Jump to content

cant get rid of an extension on chrome called SaveNeeWWaApipz


Recommended Posts

First time posting here so let me know if im in the wrong place or whether i've done something incorrect.

 

anyway hopefully this isn't too long but basically i don't know if anyone has heard of the DERP trolling incident where they took down multiple games within the last few weeks but during the whole incident i clicked on their twitter and when i did this my chrome instantly shut down without warning or anything happening, loaded it up and everything was back to normal. well a few days ago i noticed i got allot of random ads popping up on my browsers which i never had happen before as i have pop ups disabled and also adblock on chrome. Wondering why this was happening i went to check my unisntall a programs file and found there was a file that i never downloaded called "SaveNeeWWaApipz". anyway i uninstalled it thinking this would solve the issue but when it kept occurring i checked my chrome extensions and it was there under the same name, so summed up every time i delete it and check the extensions its back and im still getting ads. only occurred since that incident with DERP trolling twitter shutting down my browser not sure if its just a coincidence or whether they gave me a virus, have no idea how to get rid of it but its fairly annoying now. thanks to anyone who can give any assistance.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

"It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply"

 

Hi there i've done as you said but the document is pretty huge let me know if its too big and will delete it and also thanks for such a fast response!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014
Ran by user (administrator) on USER-HP on 10-01-2014 21:05:00
Running from C:\Users\user\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\user\AppData\Roaming\HoolappForAndroid\Hoolapp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Stronghold Online Backup) C:\Users\user\AppData\Local\Strongvault Online Backup\SMessaging.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() Q:\140061.enu\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-10-05] (IDT, Inc.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [sMessaging] - C:\Users\user\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [608104 2013-04-22] (Razer USA Ltd)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKCU\...\Run: [spotify] - C:\Users\user\AppData\Roaming\Spotify\spotify.exe [4477336 2013-03-08] (Spotify Ltd)
HKCU\...\Run: [spotify Web Helper] - C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1103768 2013-03-08] (Spotify Ltd)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex [233936 2011-01-11] (Adobe Systems, Inc.)
AppInit_DLLs: C:\ProgramData\Intelewin filter\Intelewinfilter_x64.dll [4494336 2013-12-28] ()
AppInit_DLLs-x32: c:\progra~3\intele~1\intele~1.dll [4227072 2013-12-28] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=19.9.1.14
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=320&r=2013/02/12&hid=4122169231&lg=EN&cc=GB
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=320&r=2013/02/12&hid=4122169231&lg=EN&cc=GB
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {FF917D53-CE3F-4273-B3FD-D2632A4E7465} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^GB&apn_uid=7AEBD24E-D0CE-4422-AFA4-B3F03705B057&apn_sauid=784248FC-9E22-4B2F-BFBC-7A65AD678E35
BHO: SaveNeeWWaApipz - {E43EA2CE-6255-9EE8-2955-A438824A6279} - C:\ProgramData\SaveNeeWWaApipz\gkh7le79Pj.x64.dll ()
BHO: DealExpresss - {F168BA07-905D-7FAC-DEE7-0DD0D0BFEA28} - C:\ProgramData\DealExpresss\Uf1cXh.x64.dll ()
BHO-x32: SaveNeeWWaApipz - {E43EA2CE-6255-9EE8-2955-A438824A6279} - C:\ProgramData\SaveNeeWWaApipz\gkh7le79Pj.dll ()
BHO-x32: DealExpresss - {F168BA07-905D-7FAC-DEE7-0DD0D0BFEA28} - C:\ProgramData\DealExpresss\Uf1cXh.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-01-11] (EasyBits Software Corp.)
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-10] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 ef65f95a; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
R2 ef65f95a; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-30] ()
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-10 21:05 - 2014-01-10 21:06 - 00017978 _____ C:\Users\user\Downloads\FRST.txt
2014-01-10 21:04 - 2014-01-10 21:04 - 01932166 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-01-10 21:04 - 2014-01-10 21:04 - 00000000 ____D C:\FRST
2014-01-10 21:03 - 2014-01-10 21:03 - 01066141 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2014-01-08 02:04 - 2014-01-08 02:04 - 00000379 _____ C:\Users\user\Documents\sick sleave.txt
2014-01-07 01:29 - 2014-01-07 01:29 - 00061856 _____ C:\Users\user\Downloads\John presentation of acts.pptx
2014-01-06 23:37 - 2014-01-06 23:37 - 00047766 _____ C:\Users\user\Downloads\John presentation of discrimination.pptx
2014-01-06 23:28 - 2014-01-06 23:28 - 00079122 _____ C:\Users\user\Downloads\Assignment 2 (1).pptx
2014-01-03 04:28 - 2014-01-03 04:28 - 00000011 _____ C:\Users\user\Documents\topboy in twitch.txt
2013-12-30 23:48 - 2014-01-10 01:58 - 00000000 ____D C:\ProgramData\SaveNeeWWaApipz
2013-12-30 23:48 - 2014-01-10 01:58 - 00000000 ____D C:\ProgramData\DealExpresss
2013-12-30 23:48 - 2013-12-30 23:48 - 00000000 ____D C:\ProgramData\cookdfphmjgdagkefmkinmoliciniiel
2013-12-30 23:48 - 2013-12-30 23:48 - 00000000 ____D C:\ProgramData\409e80dbd1a4a118
2013-12-28 00:21 - 2013-12-28 00:21 - 00000000 ____D C:\ProgramData\Intelewin filter
2013-12-23 18:56 - 2013-12-23 18:56 - 01455528 _____ C:\Users\user\Downloads\SystemCheck_enUS.exe
2013-12-18 21:53 - 2013-12-18 21:53 - 00047766 _____ C:\Users\user\Documents\John presentation of discrimination.pptx
2013-12-18 21:06 - 2013-12-18 21:06 - 00064602 _____ C:\Users\user\Downloads\Assignment 2.pptx
2013-12-16 03:01 - 2013-11-26 11:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-16 03:01 - 2013-11-26 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-16 03:01 - 2013-11-26 10:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-16 03:01 - 2013-11-26 09:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-16 03:01 - 2013-11-26 09:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-16 03:01 - 2013-11-26 09:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-16 03:01 - 2013-11-26 09:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-16 03:01 - 2013-11-26 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-16 03:01 - 2013-11-26 09:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-16 03:01 - 2013-11-26 09:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-16 03:01 - 2013-11-26 09:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-16 03:01 - 2013-11-26 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-16 03:01 - 2013-11-26 08:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-16 03:01 - 2013-11-26 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-16 03:01 - 2013-11-26 08:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-16 03:01 - 2013-11-26 08:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-16 03:01 - 2013-11-26 06:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-16 03:01 - 2013-11-26 06:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-16 03:00 - 2013-11-26 10:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-16 03:00 - 2013-11-26 09:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-16 03:00 - 2013-11-26 08:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-16 03:00 - 2013-11-26 08:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-16 03:00 - 2013-11-26 08:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-16 03:00 - 2013-11-26 08:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-16 03:00 - 2013-11-26 07:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-16 03:00 - 2013-11-26 07:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-16 03:00 - 2013-11-26 07:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-16 03:00 - 2013-11-26 07:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-16 03:00 - 2013-11-26 06:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-16 03:00 - 2013-11-26 06:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-16 03:00 - 2013-11-26 06:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-15 03:11 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-15 03:07 - 2013-12-15 03:07 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-15 03:07 - 2013-12-15 03:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-15 03:07 - 2013-12-15 03:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-15 03:07 - 2013-12-15 03:07 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-15 03:07 - 2013-12-15 03:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-15 03:07 - 2013-12-15 03:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-15 03:07 - 2013-12-15 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-14 20:44 - 2013-12-14 20:44 - 01909045 _____ C:\Users\user\Downloads\dickhead meme.htm
2013-12-14 20:44 - 2013-12-14 20:44 - 00000000 ____D C:\Users\user\Downloads\dickhead meme_files
2013-12-14 03:00 - 2013-12-15 03:12 - 00012640 _____ C:\Windows\IE11_main.log
2013-12-12 03:06 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:06 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:06 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:05 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 20:29 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 20:29 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 20:29 - 2013-11-12 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 20:29 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 20:29 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 20:29 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 20:29 - 2013-10-30 01:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 20:29 - 2013-10-19 02:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 20:29 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 20:29 - 2013-10-12 02:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 20:29 - 2013-10-12 02:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 20:29 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 20:29 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 20:29 - 2013-10-12 01:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 20:29 - 2013-10-12 01:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 20:29 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 20:29 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 20:29 - 2013-10-04 02:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 20:29 - 2013-10-04 01:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 20:18 - 2013-12-18 20:40 - 00002082 _____ C:\Windows\PFRO.log
 
==================== One Month Modified Files and Folders =======
 
2014-01-10 21:06 - 2014-01-10 21:05 - 00017978 _____ C:\Users\user\Downloads\FRST.txt
2014-01-10 21:04 - 2014-01-10 21:04 - 01932166 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-01-10 21:04 - 2014-01-10 21:04 - 00000000 ____D C:\FRST
2014-01-10 21:03 - 2014-01-10 21:03 - 01066141 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2014-01-10 20:58 - 2013-11-29 01:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-10 20:52 - 2013-03-29 13:09 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2014-01-10 20:19 - 2013-11-29 01:45 - 00000000 ____D C:\Program Files (x86)\Wajam
2014-01-10 20:04 - 2012-09-05 05:55 - 01811694 _____ C:\Windows\WindowsUpdate.log
2014-01-10 15:37 - 2012-12-07 21:49 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-10 15:37 - 2012-09-14 15:15 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-10 15:35 - 2013-07-30 17:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-10 04:53 - 2012-09-08 18:57 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2014-01-10 02:07 - 2013-02-14 18:47 - 00000000 ____D C:\Firefox
2014-01-10 01:58 - 2013-12-30 23:48 - 00000000 ____D C:\ProgramData\SaveNeeWWaApipz
2014-01-10 01:58 - 2013-12-30 23:48 - 00000000 ____D C:\ProgramData\DealExpresss
2014-01-10 01:58 - 2013-11-29 01:47 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-10 01:21 - 2009-07-14 04:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 01:21 - 2009-07-14 04:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 01:20 - 2009-07-14 05:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-10 01:16 - 2013-05-29 14:18 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-10 01:16 - 2013-02-24 16:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2014-01-10 01:14 - 2012-11-04 20:48 - 00000000 ____D C:\Users\user\AppData\Local\LogMeIn Hamachi
2014-01-10 01:12 - 2013-12-05 00:17 - 00000560 _____ C:\Windows\setupact.log
2014-01-10 01:12 - 2013-01-22 17:49 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-01-10 01:12 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-09 01:57 - 2012-09-06 09:23 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2014-01-09 01:57 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-08 02:04 - 2014-01-08 02:04 - 00000379 _____ C:\Users\user\Documents\sick sleave.txt
2014-01-07 01:29 - 2014-01-07 01:29 - 00061856 _____ C:\Users\user\Downloads\John presentation of acts.pptx
2014-01-06 23:37 - 2014-01-06 23:37 - 00047766 _____ C:\Users\user\Downloads\John presentation of discrimination.pptx
2014-01-06 23:28 - 2014-01-06 23:28 - 00079122 _____ C:\Users\user\Downloads\Assignment 2 (1).pptx
2014-01-03 04:28 - 2014-01-03 04:28 - 00000011 _____ C:\Users\user\Documents\topboy in twitch.txt
2013-12-30 23:48 - 2013-12-30 23:48 - 00000000 ____D C:\ProgramData\cookdfphmjgdagkefmkinmoliciniiel
2013-12-30 23:48 - 2013-12-30 23:48 - 00000000 ____D C:\ProgramData\409e80dbd1a4a118
2013-12-28 00:21 - 2013-12-28 00:21 - 00000000 ____D C:\ProgramData\Intelewin filter
2013-12-28 00:21 - 2013-05-11 21:48 - 00000000 ____D C:\Program Files (x86)\ContinueToSave
2013-12-23 18:56 - 2013-12-23 18:56 - 01455528 _____ C:\Users\user\Downloads\SystemCheck_enUS.exe
2013-12-20 16:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 21:53 - 2013-12-18 21:53 - 00047766 _____ C:\Users\user\Documents\John presentation of discrimination.pptx
2013-12-18 21:06 - 2013-12-18 21:06 - 00064602 _____ C:\Users\user\Downloads\Assignment 2.pptx
2013-12-18 20:45 - 2012-11-23 09:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-18 20:45 - 2012-09-08 18:57 - 00000000 ____D C:\ProgramData\Skype
2013-12-18 20:42 - 2012-09-04 23:19 - 00001417 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-18 20:40 - 2013-12-11 20:18 - 00002082 _____ C:\Windows\PFRO.log
2013-12-18 20:40 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-15 03:12 - 2013-12-14 03:00 - 00012640 _____ C:\Windows\IE11_main.log
2013-12-15 03:07 - 2013-12-15 03:07 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-15 03:07 - 2013-12-15 03:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-15 03:07 - 2013-12-15 03:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-15 03:07 - 2013-12-15 03:07 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-15 03:07 - 2013-12-15 03:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-15 03:07 - 2013-12-15 03:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-15 03:07 - 2013-12-15 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-15 03:07 - 2013-12-15 03:07 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-15 03:07 - 2013-12-15 03:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-15 03:05 - 2013-07-24 19:25 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:00 - 2012-10-08 20:09 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 20:44 - 2013-12-14 20:44 - 01909045 _____ C:\Users\user\Downloads\dickhead meme.htm
2013-12-14 20:44 - 2013-12-14 20:44 - 00000000 ____D C:\Users\user\Downloads\dickhead meme_files
2013-12-14 18:58 - 2012-12-01 12:40 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForUSER-HP$
2013-12-14 18:58 - 2012-12-01 12:40 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job
2013-12-13 00:58 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-13 00:57 - 2009-09-07 01:57 - 00000000 ____D C:\Windows\Panther
2013-12-13 00:57 - 2009-07-14 04:45 - 00292008 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 01:59 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-12 00:03 - 2012-09-05 06:45 - 00000000 ___RD C:\Users\Public\Recorded TV
 
Files to move or delete:
====================
C:\Users\user\jagex_cl_runescape_LIVE.dat
C:\Users\user\random.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-02 18:25
 
==================== End Of Log ============================

Addition for website help.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs....

 

Kevin

 

 

 

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.