Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Search the Community

Showing results for tags 'superfish'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 9 results

  1. Even the best of us pick up adware from time to time. While I'm far from the best of us, I'm still no exception it seems. A couple of days ago I noticed that my NoScript addon for Firefox was displaying a rather oddly named site called 'Majuwe.com' in the script list. Then I noticed it was on every page I opened. Google, Tumblr, Yahoo - everything. On a hunch, I tried opening a private window and was met with this grizzly list. Needless to say, I took action immediately: locked down my online banking, ran some google searches, blindly followed a lot of random advice, and fumbling about stupidly in general. When, unsurprisingly, none of that worked, I decided to come seek professional help. The adware isn't actually DOING anything noticable - NoScript is shutting it down as far as Firefox is concerned - but obviously it could be doing a plethora of things I am unaware of, and I'm rightfully worried that there is something more sinister lurking somewhere in the cracks. A few things of note; I could find almost no information on 'majuwe' as far as malware is concerned; the only post even mentioning it happened to be what led me to this site in the first place. Also, there was an unrecognized folder in my Program Files called 'Jelbrus Secure Web' which I promptly deleted without considering the registry at all (as stated, I am a moron). Attached you will find the requested documents. After reading your rules (after running this scan), I removed bitorrent from my computer (I had installed it a while back to help set up PSO2, a foreign F2P MMO.) Sorry for the long-winded story, and thank you in advance! FRST.txt Addition.txt
  2. I would like to know if Malwarebytes can protect us from Superfish and the like. Thank you!
  3. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014 Ran by owner (administrator) on OWNER-PC on 26-12-2014 09:01:38 Running from C:\Users\owner\Downloads Loaded Profile: owner (Available profiles: owner) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-14] (AVAST Software) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation) HKLM-x32\...\Run: [iJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.) HKU\S-1-5-21-570317891-2805044453-1085974382-1000\...\Run: [super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe HKU\S-1-5-21-570317891-2805044453-1085974382-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd) HKU\S-1-5-21-570317891-2805044453-1085974382-1000\...\MountPoints2: {1b28b074-4751-11e4-9bfa-806e6f6e6963} - D:\SETUP.EXE AppInit_DLLs: C:\Users\owner\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\owner\AppData\Local\Linkey\IEEXTE~1\iedll64.dll File Not Found AppInit_DLLs-x32: c:\users\owner\appdata\local\linkey\ieexte~1\iedll.dll => "c:\users\owner\appdata\local\linkey\ieexte~1\iedll.dll" File Not Found ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-570317891-2805044453-1085974382-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-570317891-2805044453-1085974382-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-570317891-2805044453-1085974382-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File BHO-x32: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-570317891-2805044453-1085974382-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 Tcpip\..\Interfaces\{29BDC6F0-AB6B-45E6-8671-7311A57B16F6}: [NameServer] 81.218.119.15,199.203.35.75 Tcpip\..\Interfaces\{C8C84D12-917C-4F6A-AFB6-5475ECA0D1D3}: [NameServer] 81.218.119.15,199.203.35.75 FireFox: ======== FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\sfw19viq.default-1419596658051 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\sfw19viq.default-1419596658051\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-26] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-28] Chrome: ======= CHR RestoreOnStartup: Default -> "hxxp://www.default-search.net?sid=492&aid=292&itype=n&ver=13892&tm=490&src=hmp" CHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=492&aid=292&itype=n&ver=13892&tm=490&src=hmp" CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-28] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-28] CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-28] CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-28] CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-28] CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-28] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-20] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-20] (Avast Software) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-12-26] (SurfRight B.V.) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-20] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-20] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-20] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-20] () R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-20] (Avast Software) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-26 09:01 - 2014-12-26 09:02 - 00014143 _____ () C:\Users\owner\Downloads\FRST.txt 2014-12-26 09:01 - 2014-12-26 09:01 - 00000000 ____D () C:\FRST 2014-12-26 09:00 - 2014-12-26 09:00 - 02122752 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe 2014-12-26 08:57 - 2014-12-26 08:29 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-12-26 08:31 - 2014-12-26 08:58 - 00007379 _____ () C:\zoek-results.log 2014-12-26 08:25 - 2014-12-26 08:51 - 00000000 ____D () C:\zoek_backup 2014-12-26 08:21 - 2014-12-26 08:22 - 01295360 _____ () C:\Users\owner\Downloads\zoek.exe 2014-12-26 07:42 - 2014-12-26 07:42 - 00007526 _____ () C:\Windows\system32\.crusader 2014-12-26 07:37 - 2014-12-26 07:37 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-12-26 07:37 - 2014-12-26 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-12-26 07:37 - 2014-12-26 07:37 - 00000000 ____D () C:\Program Files\HitmanPro 2014-12-26 07:34 - 2014-12-26 07:35 - 11222744 _____ (SurfRight B.V.) C:\Users\owner\Downloads\HitmanPro_x64.exe 2014-12-26 07:33 - 2014-12-26 07:42 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-26 07:32 - 2014-12-26 07:32 - 10284408 _____ (SurfRight B.V.) C:\Users\owner\Downloads\HitmanPro.exe 2014-12-24 20:21 - 2014-12-24 20:21 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-21 12:06 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-21 12:06 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-21 11:55 - 2014-12-21 11:55 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-19 20:30 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-19 20:30 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-19 20:30 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-19 20:30 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-19 20:30 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-19 20:30 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-19 20:30 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-19 20:30 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-19 20:30 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-19 20:30 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-14 19:47 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-14 19:47 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-14 19:47 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-14 19:47 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-14 19:47 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-14 19:47 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-14 19:47 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-14 19:47 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-14 19:47 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-14 19:47 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-14 19:47 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-14 19:47 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-14 19:47 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-14 19:47 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-14 19:47 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-14 19:47 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-14 19:47 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-14 19:47 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-14 19:47 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-14 19:47 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-14 19:47 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-14 19:47 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-14 19:47 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-14 19:47 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-14 19:47 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-14 19:47 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-14 19:47 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-14 19:47 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-14 19:47 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-14 19:47 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-14 19:47 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-14 19:47 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-14 19:47 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-14 19:47 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-14 19:47 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-14 19:47 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-14 19:47 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-14 19:47 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-14 19:47 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-14 19:47 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-14 19:47 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-14 19:47 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-14 19:47 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-14 19:47 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-14 19:47 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-14 19:47 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-14 19:47 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-14 19:47 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-14 19:47 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-14 19:47 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-14 19:47 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-14 19:47 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-14 19:47 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-14 19:47 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-14 19:30 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-14 19:30 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-14 19:30 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-14 19:30 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-14 19:30 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-14 19:30 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-14 19:30 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-14 19:30 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-14 19:20 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-14 19:20 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-14 19:20 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-14 19:14 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-14 19:14 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-14 19:14 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-14 19:14 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-14 19:14 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-14 19:14 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-14 19:14 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-14 19:14 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-14 19:14 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-14 19:14 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-14 19:10 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-14 19:10 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-14 18:32 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-14 18:32 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-11-30 17:28 - 2014-11-30 17:29 - 00742536 _____ () C:\Windows\Minidump\113014-23197-01.dmp 2014-11-30 17:28 - 2014-11-30 17:28 - 423998870 _____ () C:\Windows\MEMORY.DMP ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-26 09:01 - 2014-09-28 13:04 - 01634525 _____ () C:\Windows\WindowsUpdate.log 2014-12-26 08:59 - 2014-09-28 13:35 - 00000000 ____D () C:\Users\owner\Documents\Cheryl 2014-12-26 08:58 - 2014-10-06 20:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-12-26 08:58 - 2014-09-28 14:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-26 08:58 - 2014-09-28 13:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-26 08:58 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-26 08:57 - 2014-11-01 08:44 - 00015554 _____ () C:\Windows\PFRO.log 2014-12-26 08:57 - 2014-11-01 08:33 - 00001884 _____ () C:\Windows\setupact.log 2014-12-26 08:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy 2014-12-26 08:50 - 2014-09-28 13:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-26 08:34 - 2014-09-28 13:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-26 07:51 - 2009-07-13 23:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-26 07:51 - 2009-07-13 23:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-26 07:49 - 2014-10-21 07:16 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-12-26 06:58 - 2014-09-28 14:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-12-24 09:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-12-24 05:51 - 2014-10-21 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-12-24 05:51 - 2014-10-21 07:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-12-24 05:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-24 05:21 - 2014-09-28 14:09 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-24 05:21 - 2014-09-28 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-24 05:21 - 2014-09-28 14:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-21 12:52 - 2014-09-28 13:35 - 00000000 ____D () C:\Users\owner\Documents\Abby 2014-12-21 11:57 - 2014-11-11 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-21 11:57 - 2014-09-28 15:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-21 11:55 - 2014-10-06 14:09 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-21 11:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-19 21:04 - 2014-09-28 14:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-12-19 21:03 - 2014-09-28 14:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-19 20:59 - 2014-10-21 05:14 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-19 20:45 - 2014-10-21 05:14 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-14 20:11 - 2014-09-28 13:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-14 18:34 - 2014-09-28 13:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-14 18:34 - 2014-09-28 13:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-14 18:34 - 2014-09-28 13:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-30 17:28 - 2014-10-27 21:05 - 00000000 ____D () C:\Windows\Minidump ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed Addition.txt
  4. Dynamic Pricer ads powered by superfish keeps popping up on Google Chrome, Firefox & Internet Explorer. Tried ADWCleaner, MalwareBytes & Hitman Pro. Also deleted all keys related to superfish in the registry. Also, files related to superfish. Was unable to delete manifests in c:\windows\system32\winsxs with superfish entries. Find attached FRST.txt & Addition.txt files from Farbar Recovery Scan Tool. Please help. Thanks ... Srilesh Addition.txt FRST.txt
  5. Hey, everyone, My wife's computer has come down with a bit of a bug that keeps on coming back. Multiple Malwarebytes scans (many times resulting in a clean bill of health, other times not so much) including a couple of tries using chameleon. So far no dice. The malware in question hijacks most websites and injects illegitimate advertisements on most websites and creates a lot of browser redirects. Her data is safe so that's the good news. The most recent MBAM scan picked up and quarantined the following right before I ran the FRST scan: PUP.Optional.SuperFish.A I'm attaching the files from FRST as well. Thanks for your help. Addition.txt FRST.txt
  6. I've been trying to remove a PUP.Optional.Superfish.A infection but it keeps coming back. I've been following advice from the forums but I'm stuck at the moment. So far I have run RKill, backed up the registry with ERUNT and run a threatscan with MBAM. This is the scan result: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 15/09/2014 Scan Time: 11:33:41 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.15.05 Rootkit Database: v2014.09.15.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Natalie Scan Type: Threat Scan Result: Completed Objects Scanned: 352777 Time Elapsed: 23 min, 41 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.Superfish.A, C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [19d92ebf2853af87d45ea971c43fcc34], PUP.Optional.Superfish.A, C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [c52de20b3d3e66d0e0523fdbdc27ca36], Physical Sectors: 0 (No malicious items detected) (end) I have also run RogueKiller, and this is the report (I haven't deleted anything): RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Natalie [Admin rights]Mode : Scan -- Date : 09/16/2014 00:47:47 ¤¤¤ Bad processes : 2 ¤¤¤[suspicious.Path] (SVC) BHDrvx64 -- \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20140821.007\BHDrvx64.sys[7] -> ERROR [41c][suspicious.Path] (SVC) IDSVia64 -- \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20140912.001\IDSvia64.sys[7] -> ERROR [41c] ¤¤¤ Registry Entries : 13 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BHDrvx64 (\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20140821.007\BHDrvx64.sys) -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IDSVia64 (\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20140912.001\IDSvia64.sys) -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BHDrvx64 (\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20140821.007\BHDrvx64.sys) -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDSVia64 (\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20140912.001\IDSvia64.sys) -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BHDrvx64 (\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20140821.007\BHDrvx64.sys) -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDSVia64 (\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20140912.001\IDSvia64.sys) -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3235715F-B775-4EF1-8122-EE04D4BC69DB} | DhcpNameServer : 203.0.178.191 192.168.0.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3235715F-B775-4EF1-8122-EE04D4BC69DB} | DhcpNameServer : 203.0.178.191 192.168.0.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3235715F-B775-4EF1-8122-EE04D4BC69DB} | DhcpNameServer : 203.0.178.191 192.168.0.1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ATA Hitachi HTS54755 SCSI Disk Device +++++--- User ---[MBR] 6d452ee2ac9a41715593b85477c430c4[bSP] 7eac28bc9c0e78b1616c250c5819a0d7 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 455523 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 933320704 | Size: 21113 MB3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_09162014_003414.log So now I don't know what to do next. Any help anyone can offer would be very much appreciated.
  7. hello forum. I paid for the premium hoping it would fix my problem. SearchSnacks and Superfish are my problems. MalwareBytes appears to delete them, but moments later they are back again. I've reset all my browsers several times. Ive deleted any references to the files on my PC. But somehow they keep reinstalling themselves. I need help!! They will not go away and they make using this computer very miserable! Log attached to post malware.txt
  8. I think my computer has malware. My computer is up-to-date with Windows update, and I've updated and run malwarebytes, adwcleaner, hitmanpro, rkill. Symptoms: sluggish performance, periodic freezes of programs, and Google Chrome continues to show costminn as an extension after removing it. Malwarebytes scans continue to show superfish files as well. FRST.txt and Addition.txt pastes below. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01Ran by Dave (administrator) on DAVE-PC on 25-07-2014 17:11:56Running from C:\Users\Dave\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe(AMD) C:\Windows\System32\atieclxx.exe(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe(DeviceVM, Inc.) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4872\Battle.net.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe() C:\Users\Dave\AppData\Local\Hyper - Browser\Hyper - Browser.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Users\Dave\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe(Google Inc.) C:\Users\Dave\AppData\Local\Hyper - Browser\Chrome-bin\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-02-28] (Sun Microsystems, Inc.)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-12-30] (IDT, Inc.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-10] (Microsoft Corporation)HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-05-14] (CyberLink Corp.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-575872417-1751023796-2398206445-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)HKU\S-1-5-21-575872417-1751023796-2398206445-1001\...\Run: [Google Update] => "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-21-575872417-1751023796-2398206445-1001\...\Run: [GoogleChromeAutoLaunch_C62251D359A8F5B5CC8EADB510991ABB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)Lsa: [Notification Packages] DPPassFilter scecliStartup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comSearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing.BHO: HP SimplePass Identity Protection Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\dpotspluginie8.dll (DigitalPersona, Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 10.59.0.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dave\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dave\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No FileFF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtensionFF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-11]FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExtFF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-08-23] Chrome: =======CHR HomePage: CHR StartupUrls: "hxxp://www.facebook.com/", "hxxp://www.gmail.com/"CHR DefaultSearchKeyword: v9CHR Plugin: (Shockwave Flash) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No FileCHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No FileCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-11]CHR Extension: (Google Search) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-11]CHR Extension: (cosstminn) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nefgaobciliephjkajgnikgbckkbkkci [2014-07-19]CHR Extension: (Google Wallet) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-11]CHR Extension: (cosstminn) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nefgaobciliephjkajgnikgbckkbkkci\2.0 [2014-07-19]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-17] (ArcSoft Inc.)S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [241648 2011-03-21] (CyberLink)R2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-02-08] (DeviceVM, Inc.)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-26] (Hewlett-Packard Company) [File not signed]R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-20] (Hewlett-Packard Company)R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-10] (Microsoft Corporation)R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-10] (Microsoft Corporation)S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-24] ()R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-25] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-10] (Microsoft Corporation)S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-06-04] (Identive)R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-05-13] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-25 17:11 - 2014-07-25 17:12 - 00025577 _____ () C:\Users\Dave\Downloads\FRST.txt2014-07-25 17:11 - 2014-07-25 17:11 - 00000000 ____D () C:\FRST2014-07-25 17:08 - 2014-07-25 17:10 - 02093568 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe2014-07-25 16:05 - 2014-07-25 16:08 - 00002324 _____ () C:\Users\Dave\Desktop\Rkill.txt2014-07-25 15:59 - 2014-07-25 16:01 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Dave\Downloads\rkill.exe2014-07-24 18:03 - 2014-07-24 18:03 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-07-24 18:01 - 2014-07-24 18:01 - 00001086 _____ () C:\Windows\system32\.crusader2014-07-24 17:38 - 2014-07-24 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-07-24 17:38 - 2014-07-24 17:38 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-24 17:37 - 2014-07-24 18:02 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-24 17:10 - 2014-07-25 15:17 - 00000012 ____H () C:\dvmexp.idx2014-07-24 17:09 - 2014-07-24 17:09 - 00000000 ___HD () C:\dvmexp2014-07-24 17:03 - 2014-07-24 17:10 - 00000000 ____D () C:\temp2014-07-24 17:00 - 2014-07-24 18:08 - 00000000 ____D () C:\AdwCleaner2014-07-24 16:53 - 2014-07-24 16:59 - 11188736 _____ (SurfRight B.V.) C:\Users\Dave\Downloads\HitmanPro_x64.exe2014-07-24 16:52 - 2014-07-24 16:53 - 01354223 _____ () C:\Users\Dave\Downloads\adwcleaner_3.216.exe2014-07-23 22:48 - 2014-07-23 23:02 - 51330378 _____ () C:\Users\Dave\Downloads\Unconfirmed 663470.crdownload2014-07-22 17:11 - 2014-07-24 17:16 - 00000000 ___RD () C:\Users\Dave\Dropbox2014-07-22 17:11 - 2014-07-22 17:11 - 00001041 _____ () C:\Users\Dave\Desktop\Dropbox.lnk2014-07-22 17:11 - 2014-07-22 17:11 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-07-22 17:07 - 2014-07-24 17:15 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Dropbox2014-07-22 17:07 - 2014-07-22 17:07 - 00323696 _____ (Dropbox, Inc.) C:\Users\Dave\Downloads\DropboxInstaller.exe2014-07-21 23:25 - 2014-07-21 23:37 - 108293368 _____ (Microsoft Corporation) C:\Users\Dave\Downloads\msert.exe2014-07-21 23:23 - 2014-07-21 23:41 - 223165336 ____N (Symantec Corporation) C:\Users\Dave\Downloads\NIS_21.1.0.18_SYMTB_PROMO_4_MRFTT_829_10144-US1.exe2014-07-19 22:54 - 2014-07-19 23:28 - 00000000 ____D () C:\Users\Dave\AppData\Local\29842014-07-19 22:54 - 2014-07-19 22:55 - 00000000 ____D () C:\Users\Dave\AppData\Local\Hyper - Browser2014-07-19 22:54 - 2014-07-19 22:54 - 00004566 _____ () C:\Windows\System32\Tasks\Hyper - Browser Runner2014-07-19 22:54 - 2014-07-19 22:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\Packages2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\ProgramData\fa44f3b9b7d85d912014-07-13 18:50 - 2014-07-13 18:50 - 00000000 ____D () C:\Users\Dave\Documents\SUNY Maritime2014-07-13 18:04 - 2014-07-13 18:04 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-07-13 18:04 - 2014-07-13 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-13 18:03 - 2014-07-13 18:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-13 18:03 - 2014-07-13 18:04 - 00000000 ____D () C:\Program Files\iTunes2014-07-13 18:03 - 2014-07-13 18:04 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-13 18:03 - 2014-07-13 18:03 - 00000000 ____D () C:\Program Files\iPod2014-07-10 23:30 - 2014-07-10 23:32 - 00000000 ____D () C:\Users\Public\Documents\CyberLink2014-07-10 23:30 - 2014-07-10 23:30 - 00000000 ____D () C:\Users\Dave\Documents\CyberLink2014-07-10 23:26 - 2014-07-10 23:26 - 00002203 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 14.lnk2014-07-10 23:26 - 2014-07-10 23:26 - 00000000 ____D () C:\ProgramData\PDVD2014-07-10 23:26 - 2014-07-10 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 142014-07-10 23:23 - 2014-07-10 23:23 - 00000000 ____D () C:\ProgramData\SUPPORTDIR2014-07-10 23:23 - 2014-07-10 23:23 - 00000000 ____D () C:\ProgramData\install_clap2014-07-10 23:21 - 2014-07-10 23:22 - 188169104 _____ () C:\Users\Dave\Documents\PowerDVD_14.0.4028.58_DVD140430-04.exe2014-07-10 23:20 - 2014-07-10 23:20 - 01029080 _____ (CyberLink) C:\Users\Dave\Downloads\CyberLink_PowerDVD_Downloader.exe2014-07-10 21:55 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-10 21:55 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-10 21:55 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-10 21:55 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-10 21:55 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-07-10 21:55 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-10 21:55 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-10 21:55 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-10 21:55 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-07-10 21:55 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-07-10 21:55 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-10 21:55 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-10 21:55 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-10 21:55 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-10 21:55 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-07-10 21:55 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-07-10 21:55 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-10 21:55 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-07-10 21:55 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-10 21:55 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-07-10 21:55 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-10 21:55 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-10 21:55 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-10 21:55 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-10 21:55 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-10 21:55 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-10 21:55 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-07-10 21:55 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-10 21:55 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-10 21:55 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-07-10 21:55 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-10 21:55 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-10 21:55 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-10 21:55 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-10 21:55 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-10 21:55 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-07-10 21:55 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-10 21:55 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-07-10 21:55 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-07-10 21:55 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-10 21:55 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-10 21:55 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-10 21:55 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-10 21:55 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-10 21:55 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-10 21:55 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-10 21:55 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-10 21:55 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-10 21:55 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-10 21:55 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-10 21:55 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-10 21:55 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-10 21:55 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-07-10 21:55 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-10 21:55 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-10 21:55 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-07-10 21:55 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-10 21:55 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-10 21:54 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-10 21:54 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-10 21:54 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-10 21:54 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-10 21:54 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-10 21:54 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-10 21:54 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-10 21:54 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-10 21:54 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-10 21:54 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-10 21:54 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-10 21:30 - 2014-07-10 21:32 - 551293744 _____ () C:\Users\Dave\Desktop\Windows6.1-KB947821-v33-x64.msu2014-07-10 21:11 - 2014-07-10 21:11 - 00000000 ____D () C:\Windows\CheckSur2014-07-09 21:44 - 2014-07-18 20:51 - 00000650 _____ () C:\Users\Dave\Desktop\NYC Trip Ideas.txt2014-06-27 23:16 - 2014-06-27 23:16 - 00000110 _____ () C:\Users\Dave\Desktop\PCVST contacts.txt2014-06-27 21:39 - 2014-06-27 21:39 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-25 17:12 - 2014-07-25 17:11 - 00025577 _____ () C:\Users\Dave\Downloads\FRST.txt2014-07-25 17:11 - 2014-07-25 17:11 - 00000000 ____D () C:\FRST2014-07-25 17:11 - 2013-10-26 22:07 - 00000000 ____D () C:\Users\Dave\AppData\Local\Battle.net2014-07-25 17:10 - 2014-07-25 17:08 - 02093568 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe2014-07-25 17:02 - 2014-02-15 09:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001UA.job2014-07-25 16:41 - 2014-05-23 04:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-25 16:19 - 2012-03-30 21:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-25 16:18 - 2012-09-11 07:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-25 16:15 - 2011-07-09 09:43 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001UA.job2014-07-25 16:08 - 2014-07-25 16:05 - 00002324 _____ () C:\Users\Dave\Desktop\Rkill.txt2014-07-25 16:01 - 2014-07-25 15:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Dave\Downloads\rkill.exe2014-07-25 15:34 - 2010-06-26 05:48 - 01895413 _____ () C:\Windows\WindowsUpdate.log2014-07-25 15:23 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-25 15:23 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-25 15:22 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-25 15:17 - 2014-07-24 17:10 - 00000012 ____H () C:\dvmexp.idx2014-07-25 15:16 - 2013-08-26 07:30 - 00032155 _____ () C:\Windows\setupact.log2014-07-25 15:16 - 2012-09-11 07:29 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-25 15:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-25 10:23 - 2012-10-11 08:00 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForDave.job2014-07-24 22:26 - 2012-10-11 08:00 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDave2014-07-24 22:25 - 2011-12-01 07:36 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-07-24 22:25 - 2010-09-30 08:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-07-24 18:08 - 2014-07-24 17:00 - 00000000 ____D () C:\AdwCleaner2014-07-24 18:08 - 2010-06-26 05:54 - 00832266 _____ () C:\Windows\PFRO.log2014-07-24 18:03 - 2014-07-24 18:03 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-07-24 18:02 - 2014-07-24 17:37 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-24 18:01 - 2014-07-24 18:01 - 00001086 _____ () C:\Windows\system32\.crusader2014-07-24 17:38 - 2014-07-24 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-07-24 17:38 - 2014-07-24 17:38 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-24 17:16 - 2014-07-22 17:11 - 00000000 ___RD () C:\Users\Dave\Dropbox2014-07-24 17:15 - 2014-07-22 17:07 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Dropbox2014-07-24 17:10 - 2014-07-24 17:03 - 00000000 ____D () C:\temp2014-07-24 17:09 - 2014-07-24 17:09 - 00000000 ___HD () C:\dvmexp2014-07-24 16:59 - 2014-07-24 16:53 - 11188736 _____ (SurfRight B.V.) C:\Users\Dave\Downloads\HitmanPro_x64.exe2014-07-24 16:53 - 2014-07-24 16:52 - 01354223 _____ () C:\Users\Dave\Downloads\adwcleaner_3.216.exe2014-07-24 16:38 - 2013-10-26 22:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-07-23 23:03 - 2012-05-20 21:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-23 23:03 - 2012-05-20 21:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-23 23:02 - 2014-07-23 22:48 - 51330378 _____ () C:\Users\Dave\Downloads\Unconfirmed 663470.crdownload2014-07-23 22:52 - 2010-09-22 05:32 - 00000000 ____D () C:\Users\Dave2014-07-23 18:29 - 2012-05-20 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-22 21:37 - 2013-10-26 22:09 - 00000000 ____D () C:\Program Files (x86)\Hearthstone2014-07-22 17:23 - 2010-12-24 22:02 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Skype2014-07-22 17:11 - 2014-07-22 17:11 - 00001041 _____ () C:\Users\Dave\Desktop\Dropbox.lnk2014-07-22 17:11 - 2014-07-22 17:11 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-07-22 17:07 - 2014-07-22 17:07 - 00323696 _____ (Dropbox, Inc.) C:\Users\Dave\Downloads\DropboxInstaller.exe2014-07-22 16:56 - 2011-03-07 07:38 - 00004682 _____ () C:\Users\Dave\Documents\info.txt2014-07-21 23:41 - 2014-07-21 23:23 - 223165336 ____N (Symantec Corporation) C:\Users\Dave\Downloads\NIS_21.1.0.18_SYMTB_PROMO_4_MRFTT_829_10144-US1.exe2014-07-21 23:37 - 2014-07-21 23:25 - 108293368 _____ (Microsoft Corporation) C:\Users\Dave\Downloads\msert.exe2014-07-20 10:15 - 2011-07-09 09:43 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001Core.job2014-07-19 23:29 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages2014-07-19 23:28 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\29842014-07-19 22:55 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\Hyper - Browser2014-07-19 22:54 - 2014-07-19 22:54 - 00004566 _____ () C:\Windows\System32\Tasks\Hyper - Browser Runner2014-07-19 22:54 - 2014-07-19 22:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\HomeGroupUser$2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Guest2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\Packages2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\Users\Administrator2014-07-19 22:54 - 2014-07-19 22:54 - 00000000 ____D () C:\ProgramData\fa44f3b9b7d85d912014-07-19 22:54 - 2012-09-11 07:28 - 00000000 ____D () C:\Users\Dave\AppData\Local\Google2014-07-19 22:54 - 2012-09-11 07:28 - 00000000 ____D () C:\Program Files (x86)\Google2014-07-19 22:54 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-07-19 22:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy2014-07-19 19:49 - 2014-06-10 09:48 - 00000315 _____ () C:\Users\Dave\Desktop\Nozomi test & vacation schedule.txt2014-07-18 20:51 - 2014-07-09 21:44 - 00000650 _____ () C:\Users\Dave\Desktop\NYC Trip Ideas.txt2014-07-13 18:50 - 2014-07-13 18:50 - 00000000 ____D () C:\Users\Dave\Documents\SUNY Maritime2014-07-13 18:04 - 2014-07-13 18:04 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-07-13 18:04 - 2014-07-13 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-13 18:04 - 2014-07-13 18:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-13 18:04 - 2014-07-13 18:03 - 00000000 ____D () C:\Program Files\iTunes2014-07-13 18:04 - 2014-07-13 18:03 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-13 18:03 - 2014-07-13 18:03 - 00000000 ____D () C:\Program Files\iPod2014-07-11 09:02 - 2014-02-15 09:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-575872417-1751023796-2398206445-1001Core.job2014-07-11 08:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-07-10 23:32 - 2014-07-10 23:30 - 00000000 ____D () C:\Users\Public\Documents\CyberLink2014-07-10 23:32 - 2010-02-27 23:46 - 00000000 ____D () C:\ProgramData\CyberLink2014-07-10 23:30 - 2014-07-10 23:30 - 00000000 ____D () C:\Users\Dave\Documents\CyberLink2014-07-10 23:26 - 2014-07-10 23:26 - 00002203 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 14.lnk2014-07-10 23:26 - 2014-07-10 23:26 - 00000000 ____D () C:\ProgramData\PDVD2014-07-10 23:26 - 2014-07-10 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 142014-07-10 23:26 - 2011-04-18 18:27 - 00000000 ____D () C:\Users\Dave\AppData\Local\CyberLink2014-07-10 23:26 - 2010-02-27 21:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-07-10 23:24 - 2010-02-27 22:40 - 00000000 ____D () C:\ProgramData\Temp2014-07-10 23:23 - 2014-07-10 23:23 - 00000000 ____D () C:\ProgramData\SUPPORTDIR2014-07-10 23:23 - 2014-07-10 23:23 - 00000000 ____D () C:\ProgramData\install_clap2014-07-10 23:23 - 2010-02-27 23:47 - 00000000 ____D () C:\Program Files (x86)\CyberLink2014-07-10 23:22 - 2014-07-10 23:21 - 188169104 _____ () C:\Users\Dave\Documents\PowerDVD_14.0.4028.58_DVD140430-04.exe2014-07-10 23:20 - 2014-07-10 23:20 - 01029080 _____ (CyberLink) C:\Users\Dave\Downloads\CyberLink_PowerDVD_Downloader.exe2014-07-10 22:06 - 2009-07-14 00:45 - 00424392 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-10 22:04 - 2014-05-07 09:36 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 22:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-10 22:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-10 22:02 - 2010-02-27 22:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-10 22:00 - 2013-07-11 05:36 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 21:57 - 2010-09-26 09:34 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-10 21:32 - 2014-07-10 21:30 - 551293744 _____ () C:\Users\Dave\Desktop\Windows6.1-KB947821-v33-x64.msu2014-07-10 21:11 - 2014-07-10 21:11 - 00000000 ____D () C:\Windows\CheckSur2014-07-08 20:19 - 2012-03-30 21:16 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-08 20:19 - 2012-03-30 21:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-08 20:19 - 2011-06-09 10:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-05 10:36 - 2014-06-22 08:19 - 00000000 ____D () C:\Users\Dave\Documents\Tokorozawas2014-07-04 08:41 - 2010-09-25 11:48 - 00000000 ____D () C:\Users\Dave\AppData\Local\CrashDumps2014-07-03 08:23 - 2009-07-14 01:08 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-06-29 22:09 - 2014-07-10 21:54 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-10 21:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-27 23:16 - 2014-06-27 23:16 - 00000110 _____ () C:\Users\Dave\Desktop\PCVST contacts.txt2014-06-27 22:07 - 2013-07-29 07:54 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\vlc2014-06-27 21:39 - 2014-06-27 21:39 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-06-27 21:39 - 2013-07-29 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN Some content of TEMP:====================C:\Users\Dave\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjm074.dllC:\Users\Dave\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Dave\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exeC:\Users\Dave\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Dave\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Dave\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Dave\AppData\Local\Temp\Quarantine.exeC:\Users\Dave\AppData\Local\Temp\UNT3F58.tmp.exeC:\Users\Dave\AppData\Local\Temp\UNT3F59.tmp.exeC:\Users\Dave\AppData\Local\Temp\UNT3F69.tmp.exeC:\Users\Dave\AppData\Local\Temp\UNT3F6B.tmp.exeC:\Users\Dave\AppData\Local\Temp\UNT3F6E.tmp.exeC:\Users\Dave\AppData\Local\Temp\UNT3F6F.tmp.exeC:\Users\Dave\AppData\Local\Temp\vlc-2.1.3-win32.exeC:\Users\Dave\AppData\Local\Temp\VOPackage.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-19 06:37 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.