Jump to content

BalconyJedi

Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Greater NYC Area
  1. Hello all, I've been using Malwarebytes Anti-Malware on my Moto G (2nd Gen) ever since I got it in June, running Android 5.0.2 (Lollipop). I usually keep cellular data switched off because I'm on WiFi a lot and only enable it when I quickly need to go online to check something. Yesterday I went on a 4:30 hour drive and used Google Maps for navigation, so I did switch on cellular data. Once I arrived, I noticed that Malwarebytes Anti-Malware had racked up around 90MB of background data during the drive, while Google Maps had used less than 40MB! I don't know the exact numbers since I didn't write down the usage before I went on the trip, but I think it shows clearly that something is off. I never left the phone on cellular data for an extended period of time, but I doubt Anti-Malware would usually leave such a huge data footprint. Since I was using Google Maps during the whole drive, I assume it is somehow related, however, it might be a false conclusion. Does anybody have a clue what the reason might be? I'd like to avoid this kind of behavior in the future. For now I restricted app background data on cellular networks for Malwarebytes Anti-Malware but I don't want to be unprotected. See attached a screenshot of the data usage (showing the spike in usage) and as a comparison a screenshot of the WiFi data, where Anti-Malware seems to have used around 56MB of background data in the last 28 days, so roughly 2MB per day which seems fine. What kind of information would you need me to provide? Here are my basics: Moto G 2nd Gen, I'm with Consumer Cellular (in the US) Lollipop 5.0.2 Anti-Malware v1.05.1.1000 (151) Avast Mobile Security & Antivirus Thanks for any ideas and have a great weekend, Ben
  2. Hi Adam, I followed your steps (it seems Combofix was only installed on the Vista machine though). As of now, everything seems clean on all 3 machines. I'll check out the links as soon as I can. I've been using Adblock Plus for years, that's why I thought it was weird when I got that initial pop-up. Thanks so much again for everything, and I hope I won't have to come back here anytime soon! I'm sure you know how I mean that Have a good week, Ben
  3. Hi Adam, sorry for the late reply, I've been busy preparing for my trip. I will take those last steps tonight after work and report back here. Then I will be on my way to meet with family and will be away from home until early next year. Thanks, Ben
  4. Hi Adam, So I used my Win 7 and Win 8.1 machines normally over the weekend and didn't encounter any pop-ups, redirects or blocked IPs. I hope it will stay that way and won't happen again. Thanks again for all your time and effort, Ben
  5. Hi Adam, I'll give Secunia PSI a shot, thanks for recommending. I also treated myself to a year of MBAM Premium for the holidays I'll keep using and monitoring my machines during the weekend and will report back here Sunday night or Monday. I will most likely be away from home starting the middle of next week until early January and will only take my Win 8.1 laptop with me, so I hope it won't act up. Have a good weekend and thanks again, Ben
  6. Hi Adam, I updated all the software you listed on all my machines, uninstalled the programmes you pointed out and performed Windows updates. I usually try to keep my OS and browsers up to date but I guess sometimes some things get left behind a bit. I also disabled Java in my browsers. For some reason, the steps you listed didn't work for me (pressing Win key + s and typing that), but I followed these instructions (https://www.java.com/en/download/help/win_controlpanel.xml). Since this should take care of Java in browsers globally, I don't need to disable any plugins in any browser manually, right? I noticed that my Malwarebytes trial is going to end in a couple of days and I was wondering if it would be recommended to buy the license to keep the protection running? Good night, Ben
  7. Hi Adam, I haven't used ICQ or Freecorder lately. I think I will uninstall Freecorder since I don't think I'll use it anytime soon. Chip's Challenge is an old game I tried to get to run for nostalgia reasons but I don't think I succeeded at the time. I will keep the backups on my Win 7 machine for now. When should I delete them and create a new one? I ran the FRST fix, see log below. Then I successfully power-cycled the modem and reset it to its factory settings after. I set up a new router password and configured my internet, so all seems well for now. I will monitor my devices closely while using them normally (I mostly use the Win 7 and 8.1 machines). Are there any other steps I should take at the moment? I still wonder what I did to infect myself, and how it could "spread" to all my devices. Is there anything I can do to prevent the same thing from happening again? And should I worry about my phone? I don't usually use it to browse the net, I mostly just use it to communicate via email and messaging apps, so I didn't encounter the pop-up again as of late. Thank you so much for your support and detailed steps which really made it easy to get through this whole process. Is there any way to compensate you for your time and effort? Cheers, Ben --- Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2014 01 Ran by Ben at 2014-12-11 18:38:17 Run:2 Running from C:\Users\Ben\Desktop Loaded Profile: Ben (Available profiles: Ben) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CHR HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path S3 ALSysIO; \??\C:\Users\Ben\AppData\Local\Temp\ALSysIO64.sys [X] 2014-12-03 22:39 - 2013-07-07 20:16 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uTorrentCMD: ipconfig /flushdns CMD: netsh winsock reset all EmptyTemp: end ***************** "HKU\S-1-5-21-2124055293-823835824-744022225-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully. ALSysIO => Service stopped successfully. ALSysIO => Service deleted successfully. "C:\Users\Ben\AppData\Roaming\uTorrentCMD: ipconfig /flushdns" => File/Directory not found. ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= EmptyTemp: => Removed 122.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  8. Hi Adam, I followed your steps for the Win 7 machine and posted the logs below. Post was too long again, so I attached Addition.txt. After the checks, I reset all the browsers on this machine. Concerning the Vista machine: I let it run idle for 3 hours straight, nothing suspicious showed up in the MBAM Protection log. Concerning the Win 8.1 machine, I used it regularly for 4 hours, browsing, Steam, Skype. I didn't encounter any pop-up or redirects so far, nothing suspicious showed up in the MBAM Protection log. --- fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2014 01 Ran by Ben at 2014-12-10 18:33:00 Run:1 Running from C:\Users\Ben\Desktop Loaded Profile: Ben (Available profiles: Ben) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\MountPoints2: {66e498bd-7253-11e0-a8a5-806e6f6e6963} - D:\Bin\assetup.exe HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\MountPoints2: {9814333f-7258-11e0-9f40-806e6f6e6963} - D:\Autorun.exe Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF Extension: No Name - wrc@avast.com [Not Found] CHR HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path S1 ntiomin; No ImagePath R3 ALSysIO; \??\C:\Users\Ben\AppData\Local\Temp\ALSysIO64.sys [X] C:\Users\Ben\AppData\Local\Temp\AutoRun.exe C:\Users\Ben\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll1331454246424888356.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll1827947999016689267.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll2491803838511475399.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll3512204222051871070.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll3592425255036692925.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll4749961568662767334.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll5819461704167899060.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll654430894519709366.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll6569901206582923769.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll6949729159658131512.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll7682778882318700763.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll7915004541468703617.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll9019771622133271778.dll C:\Users\Ben\AppData\Local\Temp\bridj.dll9058929892164767200.dll C:\Users\Ben\AppData\Local\Temp\certutil.exe C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojfvdl.dll C:\Users\Ben\AppData\Local\Temp\GURD492.exe C:\Users\Ben\AppData\Local\Temp\Gw2.exe C:\Users\Ben\AppData\Local\Temp\i4jdel0.exe C:\Users\Ben\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Ben\AppData\Local\Temp\jre-8u11-windows-au.exe C:\Users\Ben\AppData\Local\Temp\jre-8u20-windows-au.exe C:\Users\Ben\AppData\Local\Temp\msvcr71.dll C:\Users\Ben\AppData\Local\Temp\nspr4.dll C:\Users\Ben\AppData\Local\Temp\nss3.dll C:\Users\Ben\AppData\Local\Temp\plc4.dll C:\Users\Ben\AppData\Local\Temp\plds4.dll C:\Users\Ben\AppData\Local\Temp\Quarantine.exe C:\Users\Ben\AppData\Local\Temp\SCC.dll C:\Users\Ben\AppData\Local\Temp\sfamcc00001.dll C:\Users\Ben\AppData\Local\Temp\sfextra.dll C:\Users\Ben\AppData\Local\Temp\SkypeSetup.exe C:\Users\Ben\AppData\Local\Temp\smime3.dll C:\Users\Ben\AppData\Local\Temp\softokn3.dll C:\Users\Ben\AppData\Local\Temp\sqlite3.dll C:\Users\Ben\AppData\Local\Temp\SymCCIS.dll C:\Users\Ben\AppData\Local\Temp\tmpE0AD.exe C:\Users\Ben\AppData\Local\Temp\Wildstar.exe C:\Users\Ben\AppData\Local\Temp\_is8D51.exe CustomCLSID: HKU\S-1-5-21-2124055293-823835824-744022225-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2124055293-823835824-744022225-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2124055293-823835824-744022225-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2124055293-823835824-744022225-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File AlternateDataStreams: C:\ProgramData\TEMP:28BF1793 CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: end ***************** "HKU\S-1-5-21-2124055293-823835824-744022225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66e498bd-7253-11e0-a8a5-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{66e498bd-7253-11e0-a8a5-806e6f6e6963}" => Key not found. "HKU\S-1-5-21-2124055293-823835824-744022225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9814333f-7258-11e0-9f40-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{9814333f-7258-11e0-9f40-806e6f6e6963}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found. FF Extension: No Name - wrc@avast.com [Not Found] not found. "HKU\S-1-5-21-2124055293-823835824-744022225-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully. ntiomin => Service deleted successfully. ALSysIO => Service stopped successfully. ALSysIO => Service deleted successfully. C:\Users\Ben\AppData\Local\Temp\AutoRun.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll1331454246424888356.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll1827947999016689267.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll2491803838511475399.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll3512204222051871070.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll3592425255036692925.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll4749961568662767334.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll5819461704167899060.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll654430894519709366.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll6569901206582923769.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll6949729159658131512.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll7682778882318700763.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll7915004541468703617.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll9019771622133271778.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\bridj.dll9058929892164767200.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\certutil.exe => Moved successfully. "C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojfvdl.dll" => File/Directory not found. C:\Users\Ben\AppData\Local\Temp\GURD492.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\Gw2.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\i4jdel0.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\jre-8u11-windows-au.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\jre-8u20-windows-au.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\msvcr71.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\nspr4.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\nss3.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\plc4.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\plds4.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\SCC.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\sfamcc00001.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\sfextra.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\smime3.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\softokn3.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\sqlite3.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\SymCCIS.dll => Moved successfully. C:\Users\Ben\AppData\Local\Temp\tmpE0AD.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\Wildstar.exe => Moved successfully. C:\Users\Ben\AppData\Local\Temp\_is8D51.exe => Moved successfully. "HKU\S-1-5-21-2124055293-823835824-744022225-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully. "HKU\S-1-5-21-2124055293-823835824-744022225-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-2124055293-823835824-744022225-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully. "HKU\S-1-5-21-2124055293-823835824-744022225-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. C:\ProgramData\TEMP => ":28BF1793" ADS removed successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Global, OK! Reseting Interface, OK! Reseting Unicast Address, OK! Reseting Route, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Interface, OK! Reseting Unicast Address, OK! Reseting Route, OK! Restart the computer to complete this action. ========= End of CMD: ========= EmptyTemp: => Removed 6.8 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== AdwCleaner # AdwCleaner v4.105 - Report created 10/12/2014 at 18:53:11 # Updated 08/12/2014 by Xplode # Database : 2014-12-08.2 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Ben - GAMINGTHING # Running from : C:\Users\Ben\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : c2cautoupdatesvc Service Deleted : c2cpnrsvc ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [iCQ Search] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v33.1 (x86 en-GB) [30hr0lgk.default\prefs.js] - Line Deleted : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true); [30hr0lgk.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,en-GB%40dictionaries.addons.mozilla.org:1.19.1,fr-moderne%40dictionaries.addons.mozilla.org:4.3,hilarious%40axnjaxn.com:2.1.2,[...] -\\ Google Chrome v [C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome [C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} -\\ Chromium v [C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome [C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [23199 octets] - [02/12/2014 21:45:16] AdwCleaner[R1].txt - [2375 octets] - [10/12/2014 18:46:53] AdwCleaner[s0].txt - [24761 octets] - [02/12/2014 21:47:27] AdwCleaner[s1].txt - [2652 octets] - [10/12/2014 18:53:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2712 octets] ########## MBAM Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/12/2014 Scan Time: 18:57:40 Logfile: MBAM.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.10.09 Rootkit Database: v2014.12.08.03 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Ben Scan Type: Threat Scan Result: Completed Objects Scanned: 329915 Time Elapsed: 4 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ESET C:\Program Files (x86)\Freecorder\freecorder.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\Program Files (x86)\ICQ7.6\install_dll\OCSetupHlp.dll Win32/OpenCandy potentially unsafe application F:\GAMINGTHING\Backup Set 2014-09-14 190001\Backup Files 2014-09-14 190001\Backup files 9.zip a variant of Win32/Conduit.SearchProtect.N potentially unwanted application F:\GAMINGTHING\Backup Set 2014-09-14 190001\Backup Files 2014-10-05 194438\Backup files 1.zip a variant of Win32/Conduit.SearchProtect.N potentially unwanted application F:\GAMINGTHING\Backup Set 2014-10-29 215346\Backup Files 2014-10-29 215346\Backup files 8.zip a variant of Win32/Conduit.SearchProtect.N potentially unwanted application F:\GAMINGTHING\Backup Set 2014-11-30 194651\Backup Files 2014-11-30 194651\Backup files 8.zip a variant of Win32/Conduit.SearchProtect.N potentially unwanted application RKreport RogueKiller V10.0.9.0 (x64) [Dec 8 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Ben [Administrator] Mode : Scan -- Date : 12/10/2014 22:43:10 ¤¤¤ Processes : 3 ¤¤¤ [Tr.Zeus] mbamservice.exe -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[7] -> Killed [TermProc] [suspicious.Path] JogoBoxService.exe -- C:\Users\Ben\AppData\Local\JogoBox\JogoBoxService.exe[7] -> Killed [TermProc] [suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\Ben\AppData\Local\Temp\ALSysIO64.sys[x] -> Stopped ¤¤¤ Registry : 16 ¤¤¤ [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2124055293-823835824-744022225-1000\Software\Microsoft\Windows\CurrentVersion\Run | icq : C:\Users\Ben\AppData\Roaming\ICQM\icq.exe -CU -> Found [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2124055293-823835824-744022225-1000\Software\Microsoft\Windows\CurrentVersion\Run | icq : C:\Users\Ben\AppData\Roaming\ICQM\icq.exe -CU -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\Ben\AppData\Local\Temp\ALSysIO64.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TWEService (C:\Users\Ben\AppData\Local\JogoBox\JogoBoxService.exe) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\Ben\AppData\Local\Temp\ALSysIO64.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TWEService (C:\Users\Ben\AppData\Local\JogoBox\JogoBoxService.exe) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\Ben\AppData\Local\Temp\ALSysIO64.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TWEService (C:\Users\Ben\AppData\Local\JogoBox\JogoBoxService.exe) -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2124055293-823835824-744022225-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2124055293-823835824-744022225-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2124055293-823835824-744022225-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2124055293-823835824-744022225-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 1 ¤¤¤ [suspicious.Path] \\{52E980B3-0160-4E3E-9BE7-05FBC4463556} -- C:\Users\Ben\Desktop\Chip's Challenge\Chips\CHIPS.EXE -> Found ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 30 (Driver: Loaded) ¤¤¤ [iAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7720010a (jmp 0x15d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7720010a (jmp 0x15ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7720010a (jmp 0x15ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x7720010a (jmp 0x15eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7720010a (jmp 0x15e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7720010a (jmp 0x15ee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x7720010a (jmp 0x15ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7720010a (jmp 0x15e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7720010a (jmp 0x15dc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7720010a (jmp 0x15ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7720010a (jmp 0x15ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7720010a (jmp 0x15e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x7720010a (jmp 0x15f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7720010a (jmp 0x15e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7720010a (jmp 0x15ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7720010a (jmp 0x15e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7720010a (jmp 0x15e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7720010a (jmp 0x15e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x7720010a (jmp 0x15e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x7720010a (jmp 0x15e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x7720010a (jmp 0x15e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7720010a (jmp 0x15e6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x7720010a (jmp 0x15ec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x7720010a (jmp 0x15e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7720010a (jmp 0x15d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7720010a (jmp 0x15e980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7720010a (jmp 0x15de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7720010a (jmp 0x15d700|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x7720010a (jmp 0x15e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7720010a (jmp 0x15e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: C300-CTFDDAC128MAG +++++ --- User --- [MBR] 9b97a86009fadbb761ddf24a1d94b526 [bSP] 4d43334c3e35eb2718c448d36aa82c78 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD1002FAEX-00Y9A0 +++++ --- User --- [MBR] c85d30c6fead456813654656c8ba277c [bSP] 066a7dac8d5e18617344eb5ae19aa4dd : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB User = LL1 ... OK User = LL2 ... OK FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2014 01 Ran by Ben (administrator) on GAMINGTHING on 10-12-2014 22:44:40 Running from C:\Users\Ben\Desktop Loaded Profile: Ben (Available profiles: Ben) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Hi-Rez Studios) F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Dropbox, Inc.) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe () C:\Program Files\Core Temp\Core Temp.exe (Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Applian Technologies, Inc.) C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [Freecorder FLV Service] => C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936 2011-03-24] (Applian Technologies, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [Google Update] => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.) HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [icq] => C:\Users\Ben\AppData\Roaming\ICQM\icq.exe [26599784 2013-02-03] (ICQ) HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung) HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung) HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\RunOnce: [Adobe Speed Launcher] => 1418269152 Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTemp GT.lnk ShortcutTarget: RealTemp GT.lnk -> C:\Program Files (x86)\RealTemp_360\RealTempGT.exe (uWebb Software) Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows7FirewallControl.lnk ShortcutTarget: Windows7FirewallControl.lnk -> C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2124055293-823835824-744022225-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: @talk.google.com/O1DPlugin -> C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Ben\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Ben\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\canoonet.xml FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\grooveshark.xml FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\imdb.xml FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\leo-deu-eng.xml FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\metager.xml FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\minecraft-wiki-en.xml FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\youtube-video-search.xml FF Extension: German Dictionary - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08] FF Extension: British English Dictionary - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-04-28] FF Extension: United States English Spellchecker - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-04-01] FF Extension: Dictionnaire français «Moderne» - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\fr-moderne@dictionaries.addons.mozilla.org [2011-10-08] FF Extension: MinimizeToTray revived (MinTrayR) - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\mintrayr@tn123.ath.cx [2012-11-26] FF Extension: GMX MailCheck - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\toolbar@gmx.net [2014-12-10] FF Extension: DownloadHelper - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09] FF Extension: FoxClocks - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-24] FF Extension: DivX Web Player - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-10-15] FF Extension: Hilarious Webcomic Manager - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\hilarious@axnjaxn.com.xpi [2012-01-07] FF Extension: Translate This! - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2012-08-14] FF Extension: Enhanced Steam - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2014-10-30] FF Extension: The Addon Bar (restored) - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-05-02] FF Extension: Minimize On Start and Close - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\{480adee0-f020-4fef-917d-b05502b17aaf}.xpi [2011-04-28] FF Extension: Adblock Plus - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-29] FF Extension: DownThemAll! - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-30] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-29] FF Extension: No Name - wrc@avast.com [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://start.icq.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Angry Birds) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-02-09] CHR Extension: (Beautiful landscape) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2012-09-29] CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-05] CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17] CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-02] CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17] CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01] CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17] CHR HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-18] CHR StartMenuInternet: Google Chrome - C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software) S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-04-30] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed] U2 HiPatchService; F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-08-15] (Hi-Rez Studios) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5405456 2014-11-12] (TeamViewer GmbH) S2 TWEService; C:\Users\Ben\AppData\Local\JogoBox\JogoBoxService.exe [150032 2013-08-14] () R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [610816 2011-04-06] (Sphinx Software) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-18] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-18] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-18] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-18] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-18] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-18] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-08-14] () S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-08-14] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 WinRing0_1_2_0; C:\Program Files (x86)\RealTemp_360\WinRing0x64.sys [14544 2011-05-04] (OpenLibSys.org) S3 ALSysIO; \??\C:\Users\Ben\AppData\Local\Temp\ALSysIO64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 22:44 - 2014-12-10 22:44 - 00022211 _____ () C:\Users\Ben\Desktop\FRST.txt 2014-12-10 22:41 - 2014-12-10 22:41 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-12-10 22:41 - 2014-12-10 22:41 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-12-10 22:40 - 2014-12-10 22:40 - 18315864 _____ () C:\Users\Ben\Desktop\RogueKillerX64.exe 2014-12-10 19:05 - 2014-12-10 19:05 - 02347384 _____ (ESET) C:\Users\Ben\Desktop\esetsmartinstaller_enu.exe 2014-12-10 18:46 - 2014-12-10 18:46 - 02166272 _____ () C:\Users\Ben\Desktop\AdwCleaner.exe 2014-12-07 11:19 - 2014-12-07 11:19 - 00001401 _____ () C:\Users\Ben\Desktop\Malware Issue - Shortcut.lnk 2014-12-04 22:50 - 2014-12-10 22:44 - 00000000 ____D () C:\FRST 2014-12-04 18:45 - 2014-12-10 18:32 - 02119680 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe 2014-12-04 18:45 - 2014-12-04 18:45 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Ben\Desktop\tdsskiller.exe 2014-12-03 22:25 - 2014-12-03 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-03 22:25 - 2014-12-03 22:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-12-02 21:45 - 2014-12-10 18:53 - 00000000 ____D () C:\AdwCleaner 2014-11-22 20:22 - 2014-11-22 20:22 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2014-11-18 18:35 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 18:35 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-18 18:35 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-18 18:35 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-18 18:28 - 2014-11-18 18:28 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-11-18 18:28 - 2014-11-18 18:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-11-12 18:03 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-11-12 18:03 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-11-12 18:03 - 2012-02-11 01:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2014-11-12 18:03 - 2012-02-11 01:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe 2014-11-11 19:21 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-11 19:21 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-11-11 19:06 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-11-11 19:06 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-11-11 19:06 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-11-11 19:06 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-11-11 19:02 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-11-11 19:02 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-11-11 19:02 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-11-11 19:02 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-11-11 19:02 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-11-11 19:02 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-11-11 19:02 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-11-11 19:02 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-11-11 19:02 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-11-11 19:02 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-11-11 19:02 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-11-11 19:02 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-11-11 19:02 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-11-11 19:02 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-11-11 19:02 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-11-11 19:02 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-11-11 18:58 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-11 18:58 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-11 18:58 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2014-11-11 18:58 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2014-11-11 18:54 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-11-11 18:54 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-11-11 18:54 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-11-11 18:54 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-11-11 18:54 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-11-11 18:54 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-11-11 18:54 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-11-11 18:54 - 2012-06-02 09:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-11-11 18:49 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-11-11 18:49 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-11-11 18:48 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-11 18:48 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-11 18:48 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-11-11 18:48 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-11-11 18:48 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-11-11 18:48 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-11-11 18:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-11-11 18:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-11-11 18:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-11-11 18:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-11-11 18:48 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-11-11 18:48 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-11-11 18:48 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-11-11 18:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-11-11 18:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-11-11 18:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-11-11 18:48 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-11-11 18:48 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-11-11 18:48 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-11 18:48 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-11 18:48 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-11-11 18:48 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-11-11 18:48 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-11-11 18:48 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-11-11 18:48 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-11-11 18:48 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-11-11 18:48 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-11-11 18:48 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-11-11 18:48 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-11-11 18:48 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-11-11 18:48 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-11-11 18:48 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-11-11 18:48 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-11-11 18:48 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-11-11 18:48 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-11-11 18:48 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-11-11 18:48 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-11-11 18:48 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-11-11 18:48 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-11-11 18:48 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-11-11 18:48 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-11-11 18:48 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-11-11 18:48 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-11-11 18:48 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-11-11 18:48 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-11-11 18:48 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-11-11 18:48 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-11-11 18:48 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-11-11 18:48 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-11-11 18:48 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-11-11 18:48 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-11-11 18:48 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-11-11 18:48 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-11-11 18:48 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-11-11 18:48 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-11-11 18:48 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll 2014-11-11 18:48 - 2012-12-07 08:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2014-11-11 18:48 - 2012-12-07 08:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2014-11-11 18:48 - 2012-12-07 07:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2014-11-11 18:48 - 2012-12-07 07:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2014-11-11 18:48 - 2012-12-07 06:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs 2014-11-11 18:48 - 2012-12-07 06:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs 2014-11-11 18:48 - 2012-12-07 06:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs 2014-11-11 18:48 - 2012-12-07 06:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs 2014-11-11 18:48 - 2012-12-07 06:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs 2014-11-11 18:48 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs 2014-11-11 18:48 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs 2014-11-11 18:48 - 2012-12-07 06:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs 2014-11-11 18:48 - 2012-12-07 06:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2014-11-11 18:48 - 2012-12-07 06:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs 2014-11-11 18:48 - 2012-12-07 06:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs 2014-11-11 18:48 - 2012-12-07 06:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs 2014-11-11 18:48 - 2012-12-07 06:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs 2014-11-11 18:48 - 2012-12-07 06:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs 2014-11-11 18:48 - 2012-12-07 05:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs 2014-11-11 18:48 - 2012-10-09 13:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll 2014-11-11 18:48 - 2012-10-09 13:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2014-11-11 18:48 - 2012-10-09 12:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2014-11-11 18:48 - 2012-10-09 12:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2014-11-11 18:48 - 2012-10-03 12:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2014-11-11 18:48 - 2012-10-03 12:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2014-11-11 18:48 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2014-11-11 18:48 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2014-11-11 18:48 - 2012-10-03 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2014-11-11 18:48 - 2012-10-03 12:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2014-11-11 18:48 - 2012-10-03 11:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2014-11-11 18:48 - 2012-10-03 11:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2014-11-11 18:48 - 2012-10-03 11:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2014-11-11 18:48 - 2012-10-03 11:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2014-11-11 18:48 - 2012-08-22 13:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2014-11-11 18:48 - 2012-08-21 16:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe 2014-11-11 18:48 - 2012-07-04 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys 2014-11-11 18:48 - 2012-05-01 00:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2014-11-11 18:48 - 2012-01-13 02:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2014-11-11 18:35 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-11 18:35 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-11 18:35 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-11 18:35 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-11 18:35 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-11 18:35 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-11 18:35 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-11 18:35 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-11 18:35 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-11 18:35 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-11 18:35 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-11 18:35 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-11-11 18:35 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-11-11 18:35 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-11-11 18:35 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-11-11 18:35 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-11-11 18:35 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-11-11 18:35 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2014-11-11 18:34 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-11 18:34 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 18:34 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-11 18:34 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-11 18:34 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 18:34 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-11 18:34 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 18:34 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 18:34 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 18:34 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 18:34 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-11 18:34 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-11 18:34 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 18:34 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-11 18:34 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 18:34 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-11 18:34 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-11 18:34 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-11 18:34 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-11 18:34 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-11 18:34 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-11 18:34 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-11 18:34 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-11 18:34 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-11 18:34 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 18:34 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-11 18:34 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-11 18:34 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 18:34 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-11 18:34 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 18:34 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-11 18:34 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 18:34 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-11 18:34 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-11 18:34 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 18:34 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-11 18:34 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-11 18:34 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-11 18:34 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-11 18:34 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 18:34 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 18:34 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-11 18:34 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-11 18:34 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-11 18:34 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-11 18:34 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-11-11 18:34 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-11-11 18:34 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-11-11 18:33 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-11-11 18:33 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-11-11 18:33 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-11 18:33 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-11 18:33 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-11-11 18:32 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-11 18:32 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-11 18:32 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-11 18:32 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-11 18:32 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-11 18:32 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-11 18:32 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-11 18:32 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-11 18:32 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-11 18:32 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-11 18:32 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-11 18:32 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-11 18:32 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-11 18:32 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-11 18:32 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-11 18:32 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-11 18:32 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-11 18:32 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-11 18:32 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-11 18:32 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-11 18:32 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-11 18:32 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-11 18:32 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-11 18:32 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-11 18:32 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-11 18:32 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-11 18:32 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-11 18:32 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-11 18:32 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-11 18:32 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-11 18:32 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-11 18:32 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-11 18:32 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-11 18:32 - 2013-01-24 01:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2014-11-11 18:32 - 2012-05-05 03:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-11-11 18:32 - 2012-05-05 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-11-11 18:31 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-11 18:31 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-11 18:31 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 18:30 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-11 18:30 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-10 18:51 - 2014-11-10 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 22:44 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-10 22:41 - 2011-04-29 06:32 - 01130914 _____ () C:\Windows\WindowsUpdate.log 2014-12-10 22:39 - 2014-04-22 18:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-10 22:39 - 2013-02-04 22:15 - 00000000 ___RD () C:\Users\Ben\Google Drive 2014-12-10 22:39 - 2012-01-15 11:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-10 22:39 - 2011-04-28 20:56 - 00000000 ____D () C:\Users\Ben\AppData\Local\LogMeIn Hamachi 2014-12-10 22:39 - 2011-04-28 20:21 - 00000000 ___RD () C:\Users\Ben\Dropbox 2014-12-10 22:39 - 2011-04-28 20:21 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Dropbox 2014-12-10 22:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-10 22:38 - 2009-07-13 23:51 - 00172437 _____ () C:\Windows\setupact.log 2014-12-10 22:21 - 2011-05-21 11:32 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2124055293-823835824-744022225-1000UA.job 2014-12-10 21:57 - 2012-07-18 07:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-10 21:52 - 2012-01-15 11:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-10 19:57 - 2012-07-18 07:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 19:57 - 2012-04-10 17:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 19:57 - 2011-05-13 22:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 19:00 - 2009-07-13 23:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-10 19:00 - 2009-07-13 23:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-10 18:53 - 2011-04-29 07:02 - 00288962 _____ () C:\Windows\PFRO.log 2014-12-10 18:30 - 2014-10-12 15:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 18:28 - 2012-07-04 06:57 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-12-07 19:59 - 2011-04-28 20:25 - 00000000 ____D () C:\Users\Ben\Installers 2014-12-07 19:57 - 2011-08-06 21:24 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\.minecraft 2014-12-04 22:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-04 18:38 - 2014-04-22 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-04 18:38 - 2014-04-22 18:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-03 22:39 - 2013-07-07 20:16 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uTorrent 2014-12-02 21:47 - 2011-10-05 17:26 - 00000000 ____D () C:\ProgramData\ICQ 2014-11-23 14:21 - 2011-05-21 11:32 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2124055293-823835824-744022225-1000Core.job 2014-11-23 09:05 - 2011-04-29 07:02 - 00065584 _____ () C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-23 09:03 - 2009-07-13 23:45 - 00299728 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-22 20:22 - 2012-07-01 11:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-11-22 18:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-11-21 19:52 - 2011-04-30 12:56 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2014-11-21 19:52 - 2011-04-30 12:56 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2014-11-21 18:46 - 2011-04-29 06:55 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-11-21 06:14 - 2014-04-22 18:13 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-04-22 18:13 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-04-22 18:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-18 18:28 - 2014-04-22 18:32 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-11-18 18:28 - 2014-01-07 07:57 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-11-18 18:28 - 2013-03-05 18:14 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-11-18 18:28 - 2013-03-05 18:14 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-11-18 18:28 - 2012-02-24 18:28 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-11-18 18:28 - 2011-04-29 06:55 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-11-18 18:28 - 2011-04-29 06:55 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2014-11-17 20:23 - 2011-04-28 21:17 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Skype 2014-11-16 17:13 - 2014-05-02 15:35 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Guild Wars 2 2014-11-15 14:16 - 2011-05-21 11:32 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2124055293-823835824-744022225-1000UA 2014-11-15 14:16 - 2011-05-21 11:32 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2124055293-823835824-744022225-1000Core 2014-11-14 19:47 - 2012-01-15 11:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-14 19:47 - 2012-01-15 11:57 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-14 18:47 - 2011-04-28 20:21 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-13 18:51 - 2011-10-05 17:19 - 00000000 ____D () C:\Program Files (x86)\ICQ7.6 2014-11-11 20:20 - 2011-08-30 21:53 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-11-11 19:16 - 2011-04-29 07:07 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Mozilla 2014-11-11 19:09 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-11 19:08 - 2012-04-28 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 19:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-11-11 19:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-11-11 19:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-11-11 19:04 - 2011-07-11 17:53 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-11 18:53 - 2013-08-14 22:33 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-11 18:50 - 2011-05-01 17:13 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Ben\AppData\Local\Temp\dllnt_dump.dll C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmiyn3y.dll C:\Users\Ben\AppData\Local\Temp\Quarantine.exe C:\Users\Ben\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 18:41 ==================== End Of Log ============================ Addition.txt FRST.txt
  9. Thank you, I will perform these steps on my Win 7 machine after work tonight as soon as I can. I'll reset my browsers after Step 6 (Farbar scans). My Vista machine has been running for 25 minutes this morning, so far Malwarebytes didn't block any IPs. Have a good day, Ben
  10. Hi Adam, On the Win8.1, I reset IE, Firefox and Chrome. I couldn't find the exact files for the Opera reset, only the cache, so I deleted that and uninstalled Opera completely. Then I ran ESET which didn't find any threats, so it didn't create a log. On my Vista machine, I browsed around all kinds of websites in Firefox and Chrome. I didn't encounter any pop-ups, no windows or tabs to dubious websites were opened, and no website I was on suddenly changed to a dubious one so far. The only thing I noticed was Malwarebytes blocking these IPs shortly after I had switched on the laptop (full protection log attached), I had only Skype open at that time, no browsers yet: Detection, 09/12/2014 18:19:35, SYSTEM, BLACKEMPEROR, Protection, Malicious Website Protection, IP, 5.150.195.167, 0427d7.se, 0, Outbound, Detection, 09/12/2014 18:19:37, SYSTEM, BLACKEMPEROR, Protection, Malicious Website Protection, IP, 93.115.87.53, tukif.com, 0, Outbound, Detection, 09/12/2014 18:19:42, SYSTEM, BLACKEMPEROR, Protection, Malicious Website Protection, IP, 119.145.147.181, mama.cn, 0, Outbound, Detection, 09/12/2014 18:19:43, SYSTEM, BLACKEMPEROR, Protection, Malicious Website Protection, IP, 91.202.63.160, movie4k.to, 0, Outbound, Detection, 09/12/2014 18:20:00, SYSTEM, BLACKEMPEROR, Protection, Malicious Website Protection, IP, 67.212.88.146, kickass.to, 0, Outbound, Please let me know what that means, and what our next step should be. Tomorrow night, I will do some more browsing on the Win 8.1 machine, unless you tell me otherwise. Do you think it's safe to use these laptops with other people's WiFi or is there any risk? As you can see I'm rather clueless about the real extent of whatever has been pestering me. Thanks and good night, Ben MBAM20141209_Vista.txt
  11. Sorry for the messed up formatting, I attached the FRST log for the 8.1 here. Thanks for your replies. I'll do some more browsing on the Vista machine tomorrow night. I used it a bit today and didn't notice any redirects or other issues, apart from general slowness, but I'm pretty sure it was like this before (due to running Vista on a 5 year old, cheap laptop). And thanks a lot in general for your continued support. I really appreciate your help. Good night, Ben FRST.txt
  12. Hi Adam, I followed all your steps on my Win 8.1 machine and posted the logs below. Could you please quickly address these questions, unless it's it too early to make any assumptions: Concerning the Vista machine, should I do some extensive browsing to see if the redirects still keep happening? Do you consider it possible that my machines cross-infect each other once one has been "cleaned"? I'm still not sure how it could happen that all my machines started showing the same issues in short succession. Is there still the possibility that my router is somehow infected? On with the Win 8.1 logs now. The forum considers my post too long, so I attached Addition.txt instead. fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2014 Ran by Benjamin at 2014-12-08 18:30:02 Run:1 Running from C:\Users\Benjamin\Desktop Loaded Profiles: Benjamin & (Available profiles: Benjamin & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKLM-x32\...\Run: [] => [X] ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File SearchScopes: HKU\S-1-5-21-137688557-3577635493-2510575898-1002 -> DefaultScope {3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F} URL = SearchScopes: HKU\S-1-5-21-137688557-3577635493-2510575898-1002 -> {3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F} URL = Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} FF Extension: No Name - wrc@avast.com [Not Found] CHR HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path C:\Users\Benjamin\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe C:\Users\Benjamin\AppData\Local\Temp\AutoRun.exe C:\Users\Benjamin\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Benjamin\AppData\Local\Temp\bridj.dll1400041389159444002.dll C:\Users\Benjamin\AppData\Local\Temp\bridj.dll4930453768109546992.dll C:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfex1th.dll C:\Users\Benjamin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Benjamin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Benjamin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Benjamin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Benjamin\AppData\Local\Temp\sfamcc00001.dll C:\Users\Benjamin\AppData\Local\Temp\sfareca00001.dll C:\Users\Benjamin\AppData\Local\Temp\sfextra.dll C:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exe CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File CMD: ipconfig /flushdns CMD: netsh winsock reset all Hosts: EmptyTemp: end ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => Key deleted successfully. "HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => Key deleted successfully. "HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => Key deleted successfully. "HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => Key deleted successfully. "HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => Key deleted successfully. HKU\S-1-5-21-137688557-3577635493-2510575898-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-137688557-3577635493-2510575898-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F}" => Key deleted successfully. "HKCR\CLSID\{3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => Key not found. FF Extension: No Name - wrc@avast.com [Not Found] not found. "HKU\S-1-5-21-137688557-3577635493-2510575898-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully. C:\Users\Benjamin\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\AutoRun.exe => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\bridj.dll1400041389159444002.dll => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\bridj.dll4930453768109546992.dll => Moved successfully. "C:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfex1th.dll" => File/Directory not found. C:\Users\Benjamin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\sfamcc00001.dll => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\sfareca00001.dll => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\sfextra.dll => Moved successfully. C:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. "HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully. "HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully. "HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 6 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== AdwCleaner[s0] # AdwCleaner v4.105 - Report created 08/12/2014 at 18:59:27 # Updated 08/12/2014 by Xplode # Database : 2014-12-08.2 [Live] # Operating System : Windows 8.1 (64 bits) # Username : Benjamin - G505S # Running from : C:\Users\Benjamin\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v33.1.1 (x86 en-US) -\\ Google Chrome v39.0.2171.71 [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} -\\ Opera v26.0.1656.32 [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [2342 octets] - [08/12/2014 18:55:17] AdwCleaner[s0].txt - [2917 octets] - [08/12/2014 18:59:27] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2977 octets] ########## JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 8.1 x64 Ran by Benjamin on 08-Dec-14 at 19:04:29.59 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\Benjamin\AppData\Roaming\mozilla\firefox\profiles\6a2wnf6n.default-1416363965997\extensions\toolbar@gmx.net ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08-Dec-14 at 19:17:14.31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MBAM Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08-Dec-14 Scan Time: 19:47:10 Logfile: MBAM.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.09.01 Rootkit Database: v2014.12.08.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Benjamin Scan Type: Threat Scan Result: Completed Objects Scanned: 393082 Time Elapsed: 28 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) RKreport RogueKiller V10.0.9.0 (x64) [Dec 8 2014] by Adlice Software mail : http://lenovo13.msn.com -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com -> Found [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 30 (Driver: Loaded) ¤¤¤ [iAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012d310|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e480|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e870|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e7e0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e800|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012eab0|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012db70|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012de10|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e960|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e9a0|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012ece0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e150|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012db40|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e1c0|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e1a0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012db80|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012eaa0|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e940|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e2f0|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e250|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e850|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012dbd0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012d430|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012d700|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012de10|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e590|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012d160|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012d970|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e590|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0) [iAT:Inl] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012dc50|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD50 00LPVT-24G33T1 SATA Disk Device +++++ --- User --- [MBR] 40f9eebd2ef9e0348dce1abd499a1ac4 [bSP] 7a384ea0e40be9768fdb600a45317de5 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB User = LL1 ... OK User = LL2 ... OK FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2014 Ran by Benjamin (administrator) on G505S on 08-12-2014 20:36:36 Running from C:\Users\Benjamin\Desktop Loaded Profile: Benjamin (Available profiles: Benjamin & Guest) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst- tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Dropbox, Inc.) C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Users\Benjamin\Desktop\RogueKillerX64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-09-02] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-09-02] (Lenovo(beijing) Limited) HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent \cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.) HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer \MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update \HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update \jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static \amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-08] (AVAST Software) HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] ( (Qualcomm®Atheros®)) HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Run: [Google Update] => C:\Users\Benjamin \AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-23] (Google Inc.) HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin \hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup \Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer \Main,Default_Page_URL = http://lenovo13.msn.com HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer \Main,Secondary Start Pages = http://home.lenovo.com HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer \Main,Default_Secondary_Page_URL = http://home.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files \Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files \Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files \AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default- 1416363965997 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin \npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin \plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight \5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash \NPSWF32_15_0_0_239.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin \dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java \jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight \5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update \1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update \1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @talk.google.com/O1DPlugin -> C: \Users\Benjamin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins \npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default- 1416363965997\searchplugins\leo-eng-deu-v20.xml FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default- 1416363965997\searchplugins\minecraft-wiki-en.xml FF Extension: Hilarious Webcomic Manager - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox \Profiles\6a2wnf6n.default-1416363965997\Extensions\hilarious@axnjaxn.com.xpi [2014-11-18] FF Extension: Minimize On Start and Close - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox \Profiles\6a2wnf6n.default-1416363965997\Extensions\{480adee0-f020-4fef-917d-b05502b17aaf}.xpi [2014-11-18] FF Extension: Adblock Plus - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles \6a2wnf6n.default-1416363965997\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11- 18] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast \WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10- 30] FF Extension: No Name - wrc@avast.com [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://start.icq.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Angry Birds) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default \Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-27] CHR Extension: (Beautiful landscape) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data \Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-03-27] CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default \Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23] CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default \Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Benjamin\AppData\Local\Google \Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-06] CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default \Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23] CHR Extension: (Adblock Plus) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default \Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-29] CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default \Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23] CHR Extension: (Avast Online Security) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data \Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-05] CHR Extension: (Google Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default \Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23] CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default \Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23] CHR HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-24] (Advanced Micro Devices, Inc.) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows ® Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-08] (AVAST Software) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11 -21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro \8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-18] (Stardock Software, Inc) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5405456 2014-11-12] (TeamViewer GmbH) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013 -09-02] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-24] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014 -02-11] (Advanced Micro Devices) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-08] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-08] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-08] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-08] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-08] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-08] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-08] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-24] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 20:36 - 2014-12-08 20:37 - 00020899 _____ () C:\Users\Benjamin\Desktop\FRST.txt 2014-12-08 20:26 - 2014-12-08 20:26 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-12-08 20:26 - 2014-12-08 20:26 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-12-08 20:23 - 2014-12-08 20:24 - 18315864 _____ () C:\Users\Benjamin\Desktop \RogueKillerX64.exe 2014-12-08 19:04 - 2014-12-08 19:04 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-12-08 19:03 - 2014-12-08 19:03 - 01707646 _____ (Thisisu) C:\Users\Benjamin\Desktop\JRT.exe 2014-12-08 18:55 - 2014-12-08 18:59 - 00000000 ____D () C:\AdwCleaner 2014-12-08 18:46 - 2014-12-08 18:45 - 00364512 _____ (AVAST Software) C:\WINDOWS \system32\aswBoot.exe 2014-12-08 18:45 - 2014-12-08 18:45 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-12-08 18:44 - 2014-12-08 18:44 - 02166272 _____ () C:\Users\Benjamin\Desktop\AdwCleaner.exe 2014-12-08 18:27 - 2014-12-08 18:27 - 02119680 _____ (Farbar) C:\Users\Benjamin\Desktop \FRST64.exe 2014-12-08 18:19 - 2014-12-08 18:19 - 00001434 _____ () C:\Users\Benjamin\Desktop\Malware Issue - Shortcut.lnk 2014-12-04 23:22 - 2014-12-08 20:36 - 00000000 ____D () C:\FRST 2014-12-03 07:50 - 2014-12-08 19:47 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS \system32\Drivers\MBAMSwissArmy.sys 2014-12-03 07:50 - 2014-12-03 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-03 07:50 - 2014-12-03 07:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-03 07:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS \system32\Drivers\mbamchameleon.sys 2014-12-03 07:50 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS \system32\Drivers\mwac.sys 2014-12-03 07:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS \system32\Drivers\mbam.sys 2014-11-19 08:04 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS \system32\kerberos.dll 2014-11-19 08:04 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\kerberos.dll 2014-11-19 08:04 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS \system32\pku2u.dll 2014-11-19 08:04 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\pku2u.dll 2014-11-18 21:26 - 2014-11-18 21:26 - 00000000 ____D () C:\Users\Benjamin\Desktop\Old Firefox Data 2014-11-17 20:54 - 2014-11-17 20:54 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2014-11-15 20:21 - 2014-11-15 20:21 - 00000000 __SHD () C:\found.000 2014-11-11 18:51 - 2014-11-20 15:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS \SysWOW64\FlashPlayerApp.exe 2014-11-11 18:51 - 2014-11-20 15:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS \SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 18:21 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS \system32\mshtml.dll 2014-11-11 18:21 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\mshtml.dll 2014-11-11 18:20 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS \system32\ieframe.dll 2014-11-11 18:20 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\ieframe.dll 2014-11-11 18:19 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS \system32\wextract.exe 2014-11-11 18:19 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS \system32\mshta.exe 2014-11-11 18:19 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS \system32\iexpress.exe 2014-11-11 18:19 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS \system32\pngfilt.dll 2014-11-11 18:19 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS \system32\msfeedssync.exe 2014-11-11 18:19 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS \system32\vbscript.dll 2014-11-11 18:19 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS \system32\url.dll 2014-11-11 18:19 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS \system32\iesetup.dll 2014-11-11 18:19 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS \system32\ieetwproxystub.dll 2014-11-11 18:19 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS \system32\iertutil.dll 2014-11-11 18:19 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS \system32\html.iec 2014-11-11 18:19 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS \system32\MshtmlDac.dll 2014-11-11 18:19 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS \system32\jsproxy.dll 2014-11-11 18:19 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS \system32\iernonce.dll 2014-11-11 18:19 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS \system32\IEAdvpack.dll 2014-11-11 18:19 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS \system32\ieui.dll 2014-11-11 18:19 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS \system32\hlink.dll 2014-11-11 18:19 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS \system32\jscript.dll 2014-11-11 18:19 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS \system32\ieUnatt.exe 2014-11-11 18:19 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS \system32\ieetwcollector.exe 2014-11-11 18:19 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS \system32\jscript9.dll 2014-11-11 18:19 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS \system32\jscript9diag.dll 2014-11-11 18:19 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS \system32\licmgr10.dll 2014-11-11 18:19 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS \system32\dxtmsft.dll 2014-11-11 18:19 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS \system32\JavaScriptCollectionAgent.dll 2014-11-11 18:19 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS \system32\iesysprep.dll 2014-11-11 18:19 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS \system32\tdc.ocx 2014-11-11 18:19 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS \system32\inseng.dll 2014-11-11 18:19 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS \system32\msrating.dll 2014-11-11 18:19 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS \system32\mshtmled.dll 2014-11-11 18:19 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS \system32\msfeedsbs.dll 2014-11-11 18:19 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS \system32\iepeers.dll 2014-11-11 18:19 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS \system32\dxtrans.dll 2014-11-11 18:19 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS \system32\occache.dll 2014-11-11 18:19 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS \system32\inetcomm.dll 2014-11-11 18:19 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS \system32\webcheck.dll 2014-11-11 18:19 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS \system32\iedkcs32.dll 2014-11-11 18:19 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS \system32\msfeeds.dll 2014-11-11 18:19 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS \system32\ie4uinit.exe 2014-11-11 18:19 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS \system32\inetcpl.cpl 2014-11-11 18:19 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS \system32\wininet.dll 2014-11-11 18:19 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS \system32\actxprxy.dll 2014-11-11 18:19 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS \system32\imgutil.dll 2014-11-11 18:19 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS \system32\urlmon.dll 2014-11-11 18:19 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\wextract.exe 2014-11-11 18:19 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\mshta.exe 2014-11-11 18:19 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\iexpress.exe 2014-11-11 18:19 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\pngfilt.dll 2014-11-11 18:19 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\msfeedssync.exe 2014-11-11 18:19 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\vbscript.dll 2014-11-11 18:19 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\url.dll 2014-11-11 18:19 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\iesetup.dll 2014-11-11 18:19 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\html.iec 2014-11-11 18:19 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\ieetwproxystub.dll 2014-11-11 18:19 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\MshtmlDac.dll 2014-11-11 18:19 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS \system32\ieapfltr.dll 2014-11-11 18:19 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\iertutil.dll 2014-11-11 18:19 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\jsproxy.dll 2014-11-11 18:19 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\iernonce.dll 2014-11-11 18:19 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\IEAdvpack.dll 2014-11-11 18:19 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\ieui.dll 2014-11-11 18:19 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\hlink.dll 2014-11-11 18:19 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\jscript.dll 2014-11-11 18:19 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\ieUnatt.exe 2014-11-11 18:19 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\jscript9diag.dll 2014-11-11 18:19 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\licmgr10.dll 2014-11-11 18:19 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\dxtmsft.dll 2014-11-11 18:19 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\JavaScriptCollectionAgent.dll 2014-11-11 18:19 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\inseng.dll 2014-11-11 18:19 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\iesysprep.dll 2014-11-11 18:19 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\tdc.ocx 2014-11-11 18:19 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\msrating.dll 2014-11-11 18:19 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\msfeedsbs.dll 2014-11-11 18:19 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\mshtmled.dll 2014-11-11 18:19 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\iepeers.dll 2014-11-11 18:19 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\dxtrans.dll 2014-11-11 18:19 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\occache.dll 2014-11-11 18:19 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\jscript9.dll 2014-11-11 18:19 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\inetcomm.dll 2014-11-11 18:19 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\webcheck.dll 2014-11-11 18:19 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\msfeeds.dll 2014-11-11 18:19 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\iedkcs32.dll 2014-11-11 18:19 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\inetcpl.cpl 2014-11-11 18:19 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\actxprxy.dll 2014-11-11 18:19 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\imgutil.dll 2014-11-11 18:19 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\wininet.dll 2014-11-11 18:19 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\urlmon.dll 2014-11-11 18:19 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\ieapfltr.dll 2014-11-11 18:19 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS \system32\Drivers\ksecpkg.sys 2014-11-11 18:19 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS \system32\Drivers\rdpvideominiport.sys 2014-11-11 18:19 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS \system32\Drivers\cng.sys 2014-11-11 18:19 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS \system32\adtschema.dll 2014-11-11 18:19 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS \system32\msaudite.dll 2014-11-11 18:19 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS \system32\rdpudd.dll 2014-11-11 18:19 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS \system32\rfxvmt.dll 2014-11-11 18:19 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS \system32\certcli.dll 2014-11-11 18:19 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\adtschema.dll 2014-11-11 18:19 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\msaudite.dll 2014-11-11 18:19 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\certcli.dll 2014-11-11 18:19 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS \system32\lsasrv.dll 2014-11-11 18:19 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS \system32\rdpcorets.dll 2014-11-11 18:19 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS \system32\win32k.sys 2014-11-11 18:19 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS \system32\ncryptsslp.dll 2014-11-11 18:19 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\ncryptsslp.dll 2014-11-11 18:19 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS \system32\schannel.dll 2014-11-11 18:19 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS \system32\dpapisrv.dll 2014-11-11 18:19 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\schannel.dll 2014-11-11 18:18 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS \system32\packager.dll 2014-11-11 18:18 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\packager.dll 2014-11-11 18:18 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS \system32\wuauclt.exe 2014-11-11 18:18 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS \system32\wups.dll 2014-11-11 18:18 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS \system32\wups2.dll 2014-11-11 18:18 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\wups.dll 2014-11-11 18:18 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS \system32\wuaext.dll 2014-11-11 18:18 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS \system32\wuaueng.dll 2014-11-11 18:18 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS \system32\wuapp.exe 2014-11-11 18:18 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS \system32\wuwebv.dll 2014-11-11 18:18 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS \system32\WUSettingsProvider.dll 2014-11-11 18:18 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS \system32\wudriver.dll 2014-11-11 18:18 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS \system32\wuapi.dll 2014-11-11 18:18 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS \system32\wucltux.dll 2014-11-11 18:18 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\wuwebv.dll 2014-11-11 18:18 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\wuapp.exe 2014-11-11 18:18 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\wudriver.dll 2014-11-11 18:18 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\wuapi.dll 2014-11-11 18:18 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS \system32\oleaut32.dll 2014-11-11 18:18 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\oleaut32.dll 2014-11-11 18:18 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS \system32\consent.exe 2014-11-11 18:18 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS \system32\msi.dll 2014-11-11 18:18 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\msi.dll 2014-11-11 18:18 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS \system32\appinfo.dll 2014-11-11 18:18 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS \system32\msihnd.dll 2014-11-11 18:18 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\msihnd.dll 2014-11-11 18:18 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS \system32\authui.dll 2014-11-11 18:18 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\authui.dll 2014-11-11 18:18 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS \system32\AudioSes.dll 2014-11-11 18:18 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS \system32\AudioEng.dll 2014-11-11 18:18 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS \system32\AUDIOKSE.dll 2014-11-11 18:18 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS \system32\audiodg.exe 2014-11-11 18:18 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS \system32\EncDump.dll 2014-11-11 18:18 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\AudioSes.dll 2014-11-11 18:18 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\AUDIOKSE.dll 2014-11-11 18:18 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\AudioEng.dll 2014-11-11 18:18 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS \system32\AudioEndpointBuilder.dll 2014-11-11 18:18 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS \system32\audiosrv.dll 2014-11-11 18:18 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS \system32\user32.dll 2014-11-11 18:18 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS \system32\Drivers\WdFilter.sys 2014-11-11 18:18 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS \system32\Drivers\WdNisDrv.sys 2014-11-11 18:18 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS \system32\Drivers\WdBoot.sys 2014-11-11 18:18 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\user32.dll 2014-11-11 18:18 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS \system32\Drivers\netio.sys 2014-11-11 18:18 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS \system32\Drivers\tcpip.sys 2014-11-11 18:18 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS \system32\Drivers\FWPKCLNT.SYS 2014-11-11 18:18 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS \system32\win32spl.dll 2014-11-11 18:18 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS \system32\localspl.dll 2014-11-11 18:18 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS \system32\mfmp4srcsnk.dll 2014-11-11 18:18 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\mfmp4srcsnk.dll 2014-11-11 18:18 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS \system32\puiobj.dll 2014-11-11 18:18 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\puiobj.dll 2014-11-11 18:18 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS \system32\winshfhc.dll 2014-11-11 18:18 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\winshfhc.dll 2014-11-11 18:18 - 2014-08-30 19:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS \system32\Drivers\USBSTOR.SYS 2014-11-11 18:18 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS \system32\shell32.dll 2014-11-11 18:18 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\shell32.dll 2014-11-11 18:18 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS \system32\FXSCOMEX.dll 2014-11-11 18:18 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS \system32\MFMediaEngine.dll 2014-11-11 18:18 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\MFMediaEngine.dll 2014-11-11 18:18 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS \system32\ntoskrnl.exe 2014-11-11 18:18 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS \system32\WsmSvc.dll 2014-11-11 18:18 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\WsmSvc.dll 2014-11-11 18:18 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS \system32\msxml3.dll 2014-11-11 18:18 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS \system32\twinui.dll 2014-11-11 18:18 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\twinui.dll 2014-11-11 18:18 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\msxml3.dll 2014-11-11 18:18 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS \system32\SettingsHandlers.dll 2014-11-11 18:18 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS \system32\untfs.dll 2014-11-11 18:18 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\untfs.dll 2014-11-11 18:17 - 2014-09-07 17:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-11-11 18:17 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS \system32\FXSAPI.dll 2014-11-11 18:17 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\FXSAPI.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 20:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-08 19:54 - 2014-04-19 09:33 - 00000918 _____ () C:\WINDOWS\Tasks \GoogleUpdateTaskMachineUA.job 2014-12-08 19:54 - 2013-12-23 16:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-08 19:54 - 2013-08-22 09:46 - 00351604 _____ () C:\WINDOWS\setupact.log 2014-12-08 19:51 - 2013-12-23 17:10 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1 -5-21-137688557-3577635493-2510575898-1002UA.job 2014-12-08 19:45 - 2013-12-23 15:15 - 00000000 ____D () C:\Users\Benjamin\AppData\Local \CrashDumps 2014-12-08 19:44 - 2014-10-19 11:46 - 00000000 ___RD () C:\Users\Benjamin\Google Drive 2014-12-08 19:44 - 2013-12-23 15:14 - 00000000 ___RD () C:\Users\Benjamin\Dropbox 2014-12-08 19:44 - 2013-12-23 15:12 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Dropbox 2014-12-08 19:43 - 2014-04-19 09:33 - 00000914 _____ () C:\WINDOWS\Tasks \GoogleUpdateTaskMachineCore.job 2014-12-08 19:43 - 2014-04-09 16:48 - 00000000 __RDO () C:\Users\Benjamin\SkyDrive 2014-12-08 19:43 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-08 19:42 - 2014-10-23 15:21 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin 2014-12-08 19:42 - 2013-09-02 12:55 - 00012800 _____ () C:\WINDOWS\system32\VfService.trf 2014-12-08 19:41 - 2013-12-23 12:36 - 13815850 _____ () C:\Users\Public\CAFADEBUG.log 2014-12-08 19:27 - 2014-01-07 22:34 - 01784618 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-08 19:00 - 2013-11-14 02:20 - 00048944 _____ () C:\WINDOWS\PFRO.log 2014-12-08 18:51 - 2013-12-23 17:10 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1 -5-21-137688557-3577635493-2510575898-1002Core.job 2014-12-08 18:47 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-08 18:46 - 2014-10-30 17:33 - 01050432 _____ (AVAST Software) C:\WINDOWS \system32\Drivers\aswsnx.sys 2014-12-08 18:46 - 2013-12-23 12:55 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-12-08 18:45 - 2014-10-30 17:33 - 00436624 _____ (AVAST Software) C:\WINDOWS \system32\Drivers\aswSP.sys 2014-12-08 18:45 - 2014-10-30 17:33 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-12-08 18:45 - 2014-10-30 17:33 - 00116728 _____ (AVAST Software) C:\WINDOWS \system32\Drivers\aswStm.sys 2014-12-08 18:45 - 2014-10-30 17:33 - 00093568 _____ (AVAST Software) C:\WINDOWS \system32\Drivers\aswRdr2.sys 2014-12-08 18:45 - 2014-10-30 17:33 - 00083280 _____ (AVAST Software) C:\WINDOWS \system32\Drivers\aswmonflt.sys 2014-12-08 18:45 - 2014-10-30 17:33 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-12-08 18:45 - 2014-08-04 19:52 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-12-08 18:15 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-08 08:24 - 2014-04-25 19:25 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Skype 2014-12-06 12:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-04 18:45 - 2013-12-22 17:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-137688557-3577635493-2510575898-1002 2014-12-03 21:20 - 2014-07-17 13:04 - 00003824 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405620264 2014-12-03 21:20 - 2014-07-17 13:04 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-12-03 21:20 - 2014-07-17 13:04 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-11-29 15:36 - 2013-12-23 15:16 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-11-28 09:42 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-11-25 22:54 - 2013-12-23 16:49 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-11-20 07:59 - 2013-12-22 17:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-20 07:59 - 2013-08-22 09:44 - 00362632 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-17 20:54 - 2014-05-24 17:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-11-16 08:37 - 2013-12-23 15:13 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming \Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-15 17:54 - 2013-12-22 17:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-14 22:37 - 2013-12-23 16:59 - 00000000 ____D () C:\ProgramData\Skype 2014-11-14 22:36 - 2014-10-27 21:09 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-11-14 18:49 - 2014-04-19 09:33 - 00003890 _____ () C:\WINDOWS\System32\Tasks \GoogleUpdateTaskMachineUA 2014-11-14 18:49 - 2014-04-19 09:33 - 00003654 _____ () C:\WINDOWS\System32\Tasks \GoogleUpdateTaskMachineCore 2014-11-14 18:46 - 2013-12-23 17:10 - 00003884 _____ () C:\WINDOWS\System32\Tasks \GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002UA 2014-11-14 18:46 - 2013-12-23 17:10 - 00003504 _____ () C:\WINDOWS\System32\Tasks \GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002Core 2014-11-11 21:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-11-11 18:54 - 2013-12-22 17:10 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Mozilla 2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming \Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming \Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-11 18:33 - 2013-12-23 13:52 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-11-11 18:25 - 2013-12-23 13:51 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS \system32\MRT.exe Some content of TEMP: ==================== C:\Users\Benjamin\AppData\Local\Temp\dllnt_dump.dll C:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84- 3e3e7ecf0d81}.tmppdman5.dll C:\Users\Benjamin\AppData\Local\Temp\Quarantine.exe C:\Users\Benjamin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-08 19:18 ==================== End Of Log ============================ Addition.txt
  13. Hi Adam, posting from my phone. The IDs were blocked starting at 18:23 on December 6th (see latest MBAM log in my previous post). At that moment, the only running programme was ESET, which had just started downloading virus definitions. No browser was open. I exclusively used the Vista machine to follow your instructions and post here. I didn't encounter any pop-ups or redirecting but didn't browse except for downloading the tools you told me too. My Win7 machine has been disconnected from the Internet for the last couple of days. I didn't use it. My Win8.1 machine still gets redirects, but I didn't encounter pop-ups lately. I'm trying not to use it as much but still have to. What would you suggest next? I will be traveling after December 15th and will need to bring my Win8.1 laptop with me for work. But I don't want to infect my family's networks and devices. Thanks, Ben
  14. Hi Adam, I manually deleted the three files you pointed out. Here are the latest FRST logs, and the MBAM protection log is attached. Thanks,, Ben FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01 Ran by Benjamin (administrator) on BLACKEMPEROR on 07-12-2014 09:46:39 Running from C:\Users\Benjamin\desktop Loaded Profile: Benjamin (Available profiles: Benjamin & Mcx1 & Guest) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Sony Corporation) C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Dropbox, Inc.) C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.) HKLM\...\Run: [updateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [updateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [updatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-31] (AVAST Software) Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-846818328-320699065-2579942663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\xhefu3h3.default-1417903410248 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-846818328-320699065-2579942663-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-846818328-320699065-2579942663-1000: @talk.google.com/O1DPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-846818328-320699065-2579942663-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-846818328-320699065-2579942663-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-12-05] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-18] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-20] Chrome: ======= CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll No File CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File CHR Plugin: (Google Update) - C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Quickrr World Clock) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnbnekhpkkfaobjalnhdoofajkghidp [2012-04-12] CHR Extension: (Angry Birds) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-02-05] CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04] CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-12] CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-12] CHR Extension: (AdBlock) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-04-12] CHR Extension: (Avast Online Security) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-18] CHR Extension: (Google Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-12] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-29] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-29] (AVAST Software) R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-29] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-10-31] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-10-29] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-10-29] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-10-29] () S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) S3 catchme; \??\C:\Users\Benjamin\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 09:46 - 2014-12-07 09:47 - 00017875 _____ () C:\Users\Benjamin\desktop\FRST.txt 2014-12-07 09:46 - 2014-12-07 09:46 - 00000000 ____D () C:\Users\Benjamin\desktop\FRST-OlderVersion 2014-12-06 18:21 - 2014-12-06 18:21 - 02347384 _____ (ESET) C:\Users\Benjamin\desktop\esetsmartinstaller_enu.exe 2014-12-06 17:32 - 2014-12-07 09:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-06 17:32 - 2014-12-06 17:32 - 00000859 _____ () C:\Users\Public\desktop\Malwarebytes Anti-Malware.lnk 2014-12-06 17:32 - 2014-12-06 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-06 17:32 - 2014-12-06 17:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-12-06 17:32 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-06 17:32 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-06 17:32 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-06 17:30 - 2014-12-06 17:30 - 00000795 _____ () C:\Users\Benjamin\desktop\Malware Issue - Shortcut.lnk 2014-12-06 17:17 - 2014-12-06 17:17 - 00000000 ____D () C:\Windows\ERUNT 2014-12-06 17:16 - 2014-12-06 17:16 - 01707646 _____ (Thisisu) C:\Users\Benjamin\desktop\JRT.exe 2014-12-06 17:05 - 2014-12-06 17:10 - 00000000 ____D () C:\AdwCleaner 2014-12-06 17:05 - 2014-12-06 17:05 - 00000055 _____ () C:\AdwCleanerDebug.txt 2014-12-06 17:04 - 2014-12-06 17:04 - 02153472 _____ () C:\Users\Benjamin\desktop\AdwCleaner.exe 2014-12-06 17:03 - 2014-12-06 17:03 - 00000000 ____D () C:\Users\Benjamin\desktop\Old Firefox Data 2014-12-06 16:51 - 2014-12-06 16:51 - 00000000 ____D () C:\SuV5.6 2014-12-06 11:47 - 2014-12-06 11:47 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-12-06 11:47 - 2014-12-06 11:47 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-12-06 11:46 - 2014-12-06 11:46 - 15196248 _____ () C:\Users\Benjamin\desktop\RogueKiller.exe 2014-12-06 11:40 - 2014-12-06 11:40 - 00010347 _____ () C:\ComboFix.txt 2014-12-06 11:12 - 2014-12-06 11:40 - 00000000 ____D () C:\Qoobox 2014-12-06 11:12 - 2014-12-06 11:40 - 00000000 ____D () C:\ComboFix 2014-12-06 11:12 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-06 11:12 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-06 11:12 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-06 11:12 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-06 11:12 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-06 11:12 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-06 11:12 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-06 11:12 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-06 11:11 - 2014-12-06 11:39 - 00000000 ____D () C:\Windows\erdnt 2014-12-06 11:08 - 2014-12-06 11:08 - 05600479 ____R (Swearware) C:\Users\Benjamin\desktop\ComboFix.exe 2014-12-06 10:42 - 2014-12-07 09:46 - 01111040 _____ (Farbar) C:\Users\Benjamin\desktop\FRST.exe 2014-12-05 19:38 - 2014-12-07 09:46 - 00000000 ____D () C:\FRST 2014-12-05 19:03 - 2014-12-05 19:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-21 22:20 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-15 13:23 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-15 13:23 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-15 13:22 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-15 13:22 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-15 13:22 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-15 13:22 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-15 13:21 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-15 13:20 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-15 13:19 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-15 13:19 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-15 13:19 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-15 13:19 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-15 13:19 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-15 13:18 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-15 12:58 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-15 12:34 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-15 12:34 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-15 12:34 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-15 12:34 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-15 12:34 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-15 12:34 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-15 12:34 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-15 12:34 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-15 12:34 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-15 12:34 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-15 12:34 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-15 12:34 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-15 12:34 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-15 12:34 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-15 12:34 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-15 12:34 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-15 12:34 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-15 12:34 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-15 12:34 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-15 12:34 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-15 12:34 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 09:39 - 2009-07-23 15:06 - 01297258 _____ () C:\Windows\WindowsUpdate.log 2014-12-07 09:37 - 2009-08-15 22:19 - 00000000 ___RD () C:\Users\Benjamin\Documents\My Dropbox 2014-12-07 09:37 - 2009-08-15 22:07 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Dropbox 2014-12-07 09:31 - 2013-02-04 20:27 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-07 09:31 - 2010-09-12 19:40 - 00000318 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-12-07 09:31 - 2009-08-16 19:02 - 00179254 _____ () C:\ProgramData\nvModes.dat 2014-12-07 09:31 - 2009-08-16 19:02 - 00179254 _____ () C:\ProgramData\nvModes.001 2014-12-07 09:28 - 2008-01-20 21:47 - 00253410 _____ () C:\Windows\PFRO.log 2014-12-07 09:28 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-07 09:28 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-07 09:28 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-06 21:57 - 2006-11-02 08:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-06 21:19 - 2012-09-22 16:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-06 21:19 - 2012-04-12 18:28 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000UA.job 2014-12-06 18:19 - 2012-04-10 06:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-06 18:19 - 2011-05-17 06:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-06 17:32 - 2012-11-21 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-06 17:10 - 2009-08-16 16:38 - 00000000 ____D () C:\ProgramData\ICQ 2014-12-06 12:19 - 2012-04-12 18:28 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000Core.job 2014-12-06 11:40 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default 2014-12-06 11:40 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public 2014-12-06 11:37 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini 2014-12-06 10:31 - 2012-05-02 18:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-02 19:44 - 2009-08-15 22:08 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-02 19:44 - 2006-11-02 05:33 - 01496184 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-24 14:04 - 2009-10-03 09:43 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-21 22:42 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache 2014-11-21 21:56 - 2013-05-20 17:17 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-11-21 21:55 - 2013-05-20 17:17 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-11-21 21:49 - 2013-02-04 20:27 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-21 21:49 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-15 13:34 - 2006-11-02 07:47 - 01679168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-15 13:30 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\fr-FR 2014-11-15 13:11 - 2013-08-13 21:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-15 13:00 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-15 12:19 - 2009-08-15 16:16 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Mozilla Some content of TEMP: ==================== C:\Users\Benjamin\AppData\Local\temp\dllnt_dump.dll C:\Users\Benjamin\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4cbxuy.dll C:\Users\Benjamin\AppData\Local\temp\Quarantine.exe C:\Users\Benjamin\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-07 09:35 ==================== End Of Log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2014 01 Ran by Benjamin at 2014-12-07 09:47:52 Running from C:\Users\Benjamin\desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden 4500_G510nz_Help_Web (Version: 000.0.440.000 - Hewlett-Packard) Hidden 4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510nz_web (Version: 000.0.439.000 - Hewlett-Packard) Hidden 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.) Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.) Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland) Audiograbber MP3 Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG) Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2206 - AVAST Software) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden Cisco AnyConnect VPN Client (HKLM\...\{A96D580D-00C3-43BF-BFDD-F701E779E5CB}) (Version: 2.2.0136 - Cisco Systems, Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant) Content Transfer (HKLM\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation) CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.) CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2029 - CyberLink Corp.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-846818328-320699065-2579942663-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) Eraser 5.8.7 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.8.7 - The Eraser Project) ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Glary Utilities 2.28.0.1011 (HKLM\...\Glary Utilities_is1) (Version: 2.28.0.1011 - Glarysoft Ltd) Google Chrome (HKU\S-1-5-21-846818328-320699065-2579942663-1000\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - ) HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard) HP Officejet 4500 G510n-z (HKLM\...\{F27CFD16-939A-4232-98CD-180898D14713}) (Version: 13.0 - HP) HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard) ICQ7.6 (HKLM\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan) Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle) LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.) LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden Last.fm Scrobbler 2.1.33 (HKLM\...\LastFM_is1) (Version: - Last.fm) LightScribe System Software 1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe) Magic Workstation 0.94f (HKLM\...\Magic Workstation_is1) (Version: - Magic Technology) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Live Search Toolbar (HKLM\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft XNA Framework Redistributable 2.0 (HKLM\...\{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}) (Version: 2.0.11128.1 - Microsoft Corporation) Mozilla Firefox 34.0 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MTG GamePack for Magic Workstation (HKLM\...\MTG GamePack for Magic Workstation_is1) (Version: - Magic Technology) muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd) NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc) Network (Version: 130.0.550.000 - Hewlett-Packard) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NWZ-E340 WALKMAN Guide (HKLM\...\{E33956B7-301C-429D-9E6C-2C12EACB8A62}) (Version: 2.0.00.07010 - Sony Corporation) OpenAL (HKLM\...\OpenAL) (Version: - ) OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org) Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) PFConfig 1.0.296 (HKLM\...\PFConfig) (Version: 1.0.296 - Portforward.com) Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.) Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.) PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden Primo (Version: 1.00.0000 - Your Company Name) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.) Runtime (Version: 1.00.0000 - Your Company Name) Hidden Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.01.15030 - Sony Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics) TmUnitedForever StarEdition (HKLM\...\TmUnitedForever_is1) (Version: - Nadeo) Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Vista Icon Pack ST (HKLM\...\Vista Icon Pack ST_is1) (Version: - ) VoipStunt (HKLM\...\VoipStunt_is1) (Version: 4.03 build 543 - Finarea S.A. Switzerland) VSO Image Resizer 2.2.2.1 (HKLM\...\{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1) (Version: 2.2.2.1 - VSO-Software) WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Application Detect (HKU\S-1-5-21-846818328-320699065-2579942663-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\ACTXPRXY.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 19-09-2014 23:08:22 Windows Update 30-10-2014 00:41:09 Windows Update 30-10-2014 00:46:10 avast! antivirus system restore point 30-10-2014 00:54:31 Language Pack Removal 30-10-2014 01:33:04 Windows Update 31-10-2014 01:28:38 Language Pack Removal 01-11-2014 03:39:25 Language Pack Removal 02-11-2014 19:20:18 Language Pack Removal 05-11-2014 00:55:47 Windows Update 08-11-2014 22:35:01 Windows Update 08-11-2014 22:42:41 Language Pack Removal 15-11-2014 17:33:38 Windows Update 15-11-2014 17:58:25 Windows Update 22-11-2014 03:03:05 Language Pack Removal 22-11-2014 03:06:25 Windows Update 22-11-2014 03:19:38 Windows Update 03-12-2014 00:54:03 Windows Update 03-12-2014 01:02:26 Language Pack Removal 06-12-2014 15:48:47 Language Pack Removal 06-12-2014 16:26:29 Language Pack Removal 06-12-2014 21:59:32 Language Pack Removal 06-12-2014 22:47:19 Language Pack Removal 06-12-2014 23:33:10 Language Pack Removal 07-12-2014 14:45:11 Language Pack Removal ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2014-12-06 11:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {007DDB33-75E1-48BC-ABD9-6C48CE476808} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-04] (Google Inc.) Task: {116BFA48-1B7A-4B2E-ADFD-BC19AECB7BE7} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2010-09-09] (Glarysoft Ltd) Task: {1E75D9FE-A4E9-407C-B6A6-6F396335E0C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-06] (Adobe Systems Incorporated) Task: {2B5DE062-427A-44ED-B858-027424F2B991} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Benjamin => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation) Task: {3345CAFA-7D43-4742-AE99-6CD4955B0394} - System32\Tasks\Timed Shutdown => shutdown Task: {52598A0A-7919-414E-8551-CF0F23864448} - System32\Tasks\{A1A566E3-B9EF-4F20-BA43-AC61C0A608E8} => Firefox.exe http://ui.skype.com/ui/0/4.1.0.141/en/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12007&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2 Task: {644B7431-7FB0-49A8-AE49-C0FE5708E737} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000Core => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.) Task: {6520EF05-AA8F-4076-B901-9D286D2F0659} - System32\Tasks\{6D519E58-04AC-4F77-8457-A68DDEFF6EA7} => Firefox.exe http://ui.skype.com/ui/0/4.1.0.141/en/abandoninstall?source=lightinstaller&page=tsProblems&LastError=206&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2 Task: {709227F4-350F-4EDA-A9EA-ACD02C572F48} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-846818328-320699065-2579942663-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {7A0EEDEB-5FFE-4B9F-9C9F-4BB6B6B691B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-04] (Google Inc.) Task: {8E7BF267-DFCB-4DC4-A390-F0BAC356432E} - System32\Tasks\{148E9B18-33FD-418C-95B4-B8B60F7B70EF} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {ABB67554-9A56-46CE-B64B-A2D74AB039F4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-846818328-320699065-2579942663-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {B3B33D76-9350-4CE2-97AF-8951A76FB9CF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-29] (AVAST Software) Task: {E008C75A-597C-4FFA-8ACA-369CE3B67A27} - System32\Tasks\{FF7F4FB1-E648-4149-8D5F-4519DF9D1E11} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.141&LastError=12029 Task: {E3DCEF1D-A1E0-4DA9-86CD-173FD8B4BBEC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000UA => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000Core.job => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000UA.job => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-12-07 09:31 - 2014-12-07 09:31 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120700\algo.dll 2009-04-20 15:48 - 2008-10-06 11:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe 2009-04-20 15:48 - 2008-10-06 11:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll 2009-04-20 14:31 - 2008-09-15 09:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2013-10-25 20:06 - 2014-10-29 19:51 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-12-07 09:37 - 2014-12-07 09:37 - 00043008 _____ () c:\users\benjamin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4cbxuy.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\libcef.dll 2009-04-20 13:36 - 2008-04-11 11:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 2014-12-05 19:04 - 2014-12-05 19:04 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-846818328-320699065-2579942663-500 - Administrator - Disabled) Benjamin (S-1-5-21-846818328-320699065-2579942663-1000 - Administrator - Enabled) => C:\Users\Benjamin Guest (S-1-5-21-846818328-320699065-2579942663-501 - Limited - Disabled) => C:\Users\Guest Mcx1 (S-1-5-21-846818328-320699065-2579942663-1001 - Administrator - Enabled) => C:\Users\Mcx1 ==================== Faulty Device Manager Devices ============= Name: Officejet 4500 G510n-z Description: Officejet 4500 G510n-z Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Hewlett-Packard Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 4500 G510n-z Description: Officejet 4500 G510n-z Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/07/2014 09:29:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2014 06:13:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2014 05:27:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (12/07/2014 09:46:08 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY) Description: 0x800f0825fr-FR Error: (12/07/2014 09:29:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (12/06/2014 06:36:54 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY) Description: 0x800f0825fr-FR Error: (12/06/2014 06:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (12/06/2014 05:50:13 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY) Description: 0x800f0825fr-FR Error: (12/06/2014 05:27:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Microsoft Office Sessions: ========================= Error: (12/07/2014 09:29:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2014 06:13:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2014 05:27:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-12-07 09:47:41.310 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-07 09:47:40.280 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-07 09:47:39.188 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-07 09:47:38.049 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-07 09:30:41.372 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-06 20:50:48.719 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-06 18:15:50.669 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-06 17:43:29.685 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-06 17:43:28.593 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-06 17:43:27.548 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Athlon Dual-Core QL-64 Percentage of memory in use: 51% Total physical RAM: 2813.69 MB Available physical RAM: 1374.71 MB Total Pagefile: 5859.83 MB Available Pagefile: 4343.58 MB Total Virtual: 2047.88 MB Available Virtual: 1930.18 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.17 GB) (Free:89.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:10.72 GB) (Free:1.81 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: A40BC8D5) Partition 1: (Active) - (Size=222.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=10.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ MBAMProtectionLog.txt
  15. Hi Adam, The browsers were all reset to standard successfully. I followed all the steps and pasted the logs below. One question: Should I leave Malwarebytes installed and running for the remainder of the process? Or uninstall it again? So far it's still running and it blocked several malicious websites while ESET was downloading its definitions. No browser was open at that time. Those are the objects it blocked: Malicious Website Protection, IP, 67.212.88.10, kickass.to, 0, Outbound Malicious Website Protection, IP, 5.150.195.169, 0427d7.se, 0, Outbound Malicious Website Protection, IP, 119.145.147.181, mama.cn, 0, Outbound Malicious Website Protection, IP, 91.98.28.98, digikala.com, 0, Outbound Whenever we're done with the Vista machine, can we switch to the Win8.1? Unless there's any indication the Win7 is more urgent of course. Thanks and have a good Sunday, Ben AdwCleaner[s0] # AdwCleaner v4.104 - Report created 06/12/2014 at 17:10:50 # Updated 05/12/2014 by Xplode # Database : 2014-12-03.1 [Live] # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : Benjamin - BLACKEMPEROR # Running from : C:\Users\Benjamin\desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : ICQ Service ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\ICQ\ICQToolbar Folder Deleted : C:\Program Files\ICQ6Toolbar Folder Deleted : C:\Users\Benjamin\AppData\Local\Video downloader File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5dgiowsj.default\searchplugins\icqplugin.gif File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5dgiowsj.default\searchplugins\icqplugin.src ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Video downloader Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video downloader Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16592 -\\ Mozilla Firefox v34.0 (x86 en-US) [5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.engineVerified", true); [5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.history", "test"); [5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0); [5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.previousFFVersion", "3.5.7"); [5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.skip_default_search", "no"); [5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.uniqueID", "126305795012630579491263057956387"); [5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1263057962); [5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.version", "1.1.5"); [5dgiowsj.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="); -\\ Google Chrome v [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://start.icq.com/ ************************* AdwCleaner[R0].txt - [4515 octets] - [06/12/2014 17:06:05] AdwCleaner[s0].txt - [4601 octets] - [06/12/2014 17:10:50] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4661 octets] ########## JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows Vista Home Premium x86 Ran by Benjamin on 06/12/2014 at 17:18:06.94 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Benjamin\appdata\local\{85DAEE0C-2E9D-4653-A8B3-5C4B1E554DA5} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06/12/2014 at 17:22:44.59 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MBAM Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 06/12/2014 Scan Time: 17:33:31 Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.06.11 Rootkit Database: v2014.12.03.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: Benjamin Scan Type: Threat Scan Result: Completed Objects Scanned: 400540 Time Elapsed: 32 min, 51 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 3 Adware.ADON, C:\Users\Benjamin\Installer\agsetup183se.exe, Quarantined, [a9ceb2acdf9d5bdbd5ad5516ad58e818], PUP.Optional.OpenCandy, C:\Users\Benjamin\Installer\winamp5581_full_emusic-7plus_en-us.exe, Quarantined, [3542f8663b412d09fddaa4e5ad582dd3], PUP.Optional.OpenCandy, C:\Users\Benjamin\Installer\winamp5601_full_emusic-7plus_en-us.exe, Quarantined, [3344243a53293df9d106a6e335d0669a], Physical Sectors: 0 (No malicious items detected) (end) ESET C:\FRST\Quarantine\C\Users\Benjamin\AppData\Local\Temp\2dcd1d63cb45e6613582211c3d5f4b23.exe.xBAD Win32/OpenCandy potentially unsafe application C:\FRST\Quarantine\C\Users\Benjamin\AppData\Local\Temp\AskSLib.dll.xBAD a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application C:\Program Files\ICQ7.6\install_dll\OCSetupHlp.dll Win32/OpenCandy potentially unsafe application C:\Users\Benjamin\Installer\cdbxp_setup_4.3.7.2356.exe Win32/OpenCandy potentially unsafe application C:\Users\Benjamin\Installer\PFCSetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application C:\Users\Benjamin\Installer\vso_image_resizer2_setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.