Jump to content

Search the Community

Showing results for tags 'trojan horse'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 10 results

  1. Hey. I use panda antivirus. I noticed a New folder which was an application and tried to delete it, The anitvirus only then notices the virus which turned out to be a trojan horse and has deleted the file only for it to pop up again, I've run the panda cloud cleaner but it still keeps popping up.I don't know if my computer has been compromised or when it happened in the first place, If it has been compromised what should I do?Is there any way to remove it?
  2. Hy ! I have a network with a domain controller and active directory users in one location Also in other location i have different domain controller and active directory users, There are separate domains My problem is that i have a person who manages to connect from one location to another Each location that has domain controller and active directory has a firewall.....it's about fortigate machine. This person has only user account in active directory. Local accounts of his computer are disable. On his computer the IP adress is static.Both server and workstations are up to date. He succeeds using the Internet to connect to other network, using administrator privileges. This person makes changes on other computers both locations....normal changes that are made only by the network administrator. I think it's a virus / mallware/trojan undetectable.I would like to know how can I scan servers, services from viruses / trojan undetectable and tracing how this persoon connect. From what I knew so far the user succeed to intervene over the user's session from a different computer without the user's knowledge or realizing and make any changes he wish .I check the logo failures and I have many attempts to acces administrator account. Location where i fiind it is every computer that i log on as administrator account and primary/ secondary domain controller. I have a software that i manage my events ....ad audit plus...In my reports says that evet type is failure and failure reason is bad password.. That problem is that at logon time, for example, at this hour 12:33:25, the administrator account is accesed for 44 times.... I think that a sort of trojan horse try to acces my administrator accout to steal my password.... My problem is how i detect this trojan hourse/mallware stufff......and how i delete it for permanent. Where I might look for more information ? What shall i do next ? Any suggestion / feedback / opinion is appreciated...thank you
  3. Ever since I migrated to Windows 10 I have had a virus. I've tried everything to remove it, including full scans with AVG and Malwarebytes but it keeps coming back. AVG detects it as Trojan Horse php/Backdoor.cz and HTML/Framer Would be great if anyone can help me? Its driving me crazy. Many thanks! The Farbar logs are: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015Ran by Mike (administrator) on MIKE-HP (18-11-2015 20:38:18)Running from G:\Mike\DownloadsLoaded Profiles: Mike (Available Profiles: Mike & Eli & Mcx1-MIKE-HP & DefaultAppPool)Platform: Windows 10 Home (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Edge)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe(Microsoft Corporation) C:\Windows\System32\mqsvc.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe(Microsoft Corporation) C:\Windows\System32\browser_broker.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)HKLM-x32\...\Run: [HP Remote Solution] => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeHKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [Dropbox Update] => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [GoogleChromeAutoLaunch_A9A28D217F0AF6C0AE66A9006030A09A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Policies\system: [DisableChangePassword] 0HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\MountPoints2: {0cf0d44f-6b0c-11e0-b704-806e6f6e6963} - "E:\Install Navigator.exe" HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No FileShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-08]ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-07-12]ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-15]ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{18b82321-0b0c-4748-a585-cb06f8448ee8}: [DhcpNameServer] 192.168.0.1Internet Explorer:==================HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.goldstart.co.uk/adv/goldAndSilver.htmSearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No FileBHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)Toolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileDPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cabDPF: HKLM-x32 {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} hxxps://remote-uk-tc.rbc.com/nortel_cacheable/iewiper.cabDPF: HKLM-x32 {ACDB1787-986D-434D-9857-2172CDB2108D} hxxps://remote-uk-th.rbc.com/nortel_cacheable/punblock.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileFilter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)FireFox:========FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.defaultFF Homepage: hxxp://www.evertonlatest.co.uk/wp-admin/index.phphxxp://www.investorwords.co.uk/wp-admin/hxxp://www.cutthedebt.co.uk/wp-admin/index.phphxxp://www.blackburnlatest.co.uk/wp-admin/index.phphxxp://www.stokelatest.co.uk/wp-admin/hxxp://www.swansealatest.co.uk/wp-admin/hxxp://www.wolveslatest.co.uk/wp-admin/index.phphxxp://www.wiganlatest.co.uk/wp-admin/index.phphxxp://www.qprlatest.co.uk/wp-admin/hxxp://www.englandfootballlatest.co.uk/wp-admin/index.phphxxp://www.norwichlatest.co.uk/wp-admin/index.phphxxp://www.westbromlatest.co.uk/wp-admin/index.phphxxp://www.sunderlandlatest.co.uk/wp-admin/index.phpFF Session Restore: -> is enabled.FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-04-25] ()FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-04-25] (Citrix Systems, Inc.)FF Extension: Page Speed - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-09-23] [not signed]FF Extension: Property Bee - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi [2013-05-12] [not signed]FF Extension: Greasemonkey - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-05] [not signed]FF Extension: YSlow - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\yslow@yahoo-inc.com.xpi [2014-12-22] [not signed]FF Extension: Flash and Video Download - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-12-22] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\firebug@software.joehewitt.com.xpi [2015-07-04] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\wagerlogic.xpi [2010-02-02] [not signed]FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-21] [not signed]FF Extension: Google Toolbar for Firefox - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-08-21] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash [2011-08-21] [not signed]FF Extension: DownThemAll! - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-07-04]FF Extension: OnlyWire - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2} [2011-08-21] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-29] [not signed]Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.gumtree.com/search?property_type=house&seller_type=private&min_beds=3&max_beds=&min_price=370%2C000&max_price=600%2C000&q=&search_location=South+East+London&category=local-property-for-sale&search_scope=title","hxxps://www.google.co.uk/webhp?source=search_app&gws_rd=cr","hxxp://www.google.com/"CHR Session Restore: Default -> is enabled.CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2015-10-17]CHR Extension: (Gmail Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-17]CHR Extension: (Chrome Remote Desktop) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-08]CHR Extension: (Financial News) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcekbbpdkhlfomdhopicfopkkedfcam [2015-10-17]CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]CHR Extension: (Pin It Button) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-10-17]CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-17]CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17]CHR HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-09-21] (Microsoft Corporation)R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-10-26] (IBM Corp.)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-09-21] (Microsoft Corporation)S3 w3logsvc; C:\Windows\SysWOW64\inetsrv\w3logsvc.dll [72192 2015-09-21] (Microsoft Corporation)R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-09-21] (Microsoft Corporation)R2 W3SVC; C:\Windows\SysWOW64\inetsrv\iisw3adm.dll [504832 2015-09-21] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.)S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]R3 hcwD3bda; C:\Windows\system32\DRIVERS\hcwD3bda64.sys [121344 2011-10-26] (Mirics)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-09-21] (Microsoft Corporation)R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)R1 RapportCerberus_1507072; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys [959416 2015-11-16] (IBM Corp.)R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-10-26] (IBM Corp.)R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-10-26] (IBM Corp.)R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-10-26] (IBM Corp.)R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489272 2015-10-26] (IBM Corp.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek )S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [38456 2009-12-22] (Advanced Micro Devices)S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)U3 idsvc; no ImagePathS3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]U3 wpcsvc; no ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-11-18 20:37 - 2015-11-18 20:38 - 00000000 ____D C:\FRST2015-11-18 20:21 - 2015-11-18 20:21 - 00016148 _____ C:\Windows\system32\MIKE-HP_Mike_HistoryPrediction.bin2015-11-18 20:02 - 2015-11-18 20:02 - 00003184 _____ C:\Windows\System32\Tasks\{BC444172-5895-4D29-9FAE-38C92D256289}2015-11-17 18:30 - 2015-11-17 18:30 - 00016148 _____ C:\Windows\system32\MIKE-HP_Eli_HistoryPrediction.bin2015-11-17 18:20 - 2015-11-17 18:21 - 23493437 _____ C:\Users\Eli\Downloads\fwdboda.zip2015-11-17 17:13 - 2015-11-17 17:13 - 00000000 ____D C:\Users\Eli\AppData\Local\CEF2015-11-17 17:12 - 2015-11-17 17:12 - 02756350 _____ C:\Users\Eli\Downloads\Archivos adjuntos_20151117.zip2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Program Files (x86)\Trusteer2015-11-16 22:24 - 2015-10-26 00:01 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys2015-11-16 22:24 - 2015-10-26 00:01 - 00139896 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys2015-11-16 22:22 - 2015-11-16 22:23 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (3).exe2015-11-16 22:16 - 2015-11-16 22:16 - 00000000 ____D C:\Windows\LastGood.Tmp2015-11-16 22:15 - 2015-11-16 22:15 - 01083880 _____ (Gemalto) C:\Windows\SysWOW64\axaltocm.dll2015-11-16 22:13 - 2015-11-16 22:23 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (1).exe2015-11-16 22:13 - 2015-11-16 22:14 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (2).exe2015-11-15 12:34 - 2015-11-15 12:34 - 00000000 ___HD C:\OneDriveTemp2015-11-15 11:17 - 2015-11-15 11:17 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-11-11 22:53 - 2015-11-15 12:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-11-11 22:53 - 2015-11-11 22:53 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-11-11 22:53 - 2015-11-11 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-11-11 22:52 - 2015-11-11 22:52 - 00000000 ____D C:\ProgramData\Malwarebytes2015-11-11 22:52 - 2015-11-11 22:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-11-11 22:52 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-11-11 22:52 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-11-11 22:52 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2015-11-10 21:14 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2015-11-10 21:14 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-11-10 21:14 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-11-10 21:14 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll2015-11-10 21:14 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-11-10 21:14 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll2015-11-10 21:14 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll2015-11-10 21:14 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll2015-11-10 21:14 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll2015-11-10 21:14 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll2015-11-10 21:14 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll2015-11-10 21:14 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-11-10 21:14 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll2015-11-10 21:14 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll2015-11-10 21:14 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll2015-11-10 21:14 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll2015-11-10 21:13 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-11-10 21:13 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll2015-11-10 21:13 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2015-11-10 21:13 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll2015-11-10 21:13 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll2015-11-10 21:13 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe2015-11-10 21:13 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-11-10 21:13 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2015-11-10 21:13 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2015-11-10 21:13 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll2015-11-10 21:13 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll2015-11-10 21:13 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll2015-11-10 21:13 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe2015-11-10 21:13 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll2015-11-10 21:13 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll2015-11-10 21:13 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll2015-11-10 21:13 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-11-10 21:13 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-11-10 21:13 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll2015-11-10 21:13 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-11-10 21:13 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-11-10 21:13 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2015-11-10 21:13 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys2015-11-10 21:13 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys2015-11-10 21:13 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll2015-11-10 21:13 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll2015-11-10 21:13 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2015-11-10 21:13 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll2015-11-10 21:13 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-11-10 21:13 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-11-10 21:13 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-11-10 21:13 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-11-10 21:13 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll2015-11-10 21:13 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll2015-11-08 11:48 - 2015-11-08 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2015-11-02 22:07 - 2015-11-02 22:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\KompoZer2015-11-02 22:06 - 2015-11-02 22:07 - 00000000 ____D C:\Program Files\KompoZer 0.7.102015-11-02 19:41 - 2015-11-02 19:41 - 00000000 ____D C:\Users\Eli\AppData\Roaming\WinRAR2015-11-02 19:40 - 2015-11-02 19:41 - 34633425 _____ C:\Users\Eli\Downloads\wetransfer-6956a2.zip2015-11-01 13:23 - 2015-11-02 19:46 - 16545096 _____ C:\Users\Eli\Desktop\Matrimonio Frailejones.odt2015-11-01 13:05 - 2015-11-01 13:05 - 00000162 ____H C:\Users\Eli\Desktop\~$mples fonts.odt2015-11-01 13:04 - 2015-11-01 13:05 - 00005122 _____ C:\Users\Eli\Desktop\samples fonts.odt2015-10-28 07:33 - 2015-10-28 07:33 - 00000085 _____ C:\Windows\wininit.ini2015-10-28 06:57 - 2015-10-28 06:57 - 00000000 ____D C:\Users\Eli\AppData\Roaming\AVG2015-10-27 23:10 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe2015-10-27 23:04 - 2015-10-27 23:04 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking2015-10-27 23:03 - 2015-10-28 07:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22015-10-27 09:37 - 2015-11-08 07:22 - 00001011 _____ C:\Users\Public\Desktop\AVG Protection.lnk2015-10-27 09:32 - 2015-10-27 09:34 - 00000000 ____D C:\Users\Mike\AppData\Local\AvgSetupLog2015-10-26 19:36 - 2015-10-26 19:36 - 00504447 _____ C:\Users\Eli\Desktop\http.odt2015-10-26 14:27 - 2015-10-26 14:27 - 00000000 ____D C:\ProgramData\ATI2015-10-22 21:41 - 2015-10-22 21:41 - 00061917 _____ C:\Windows\SysWOW64\CCCInstall_201510222241121730.log2015-10-22 21:41 - 2015-10-22 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center2015-10-22 21:40 - 2015-10-22 21:40 - 00000000 ____D C:\Program Files\ATI Technologies2015-10-22 21:38 - 2015-10-22 21:38 - 00066655 _____ C:\Windows\SysWOW64\CCCInstall_201510222238562063.log2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default\AppData\Local\ATI2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI2015-10-22 21:36 - 2015-10-22 21:36 - 47794160 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 39712768 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 30776304 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 27544560 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 22327280 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 15725552 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 14310896 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll2015-10-22 21:36 - 2015-10-22 21:36 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll2015-10-22 21:36 - 2015-10-22 21:36 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 07482552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll2015-10-22 21:36 - 2015-10-22 21:36 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap2015-10-22 21:36 - 2015-10-22 21:36 - 03437632 _____ C:\Windows\system32\atiumd6a.cap2015-10-22 21:36 - 2015-10-22 21:36 - 01196032 _____ C:\Windows\system32\amdocl_as64.exe2015-10-22 21:36 - 2015-10-22 21:36 - 01070592 _____ C:\Windows\system32\amdocl_ld64.exe2015-10-22 21:36 - 2015-10-22 21:36 - 01004032 _____ C:\Windows\SysWOW64\amdocl_as32.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00833800 _____ C:\Windows\system32\amdicdxx.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00807424 _____ C:\Windows\SysWOW64\amdocl_ld32.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00662392 _____ C:\Windows\SysWOW64\atiapfxx.blb2015-10-22 21:36 - 2015-10-22 21:36 - 00662392 _____ C:\Windows\system32\atiapfxx.blb2015-10-22 21:36 - 2015-10-22 21:36 - 00631280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00471312 _____ C:\Windows\system32\amdmiracast.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00243696 _____ C:\Windows\system32\clinfo.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00213488 _____ C:\Windows\system32\amdgfxinfo64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00199664 _____ (AMD) C:\Windows\system32\atitmm64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00198640 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00177344 _____ C:\Windows\system32\ativce03.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00175648 _____ C:\Windows\system32\amde31a.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00168944 _____ C:\Windows\system32\atieah64.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00152560 _____ C:\Windows\SysWOW64\atieah32.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00143344 _____ C:\Windows\system32\amdhdl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00132080 _____ C:\Windows\SysWOW64\amdhdl32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00111600 _____ C:\Windows\system32\hsa-thunk64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00111088 _____ C:\Windows\SysWOW64\hsa-thunk.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00100816 _____ C:\Windows\system32\ativce02.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00087992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00081168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00073712 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00071152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00068080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00064496 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00060912 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00057840 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00038384 _____ (AMD) C:\Windows\system32\atimuixx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00012784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00012784 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll2015-10-21 16:16 - 2015-10-21 16:16 - 00284080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys2015-10-21 16:15 - 2015-10-21 16:15 - 00255408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-11-18 20:39 - 2011-08-22 21:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-11-18 20:36 - 2011-08-23 20:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype2015-11-18 20:29 - 2015-06-19 23:11 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001UA.job2015-11-18 20:29 - 2015-06-19 23:11 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001Core.job2015-11-18 20:26 - 2015-09-20 17:27 - 01009666 _____ C:\Windows\system32\PerfStringBackup.INI2015-11-18 20:23 - 2015-09-20 17:28 - 00000000 ____D C:\Users\Eli2015-11-18 20:22 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\AppReadiness2015-11-18 20:22 - 2012-07-07 12:24 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox2015-11-18 20:21 - 2015-09-20 18:47 - 00000000 ___RD C:\Users\Mike\OneDrive2015-11-18 20:21 - 2012-05-31 21:21 - 00000000 ___RD C:\Users\Mike\Google Drive2015-11-18 20:21 - 2011-08-22 21:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-11-18 20:21 - 2011-04-20 02:53 - 00000275 _____ C:\Windows\WindowsUpdate.log2015-11-18 20:20 - 2015-09-22 21:57 - 00144840 ____N C:\Windows\Minidump\111815-18906-01.dmp2015-11-18 20:20 - 2015-09-21 21:01 - 00000000 ____D C:\Windows\Minidump2015-11-18 20:20 - 2015-09-10 05:32 - 00055788 _____ C:\Windows\PFRO.log2015-11-18 20:20 - 2015-07-30 21:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-11-18 20:20 - 2014-11-10 21:07 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMike.job2015-11-18 20:06 - 2015-09-22 21:50 - 00004148 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F0ED98D-7354-4A01-B294-54AB7450A24E}2015-11-18 20:06 - 2015-04-01 21:26 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4026B517-26E7-4767-8E9D-E443C9569FB9}2015-11-18 20:03 - 2011-08-22 17:26 - 00000000 ____D C:\ProgramData\MFAData2015-11-18 20:01 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\sru2015-11-17 17:44 - 2011-08-24 06:50 - 00000000 ____D C:\Users\Eli\AppData\Roaming\Adobe2015-11-17 17:13 - 2011-08-24 06:50 - 00000000 ____D C:\Users\Eli\AppData\Local\Adobe2015-11-16 23:11 - 2014-11-10 21:07 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMike2015-11-16 23:11 - 2011-08-22 16:03 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log2015-11-16 22:15 - 2015-04-07 07:15 - 01432040 _____ (Gemalto) C:\Windows\system32\axaltocm.dll2015-11-15 15:59 - 2011-08-22 20:55 - 00000000 ____D C:\Users\Mike\AppData\Local\AMD2015-11-15 12:33 - 2015-09-22 21:57 - 00154760 ____N C:\Windows\Minidump\111515-11875-01.dmp2015-11-15 12:31 - 2015-09-20 17:28 - 00000000 ____D C:\Users\Mike2015-11-15 12:30 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\Speech2015-11-15 12:30 - 2015-07-10 09:05 - 00786432 ___SH C:\Windows\system32\config\BBI2015-11-15 12:11 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\rescache2015-11-11 22:09 - 2015-09-17 23:29 - 00000000 ____D C:\Program Files (x86)\Belarc2015-11-11 22:06 - 2011-12-01 23:21 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SoundSpectrum2015-11-11 22:06 - 2011-12-01 23:20 - 00000000 ____D C:\Program Files (x86)\SoundSpectrum2015-11-11 22:06 - 2011-08-23 20:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE2015-11-11 21:19 - 2015-06-28 10:18 - 00000000 ____D C:\Program Files\Common Files\AV2015-11-11 20:50 - 2015-07-10 09:05 - 00032768 ___SH C:\Windows\system32\config\ELAM2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\SysWOW64\en-GB2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\en-GB2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\appraiser2015-11-10 22:44 - 2011-08-23 20:37 - 00000000 ____D C:\ProgramData\Microsoft Help2015-11-10 22:42 - 2015-07-30 22:25 - 00000000 ____D C:\Windows\CbsTemp2015-11-10 22:28 - 2013-08-19 17:16 - 00000000 ____D C:\Windows\system32\MRT2015-11-10 22:19 - 2011-08-22 18:48 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-11-10 20:40 - 2015-10-17 17:18 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-11-08 12:05 - 2011-04-20 03:01 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard2015-11-08 12:05 - 2011-04-20 02:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard2015-11-08 12:04 - 2015-09-20 21:18 - 00000000 ____D C:\Users\Mike\AppData\Local\Comms2015-11-08 12:03 - 2015-09-20 18:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Packages2015-11-08 11:50 - 2011-08-23 20:47 - 00000000 ____D C:\ProgramData\Skype2015-11-08 11:48 - 2015-10-18 18:35 - 00001981 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2015-11-08 11:48 - 2015-10-18 18:35 - 00000000 ____D C:\Program Files\McAfee Security Scan2015-11-08 11:25 - 2011-09-12 09:18 - 00005912 _____ C:\Windows\mozy.blk2015-11-08 11:25 - 2011-09-12 09:18 - 00000178 _____ C:\Windows\mozy.flt2015-11-08 07:22 - 2015-08-16 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2015-11-08 07:21 - 2015-08-16 11:59 - 00000000 ___HD C:\$AVG2015-11-08 07:20 - 2015-05-25 09:32 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2015-11-08 07:20 - 2015-05-25 09:32 - 00000000 ____D C:\Users\Eli\AppData\Local\Avg2015-11-04 20:54 - 2015-09-20 20:41 - 00002369 _____ C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-11-04 20:54 - 2015-09-20 20:41 - 00000000 ___RD C:\Users\Eli\OneDrive2015-11-03 18:20 - 2015-07-30 22:43 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-11-03 18:20 - 2015-07-30 22:43 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-11-02 19:59 - 2015-09-20 18:47 - 00002372 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-10-31 16:59 - 2011-10-23 18:45 - 00000000 ____D C:\Users\Eli\AppData\Local\Hewlett-Packard2015-10-31 16:58 - 2015-08-18 21:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2015-10-31 16:56 - 2015-08-18 21:38 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task2015-10-28 07:33 - 2012-05-20 21:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2015-10-28 07:01 - 2015-08-19 21:54 - 15736252 _____ C:\Users\Eli\Desktop\39 Dale Road.pptx2015-10-27 09:40 - 2015-08-16 11:57 - 00000000 ____D C:\Program Files (x86)\AVG2015-10-27 09:40 - 2014-10-19 12:51 - 00000000 ____D C:\ProgramData\AVG20152015-10-27 09:39 - 2015-08-30 12:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\AVG2015-10-27 09:37 - 2015-07-30 22:42 - 00000000 ___HD C:\Windows\ELAMBKUP2015-10-27 09:36 - 2015-08-30 12:26 - 00000000 ____D C:\ProgramData\AVG2015-10-22 21:40 - 2015-09-20 17:26 - 00000000 ____D C:\ProgramData\AMD2015-10-22 21:40 - 2015-09-20 17:25 - 00000000 ____D C:\Program Files (x86)\ATI Technologies2015-10-22 21:37 - 2015-09-20 17:25 - 00000000 ____D C:\AMD2015-10-22 21:36 - 2015-08-20 20:51 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 10211008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll2015-10-22 21:36 - 2015-08-20 20:51 - 08982440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll2015-10-22 21:36 - 2015-08-20 20:51 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 01223552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll2015-10-22 21:36 - 2015-08-20 20:51 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll2015-10-22 21:36 - 2015-08-20 20:51 - 00130072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll2015-10-22 21:36 - 2015-08-20 20:46 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys2015-10-22 21:36 - 2015-08-20 20:46 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll2015-10-22 21:36 - 2015-08-20 20:46 - 00874480 _____ (AMD) C:\Windows\system32\coinst_15.20.dll2015-10-22 21:36 - 2015-08-20 20:46 - 00683504 _____ (AMD) C:\Windows\system32\atieclxx.exe2015-10-22 21:36 - 2015-08-20 20:46 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys2015-10-22 21:36 - 2015-08-20 20:46 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll2015-10-22 21:36 - 2015-08-20 20:46 - 00255472 _____ (AMD) C:\Windows\system32\atiesrxx.exe2015-10-19 23:40 - 2012-05-31 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-10-19 19:07 - 2011-11-17 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 32015-10-19 19:06 - 2011-11-17 20:25 - 00001181 _____ C:\Users\Public\Desktop\Picasa 3.lnk2015-10-19 08:03 - 2015-09-11 15:59 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys==================== Files in the root of some directories =======2015-02-06 10:56 - 2015-02-06 10:56 - 0000093 _____ () C:\Users\Mike\AppData\Roaming\ARCompanion.log2015-10-11 15:07 - 2015-10-11 15:07 - 0037837 _____ () C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).ADR2011-09-12 09:20 - 2011-09-12 09:20 - 0001854 _____ () C:\Users\Mike\AppData\Roaming\GhostObjGAFix.xml2011-08-24 22:14 - 2015-02-10 20:28 - 0005159 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.Exception.log2011-08-22 16:32 - 2015-08-08 13:41 - 0002021 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.HttpServerSetup.log2011-08-24 22:14 - 2015-02-10 20:28 - 0005159 _____ () C:\Users\Mike\AppData\Roaming\Rim.DesktopHelper.Exception.log2011-08-24 22:15 - 2014-11-28 14:48 - 0059904 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-12-30 19:25 - 2015-08-04 19:27 - 0000600 _____ () C:\Users\Mike\AppData\Local\PUTTY.RND2013-01-29 14:38 - 2013-01-29 14:38 - 0000008 ___SH () C:\Users\Mike\AppData\Local\systemCurUses2013-01-29 14:38 - 2013-01-29 14:38 - 0000006 ___SH () C:\Users\Mike\AppData\Local\systemHdIDSome files in TEMP:====================C:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exeC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exeC:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1mtwow.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-11-10 20:30==================== End of FRST.txt ============================
  4. This happened last night around 5am 10/1/15 . Sadly to say I believe it was from the website xhamster.com. I tried dl FUBAR but it said it was not compatible with my operating system. I also used malware bites virus removal and this did not clear the virus. Any suggestions would be much appreciated.
  5. running windows 8.1 Pro on HP pavilion G7 laptop I am a premium Malwarebytes user. Chrome is infected and malicious tabs just keep launching on their own. Using AVG free antivirus and Windows firewall. I do not partake in ANY adult content whatsoever. requested log files below. my Malwarebytes Data base is currently V2014.12.02.02. The error i am getting on Malwarebytes is "unable to access update server" and I can't turn on "Malicious Website Protection" I ran Chameleon, but it didn't locate anything. I tried to run as an administrator but that didn't work either. The attachments are first.txt Addition .txt . the forum wouldn't let me upload screenshots. Addition.txt FRST.txt
  6. Hi , yesterday i was browsing through the internet when suddenly i noticed my mouse stopped working , afterwards i check my device manager , everything was still installed , but i wanted to be sure , so i checked my antivirus ( avast ) , but it was unninstalled .. also my windows firewall is disabled , my restore point ( i dont know if its said like that ) isnt a executable file .. so i tried to install avast , and it gave me an error ( picture below ) . Then i installed a program called trojan remover and it showed me that i had a trojan called nqij.exe , and everytime i tried to remove it my computer restarts .. ( picture below as well ) Hope you can help me and if you need anything else to do so , just say it ! Thank you , Pedro Agrela .
  7. Hey! I need urgent help! I have three of these on my computer. and they are hindering me from getting rid of the other two I have. My virus removal programs will not take care of this so I'm being forced to do it manually. when I go into task manager im not sure which .exe files processes to end. HELP ME!!!!!!!
  8. I hope this is correct. I'm infected. Do not put your email addy in your post(s) attach.txt dds.txt
  9. Today, I kept receiving pop-ups from my antivirus (avast!) displaying the cautious warning that a malicious program, not to mention, a trojan horse, had been blocked. I received this numerous times, and decided to take action. I did a full scan with Malwarebytes and it found one threat. It was coming from the same file avast! was showing. I then ran a full scan with avast! (which takes forever, not to mention, you also have to do a reboot scan which takes just as long), and it picked up two or three infected files. I removed the files with both programs, but I still receive the same messages every few minutes warning me of the malicious items. I can't seem to figure out the problem, and it's really frustrating. I will attach the log from Malwarebytes and an image of what comes up every few minutes. Please, for the love of God, somebody help me! I apologize for the crappy image, I had to Print Screen, and cut out all but the displayed message. protection-log-2012-07-19.txt Help would be much appreciated. Thank you.
  10. Ok so my friend has been infected with a virus that I cannot remove and from what I know, keeps duplicating itself. There is also a file that cannot be removed and says it is innaccessable, I am using teamviewer on his computer to try and help him but I cannot solve it. I also do not want to risk getting anything so I have pasted the notepads that the DDS has come up with. I am really confused at the moment, please help me fix this problem! First Notepad - DDS, as instructed I have only put this one on. If needed I will post the second one. Thank you for helping me! . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31 Run by Ariya at 16:00:14 on 2012-05-06 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2047.449 [GMT 1:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\TEMP\cqsaht\setup.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Windows\system32\taskeng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\TeamViewer\Version7\TeamViewer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\TeamViewer\Version7\tv_w32.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe c:\program files\teamviewer\version7\TeamViewer_Desktop.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\AVG\AVG2012\avgui.exe C:\Program Files\AVG\AVG2012\avgscanx.exe C:\Windows\system32\conhost.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conhost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\conhost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://uk.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110938,16939,0,8,0 mStart Page = hxxp://www.bigseekpro.com/hypercam/{DFA73CFD-DF38-4CD5-899E-CA10D0AAA329} uInternet Settings,ProxyOverride = *.local uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\hyperionics db toolbar\tbhelper.dll uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hyperionics db toolbar\tbcore3.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hyperionics db toolbar\tbcore3.dll TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Facebook Update] "c:\users\ariya\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [steam] "c:\program files\steam\Steam.exe" -silent mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{802EF500-5784-4DA0-9324-96140E0408C9} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: ecojink - c:\windows\system32\config\systemprofile\appdata\local\ecojink.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ariya\appdata\roaming\mozilla\firefox\profiles\lb07dvv8.default\ FF - prefs.js: browser.startup.homepage - hxxp://uk.foxstart.com/?rls=en:uk:zb FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3d17da72-03e7-4e12-a292-f031bbc784e8%7D&mid=713d8f2f898547d0b036bd2b2ba6d2e1-24bd564ae48e0af08340caeed311517bc1dfc63f&ds=AVG&v=11.0.0.9〈=en&pr=fr&d=2012-05-06%2014%3A27%3A50&sap=ku&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\ariya\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll . ---- FIREFOX POLICIES ---- . . FF - user.js: extentions.y2layers.installId - 9d506fab-4967-46ed-867b-83020c78f632 FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal, . ============= SERVICES / DRIVERS =============== . R?2 AMService;AMService;c:\windows\temp\cqsaht\setup.exe run --> c:\windows\temp\cqsaht\setup.exe run [?] R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-26 176128] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-6 654408] R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-6 2666880] R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-6 932736] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-26 6380032] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-26 221696] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-8-15 101904] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-6 22344] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-15 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-8-18 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-15 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-6 129976] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-05-06 14:35:19 -------- d-----w- c:\users\ariya\appdata\local\{AE2CC03D-4AC1-43CF-9561-E8A6F5DE3E0B} 2012-05-06 14:34:58 -------- d-----w- c:\users\ariya\appdata\local\{F49C6BE8-D3E7-4677-A27C-0279D2E3C45E} 2012-05-06 13:29:13 -------- d-----w- c:\users\ariya\appdata\roaming\AVG2012 2012-05-06 13:28:27 -------- d-----w- c:\users\ariya\appdata\local\AVG Secure Search 2012-05-06 13:27:49 -------- d-----w- c:\programdata\AVG Secure Search 2012-05-06 13:27:43 -------- d-----w- c:\program files\common files\AVG Secure Search 2012-05-06 13:27:42 -------- d-----w- c:\program files\AVG Secure Search 2012-05-06 13:26:49 -------- d--h--w- c:\programdata\Common Files 2012-05-06 13:24:01 -------- d--h--w- C:\$AVG 2012-05-06 13:23:59 -------- d-----w- c:\windows\system32\drivers\AVG 2012-05-06 13:23:59 -------- d-----w- c:\programdata\AVG2012 2012-05-06 13:22:54 -------- d-----w- c:\program files\AVG 2012-05-06 13:19:24 -------- d-----w- c:\programdata\MFAData 2012-05-06 13:13:21 -------- d-----w- c:\program files\CCleaner 2012-05-06 13:09:34 -------- d-----w- c:\users\ariya\appdata\roaming\Malwarebytes 2012-05-06 13:09:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-06 13:09:24 -------- d-----w- c:\programdata\Malwarebytes 2012-05-06 13:09:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-06 10:37:31 -------- d-----w- c:\program files\TeamViewer 2012-05-06 08:30:00 -------- d-----w- c:\users\ariya\appdata\local\{013C2E10-695B-4A43-9878-80109372A96E} 2012-05-06 08:29:46 -------- d-----w- c:\users\ariya\appdata\local\{D9651F86-7A68-4D29-AD86-EDA0C3DB8CAC} 2012-05-05 23:28:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-05-05 23:28:26 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 21:58:05 -------- d-----w- c:\users\ariya\appdata\local\{F1208264-1248-4679-9FA9-AE063CE3F95A} 2012-05-05 21:57:53 -------- d-----w- c:\users\ariya\appdata\local\{A3F1BC28-D34E-4003-B376-C2F57D57662E} 2012-05-05 10:07:57 -------- d-----w- c:\users\ariya\appdata\local\{E850923D-B67C-4B02-8388-67009D2C68B8} 2012-05-05 10:07:41 -------- d-----w- c:\users\ariya\appdata\local\{AF521640-C121-44DE-BFBA-AE8D9DED5D5C} 2012-05-04 15:49:17 -------- d-----w- c:\users\ariya\appdata\local\{0CF04481-1AC8-418C-9C4B-244B8349B598} 2012-05-04 15:49:00 -------- d-----w- c:\users\ariya\appdata\local\{A793C59B-E656-4B86-9975-0DD84C98DCE1} 2012-05-03 15:33:33 -------- d-----w- c:\users\ariya\appdata\local\{CB756D30-D079-4AE1-AA69-E1512AC36B0D} 2012-05-03 15:33:20 -------- d-----w- c:\users\ariya\appdata\local\{2D28E324-9CAF-41EB-8E5E-3DBB0CABDFED} 2012-05-02 18:47:17 -------- d-----w- c:\users\ariya\appdata\local\{5619EDD7-562E-47DD-9250-63B6A93A6CA4} 2012-05-02 18:47:06 -------- d-----w- c:\users\ariya\appdata\local\{D769BD59-BF8F-4610-A1D0-919A8FDA830C} 2012-05-01 16:24:49 -------- d-----w- c:\users\ariya\appdata\roaming\LolClient 2012-05-01 15:13:05 -------- d-----w- c:\users\ariya\appdata\local\{14AECAC7-4434-4D64-A6C4-8211D14D260F} 2012-05-01 15:12:51 -------- d-----w- c:\users\ariya\appdata\local\{4A98DA7F-3669-4148-81F1-41C1FE7B5072} 2012-04-30 21:53:24 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2012-04-30 21:53:24 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2012-04-30 21:53:24 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2012-04-30 21:53:24 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2012-04-30 21:53:24 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2012-04-30 21:50:19 -------- d-----w- C:\Riot Games 2012-04-30 21:05:30 -------- d-----w- c:\users\ariya\appdata\local\PMB Files 2012-04-30 21:05:29 -------- d-----w- c:\programdata\PMB Files 2012-04-30 21:05:17 -------- d-----w- c:\program files\Pando Networks 2012-04-30 20:49:57 -------- d-----w- c:\users\ariya\appdata\local\{1DCB7A99-5FC7-46CA-9417-1AECA9F2C602} 2012-04-30 20:49:39 -------- d-----w- c:\users\ariya\appdata\local\{DA64DFE1-5F32-4C3C-9285-E33E89F6845F} 2012-04-29 10:19:46 -------- d-----w- c:\users\ariya\appdata\local\{78579D77-DA73-4369-81E9-8F037AC619B3} 2012-04-29 10:19:32 -------- d-----w- c:\users\ariya\appdata\local\{BAD46870-F7EE-4550-917A-3AE412514140} 2012-04-28 17:07:40 -------- d-----w- c:\users\ariya\appdata\local\{66A26ADC-A33F-4328-9247-6EFF46CFD3D5} 2012-04-28 17:07:17 -------- d-----w- c:\users\ariya\appdata\local\{2F32907E-C7A8-472E-BB3B-5FD09FAF499E} 2012-04-27 19:20:52 -------- d-----w- c:\users\ariya\appdata\local\{E4DC4BC2-EEF3-4725-9660-29C5D6F650C5} 2012-04-27 19:20:39 -------- d-----w- c:\users\ariya\appdata\local\{E70989F3-D23A-4411-8BC2-185046B953E3} 2012-04-26 17:59:19 -------- d-----w- c:\users\ariya\appdata\local\{66551C86-D07B-4372-B619-8FD6CDF5B433} 2012-04-26 17:59:06 -------- d-----w- c:\users\ariya\appdata\local\{DA3C227C-ED97-457E-9BDB-638FBF0A923A} 2012-04-25 16:16:18 -------- d-----w- c:\users\ariya\appdata\local\{2C40B425-2E08-4C58-81CB-D6372E8F2D31} 2012-04-25 16:16:01 -------- d-----w- c:\users\ariya\appdata\local\{5193273A-E37F-4CEB-90AB-D149A6D49576} 2012-04-24 19:58:50 -------- d-----w- c:\users\ariya\appdata\local\{678866A6-C6B8-44EF-BF9F-98F0F39A7A7A} 2012-04-24 19:58:35 -------- d-----w- c:\users\ariya\appdata\local\{65C30C1C-72B7-4CB4-9F32-6A181F915FB3} 2012-04-23 14:51:37 -------- d-----w- c:\users\ariya\appdata\local\{D3EA5405-C14D-48D5-993D-77B31E3E2503} 2012-04-23 14:51:24 -------- d-----w- c:\users\ariya\appdata\local\{A904C416-6BB1-45FE-AE54-58DF7C029F64} 2012-04-22 15:35:55 -------- d-----w- c:\users\ariya\appdata\local\{5E06A41B-57E1-4CA1-86B1-D8B04401860D} 2012-04-22 15:35:37 -------- d-----w- c:\users\ariya\appdata\local\{0EF008EA-92FC-4D78-9F64-83556CDAB6D4} 2012-04-21 10:06:09 -------- d-----w- c:\users\ariya\appdata\local\{9A1737FD-007A-49E7-A9B5-F268F3D295D3} 2012-04-21 10:05:56 -------- d-----w- c:\users\ariya\appdata\local\{A663394F-5F1F-4738-AD60-74C25DC587D4} 2012-04-20 20:07:05 -------- d-----w- c:\users\ariya\appdata\local\{569AD7BE-6DAB-47B3-B129-1D977BBB7E53} 2012-04-20 20:06:51 -------- d-----w- c:\users\ariya\appdata\local\{C08B9172-4AB6-4A95-A621-D03E7502090F} 2012-04-20 19:34:26 -------- d-----w- c:\users\ariya\appdata\local\{A74DC77F-54BC-438F-BE7D-93D5B3900F3F} 2012-04-20 19:34:14 -------- d-----w- c:\users\ariya\appdata\local\{C28B479A-8396-4916-B8B4-F9ADA39E395A} 2012-04-19 15:34:09 -------- d-----w- c:\users\ariya\appdata\local\{D0308067-965B-46F4-BA0D-CC1A3DA40FB8} 2012-04-19 15:33:50 -------- d-----w- c:\users\ariya\appdata\local\{C5A7D9E8-981D-487F-9250-D94B7D1502C4} 2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-18 17:58:47 -------- d-----w- c:\users\ariya\appdata\local\{A0ABF289-76DB-4E0B-A2A6-19F9417970CE} 2012-04-18 17:58:29 -------- d-----w- c:\users\ariya\appdata\local\{1B63D34E-4219-4BFB-BB44-0DA3E7E933AA} 2012-04-17 14:43:01 -------- d-----w- c:\users\ariya\appdata\local\{456F586D-91C4-4C1A-806B-3A7A3A500731} 2012-04-17 14:42:49 -------- d-----w- c:\users\ariya\appdata\local\{CAF030CE-56AA-4328-95CE-D52C9C6DAB84} 2012-04-16 19:45:52 -------- d-----w- c:\users\ariya\appdata\local\{88A16200-463C-491B-9555-258031D6D8BA} 2012-04-16 19:45:40 -------- d-----w- c:\users\ariya\appdata\local\{F20AF46B-BE86-4117-BD26-19746177E777} 2012-04-15 12:57:46 -------- d-----w- c:\users\ariya\appdata\local\{1E46989A-C42B-4F77-B3CE-79DEF9938711} 2012-04-15 12:57:34 -------- d-----w- c:\users\ariya\appdata\local\{AA34E097-F0B4-4284-BB29-476105E75659} 2012-04-14 22:23:16 -------- d-----w- c:\users\ariya\appdata\local\{EDCE1BC3-4CC5-4604-AA9C-0FD78BE9FAF3} 2012-04-14 22:23:03 -------- d-----w- c:\users\ariya\appdata\local\{2F91A007-1FDD-4AF1-8A8D-A6F6192F9090} 2012-04-14 15:06:33 -------- d-----w- c:\users\ariya\appdata\local\{FCB99D93-4400-477C-8388-3B1A9D7FF99B} 2012-04-14 15:06:17 -------- d-----w- c:\users\ariya\appdata\local\{870CB96D-E90D-4191-A60A-371F8148F302} 2012-04-14 13:32:27 -------- d-----w- c:\users\ariya\PwnXileHD 2012-04-14 13:13:03 -------- d-----w- c:\users\ariya\appdata\local\{F4EEC25A-F677-48EB-B626-41B3AA7F6DCD} 2012-04-14 13:12:47 -------- d-----w- c:\users\ariya\appdata\local\{8521045B-891C-4411-9181-586A8A98BE86} 2012-04-14 02:24:52 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} 2012-04-14 02:24:01 -------- d-----w- c:\windows\system32\appmgmt 2012-04-13 14:35:32 -------- d-----w- c:\users\ariya\appdata\local\{32DF2CE5-6084-4E98-99DE-053B980DEE38} 2012-04-13 14:35:18 -------- d-----w- c:\users\ariya\appdata\local\{E63597E5-3223-40B0-8813-45D87F152900} 2012-04-13 02:08:01 -------- d-----w- c:\users\ariya\appdata\local\{AD2E601A-39F3-41D4-95C2-961D92638936} 2012-04-13 02:07:25 -------- d-----w- c:\users\ariya\appdata\local\{16EE44AB-CDEB-4992-9C0E-6603B772CEC8} 2012-04-12 15:32:25 -------- d-----w- c:\users\ariya\appdata\local\{C1621D9B-8779-42A5-84D0-DCD73B5ECCA5} 2012-04-12 15:32:12 -------- d-----w- c:\users\ariya\appdata\local\{0BE73C1A-9967-4194-8749-C40D4A065E2C} 2012-04-11 16:19:32 -------- d-----w- c:\users\ariya\appdata\local\{B66D043C-424B-4944-A4C3-E53E04089935} 2012-04-11 16:19:21 -------- d-----w- c:\users\ariya\appdata\local\{F1ADB503-FE11-4800-85DC-D3E4A6A7567A} 2012-04-11 16:16:40 -------- d-----w- c:\users\ariya\appdata\local\{6BCD0C81-3CA1-42BD-A604-FE61ECCC1847} 2012-04-11 11:27:28 -------- d-----w- c:\users\ariya\appdata\local\{2E718E14-E385-4A4F-8891-C70E7B1C0F1A} 2012-04-11 11:27:16 -------- d-----w- c:\users\ariya\appdata\local\{E1C97042-D154-4714-BC12-1DCFF9175426} 2012-04-10 15:53:31 -------- d-----w- c:\users\ariya\appdata\local\{CF92AE4A-3664-4175-962E-B6851DAA943C} 2012-04-10 15:53:19 -------- d-----w- c:\users\ariya\appdata\local\{50C6711D-C833-4BC8-BFD3-F08F78D68399} 2012-04-10 15:51:35 -------- d-----w- c:\users\ariya\appdata\local\{18A88A12-3B04-4F07-BF0B-9DAE566468FB} 2012-04-10 15:51:23 -------- d-----w- c:\users\ariya\appdata\local\{F246B0BA-AE09-4B07-80F5-EFC52EAAB154} 2012-04-10 13:35:52 -------- d-----w- c:\users\ariya\appdata\local\{D9E9A2B9-C4A1-43CF-B3D3-3D732BFA9BBF} 2012-04-10 13:35:40 -------- d-----w- c:\users\ariya\appdata\local\{48B7DA48-C77E-4CFB-8900-D48338FBC17C} 2012-04-09 20:15:19 -------- d-----w- c:\users\ariya\appdata\local\{29EB0134-A781-4393-BF78-EBA9EFB03931} 2012-04-09 20:15:07 -------- d-----w- c:\users\ariya\appdata\local\{B40E6705-2ECA-4269-9719-F92F8FB55F0C} 2012-04-09 19:28:28 -------- d-----w- c:\users\ariya\appdata\local\{C68D5361-B5E5-4C81-9B69-C5057C97818F} 2012-04-09 19:28:14 -------- d-----w- c:\users\ariya\appdata\local\{84C66F07-8E17-48D8-9414-8AF4D571D93A} 2012-04-08 10:59:53 -------- d-----w- c:\users\ariya\appdata\local\{C33C9AD7-1DCD-44FA-9883-439C8141D83D} 2012-04-08 10:59:39 -------- d-----w- c:\users\ariya\appdata\local\{0E7AA9AB-9F0A-4597-8658-52D6491C8987} 2012-04-07 11:08:12 -------- d-----w- c:\users\ariya\appdata\local\{1F1EE7E5-3E28-4C0F-9B12-9C9D2867AE29} 2012-04-07 11:07:51 -------- d-----w- c:\users\ariya\appdata\local\{24E75807-D61A-4103-943A-A4739A687A9C} . ==================== Find3M ==================== . 2012-05-05 23:28:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-02 19:35:30 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-02-22 04:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys . ============= FINISH: 16:01:10.74 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.