-18 19:33 - 2014-04-21 14:28 - 00001456 _____ () C:\Users\Arkly\AppData\Local\Adobe Save for Web 13.0 Prefs 2014-10-17 22:03 - 2014-06-11 16:47 - 00000000 ____D () C:\Users\Arkly\Desktop\images 2014-10-17 21:35 - 2009-07-14 06:13 - 00782596 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-17 00:35 - 2014-04-21 13:25 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Autodesk 2014-10-17 00:34 - 2014-04-21 13:22 - 00000000 ____D () C:\Autodesk 2014-10-16 21:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 23:16 - 2014-04-02 21:52 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Google 2014-10-14 23:38 - 2014-04-06 11:04 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Adobe 2014-10-14 20:15 - 2014-04-03 15:33 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Skype 2014-10-14 15:37 - 2014-04-07 17:13 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance 2014-10-14 13:43 - 2014-04-02 21:52 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Deployment 2014-10-14 13:20 - 2014-04-04 23:21 - 00000000 ____D () C:\temp 2014-10-14 13:16 - 2014-08-06 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2014-10-14 13:10 - 2014-04-02 21:52 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Apps\2.0 2014-10-12 21:41 - 2014-04-03 15:12 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Malwarebytes 2014-10-12 17:12 - 2014-08-13 00:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-10-12 15:49 - 2014-04-02 21:27 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-10-12 14:44 - 2014-08-10 17:55 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Notepad++ 2014-10-12 14:43 - 2014-04-03 15:31 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Foxit Reader 2014-10-12 03:20 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-11 00:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help 2014-10-11 00:05 - 2014-04-25 09:20 - 00000000 ____D () C:\Windows\Minidump 2014-10-10 22:49 - 2014-07-18 22:44 - 00000000 ____D () C:\Windows\pss 2014-10-10 22:49 - 2014-07-17 22:41 - 00000000 ___RD () C:\Users\Arkly\Dropbox 2014-10-10 22:48 - 2014-07-17 22:39 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Dropbox 2014-10-09 11:06 - 2014-04-05 20:31 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-07 19:01 - 2014-04-03 00:45 - 00766566 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-10-06 16:32 - 2014-05-07 18:42 - 00000132 _____ () C:\Users\Arkly\AppData\Roaming\Adobe PNG Format CS6 Prefs 2014-10-04 18:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Offline Web Pages 2014-10-04 16:22 - 2014-04-02 22:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-04 16:17 - 2014-04-02 22:37 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-04 16:16 - 2014-04-25 17:25 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-27 14:14 - 2014-06-15 14:51 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Foxit Software ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 21:05 ==================== End Of Log ============================ ___________________________________ Second FARBAR log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01 Ran by Arkly at 2014-10-19 17:07:54 Running from C:\Users\Arkly\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Autodesk SketchBook Pro 6.0.1 (HKLM-x32\...\{783C27F9-EF0B-4B81-8464-8592AE8CB5B8}) (Version: 6.01.0000 - Autodesk) BatteryCare 0.9.12.1 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.12.1 - Filipe Lourenço) CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) CleanMem (HKLM-x32\...\CleanMem) (Version: v2.4.3 - PcWinTech.com) CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.3522 - CyberLink Corp.) CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.3522 - CyberLink Corp.) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.4.1128 - Foxit Corporation) Free Internet Window Washer (HKLM-x32\...\Free Internet Window Washer) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Intel PROSet Wireless (Version: - ) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.64.1 - JMicron Technology Corp.) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.6122.5000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.7128.5001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.22 - Dell Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6263 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version: - ) System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC) TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.6000.21 - TuneUp Software) TuneUp Utilities (x32 Version: 9.0.6000.21 - TuneUp Software) Hidden TuneUp Utilities Language Pack (es-ES) (x32 Version: 9.0.6000.21 - TuneUp Software) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.7-3 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 19-10-2014 14:49:19 ComboFix created restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-10-19 15:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {541DCD6A-740A-4587-A359-6EA77D66E126} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe Task: {66E5F2E0-CB9D-483F-9A0C-95A15150C56E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.) Task: {6B2E8983-0BBC-4D35-AED2-A0A9D63AEB18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.) Task: {7742416D-F75D-4B53-A347-60A4EFF817BF} - System32\Tasks\Mantenimiento automático => C:\Program Files (x86)\TuneUp Utilities 2010\OneClickStarter.exe [2011-05-31] (TuneUp Software) Task: {81B2FB64-FF07-40C3-A03C-7AF062AEA246} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {86970AF3-C8B3-412E-BDA6-F4B38EED735A} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2012-09-20] (PcWinTech.com) Task: {9AB24CA7-3138-439C-9F61-7F74716D8B70} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2011-05-31] (TuneUp Software) Task: {AC042521-C955-40F9-AE4C-B6AAA97A1E03} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated) Task: {CD70337F-E4C8-4589-B990-6225204F2092} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.) Task: {F82234BF-7B6B-4EC1-98A8-E182D768D72A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-26 18:20 - 2011-06-06 14:23 - 01183096 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2014-04-02 20:27 - 2010-12-17 10:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe 2014-04-03 15:19 - 2012-07-26 08:27 - 00252928 _____ () C:\Program Files (x86)\BatteryCare\OpenHardwareMonitorLib.dll 2014-10-12 17:50 - 2014-09-24 06:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-10-07 21:39 - 2014-10-07 21:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\41a544b3d834e3b57bc39d446c7666bc\IsdiInterop.ni.dll 2014-04-02 20:23 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Arkly\AppData\Local\Temporary Internet Files:LGtbJmDK1pUB4reJLfINRR ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\startupfolder: C:^Users^Arkly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ========================= Accounts: ========================== Administrator (S-1-5-21-4283612145-3875195018-3230280069-500 - Administrator - Disabled) Arkly (S-1-5-21-4283612145-3875195018-3230280069-1000 - Administrator - Enabled) => C:\Users\Arkly Guest (S-1-5-21-4283612145-3875195018-3230280069-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4283612145-3875195018-3230280069-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-4283612145-3875195018-3230280069-1006 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/19/2014 04:47:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2014 03:10:06 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: Error: (10/19/2014 02:59:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2014 02:58:35 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: Error: (10/19/2014 02:48:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/19/2014 03:14:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 03:09:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 02:58:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 02:56:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions: ========================= Error: (10/19/2014 04:47:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2014 03:10:06 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: Error: (10/19/2014 02:59:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2014 02:58:35 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: Error: (10/19/2014 02:48:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-10-05 23:35:22.674 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-10-05 23:35:22.658 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-10-05 10:18:33.408 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-05 10:18:33.405 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-05 10:18:10.453 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-2860QM CPU @ 2.50GHz Percentage of memory in use: 27% Total physical RAM: 8086.17 MB Available physical RAM: 5866.44 MB Total Pagefile: 16170.52 MB Available Pagefile: 13329.32 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:427.46 GB) NTFS Drive e: (UNTITLED) (Removable) (Total:1.87 GB) (Free:1.46 GB) FAT Drive f: (New Volume) (Fixed) (Total:465.76 GB) (Free:465.62 GB) NTFS Drive h: () (Fixed) (Total:465.76 GB) (Free:239.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B95073E6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 57DB00A3) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 1.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 3 (Size: 465.8 GB) (Disk ID: EE49AE1C) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ combo_second_paas.txt conbo_first_pass.txt
- October 19, 2014
- 2 replies
my MBAM Premium scan detected Trojan.Agent.ED

Johnbird posted a topic in Malwarebytes for Windows Support Forum

Hi guys , Well, my MBAM Premium scan detected Trojan.Agent.ED today 19th October. When I try to run combofix, my laptop has been acting a bit estrange lately, so I decide to run McAfee internet security Antivirus software which found nothing on the system and my MBAM Premium which detected Trojan.Agent.ED. I thought that the reading of the Trojan.Agent.ED by MBAM Premium might be because I was running combofix. Now the strange thing is that when I run combofix, the program found an infected file on my C: drive which is the following: c:\windows\SysWow64\userinit.exe and disinfected but also Restored a copy form - c:\windows\erdnt\cache86\userinit.exe Now this is really strange because this seems to be the same infection that combofix disinfected few weeks ago. After installing and uninstalled Bitdefender and ESE antivirus from my computer. Because before my computer was running really smooth. So I don’t know if theses softwares left any traces on my computer and this is what is causing problems. Here are the reports from combofix the first passed when the infected file was identify and second combofix passed after disinfected. The last note, I found combofix after the second pass that was taking way too long to provide me with the report, when usually doesn’t take that long. I will appreciate a helpful hand out there. conbo_first_pass.txt combo_second_paas.txt
- October 19, 2014
- 5 replies

Sign In

Johnbird

Posts

Joined

Last visited

Reputation

my MBAM Premium scan detected Trojan.Agent.ED

MBAM Premium scan detected Trojan.Agent.ED

my MBAM Premium scan detected Trojan.Agent.ED

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information