Jump to content

Infections?


Recommended Posts

Hi,

 

I hope you can help me. Laptop has slowed down significantly and even after running MBAM Quick Scan I still get popup messages. Anyway here are my details:

 

Quick scan results:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.27.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
User :: USER-PC [administrator]
 
Protection: Enabled
 
27/01/2014 22:31:56
mbam-log-2014-01-27 (22-31-56).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251869
Time elapsed: 7 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Users\User.User-PC\AppData\Local\Temp\is1070216317\163117453_stp\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Users\User.User-PC\AppData\Local\Temp\is1070216317\163117549_stp\JumpFlipSetup.exe (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
C:\Users\User.User-PC\Local Settings\Temporary Internet Files\Content.IE5\UUFPGPCC\Setup[1].exe (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
 
(end)
 
 
I cleaned all of these infections.
 
Attach:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 24/11/2012 21:39:23
System Uptime: 27/01/2014 22:40:27 (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: AMD Turion X2 Dual-Core Mobile RM-70 | Socket M2/S1G1 | 2000/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 35.569 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\TOS1901\2&DABA3FF&1
Manufacturer: 
Name: 
PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
Service: 
.
==== System Restore Points ===================
.
RP167: 19/01/2014 03:00:12 - Windows Update
RP168: 25/01/2014 13:30:16 - Windows Update
RP169: 26/01/2014 19:52:21 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Antares Autotune VST RTAS TDM v5.08
aTube Catcher
Audacity 1.2.6
AVS Screen Capture version 2.0.1
AVS Video Editor 5
AVS Video Recorder 2.4
Blue Cat's Chorus VST 4.01
Blue Cat's Flanger VST 3.01
Blue Cat's Freeware Pack VST 2.01
Blue Cat's FreqAnalyst VST 2.01
Blue Cat's Gain Suite VST 3.01
Blue Cat's Phaser VST 3.01
Blue Cat's Triple EQ VST 4.01
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DreamStation DXi2
DVD Shrink 3.2
eLicenser Control
EPSON Printer Software
Fre(a)koscope
Google Chrome
Google Earth
Google Update Helper
High-Definition Video Playback
Java 7 Update 45
Java Auto Updater
Java 7 Update 1 (64-bit)
Malwarebytes Anti-Malware version 1.75.0.1300
MediaMonkey 4.0
Melodyne singletrack
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Movie Maker
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
Nero 11
Nero 11 Cliparts
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects 1
Nero 11 PiP Effects Basic
Nero 11 Video Samples
Nero 11 Video Transitions 1
Nero Audio Pack 1
Nero BackItUp 11 Help (CHM)
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media Help (CHM)
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11 Help (CHM)
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Video 11
Nero Video 11 Help (CHM)
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
Photo Common
Photo Gallery
Picasa 3
QuickTime
Rapture 1.2.2
Realtek High Definition Audio Driver
Sandboxie 4.08 (64-bit)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Skype Click to Call
Skype™ 6.6
Softube Acoustic Feedback VST RTAS v1.0.7
Softube Bass Amp Room VST RTAS v1.0.2
Softube FET Compressor VST RTAS v1.0.3
Softube Metal Amp Room VST RTAS v1.1.5
Softube Passive-Active Pack VST RTAS v1.0.2
Softube Spring Reverb VST RTAS v1.0.4
Softube Trident A-Range VST RTAS v1.0.2
Softube Tube-Tech CL 1B VST RTAS v1.0.3
Softube Tube Delay VST RTAS v1.0.5
Softube Vintage Amp Room VST RTAS v1.0.8
SONAR X3 Producer
SpeedFan (remove only)
Steinberg Cubase SX 3
swMSM
Synaptics Pointing Device Driver
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TOSHIBA TEMPRO
TOSHIBA Value Added Package
Total Commander 64-bit (Remove or Repair)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
VLC media player 2.0.4
WaveLab 6
Wavpack4Wavelab6
welcome
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
27/01/2014 16:46:04, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
27/01/2014 14:15:11, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
26/01/2014 16:54:22, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
26/01/2014 16:54:22, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
26/01/2014 10:56:23, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
26/01/2014 10:56:23, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
25/01/2014 22:39:57, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error:  An instance of the service is already running.
25/01/2014 22:39:12, Error: Service Control Manager [7031]  - The Windows Defender service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/01/2014 22:38:57, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/01/2014 22:38:57, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/01/2014 22:38:57, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/01/2014 22:38:57, Error: Service Control Manager [7031]  - The Remote Desktop Services UserMode Port Redirector service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/01/2014 22:38:57, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/01/2014 22:38:57, Error: Service Control Manager [7031]  - The Offline Files service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/01/2014 22:38:57, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
25/01/2014 22:38:57, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/01/2014 22:38:57, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by User at 22:56:33 on 2014-01-27
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.2814.1529 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{038C5CD2-800E-4C16-8482-7B47D3832207} : DHCPNameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{038C5CD2-800E-4C16-8482-7B47D3832207}\175796E6E6 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{038C5CD2-800E-4C16-8482-7B47D3832207}\35B4959353544413 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{038C5CD2-800E-4C16-8482-7B47D3832207}\4554C454E4544584F4D4543505F445 : DHCPNameServer = 195.130.130.141 195.130.131.141
TCP: Interfaces\{038C5CD2-800E-4C16-8482-7B47D3832207}\94D6167696E656027596D61687021333D465 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{4BE24489-F1D0-403E-BB21-6789766D4FB8} : DHCPNameServer = 89.19.64.36 89.19.64.164
TCP: Interfaces\{7F13909A-D426-4CC4-84D7-37D6B8B72B8A} : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{A2A43CE3-833A-4B3A-901F-4EDDABC5C2BA} : DHCPNameServer = 172.30.140.69 172.31.140.69
TCP: Interfaces\{C5755F77-13C0-4DC0-98FB-AB03773C12FA} : DHCPNameServer = 172.30.140.69 172.31.140.69
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User.User-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ugjzqyeo.default\
FF - plugin: C:\PROGRA~2\MEADCO~1\npmeadax.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-3-27 22600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-24 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-15 701512]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-11-24 46136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-15 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-1-17 202600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2013-4-20 133632]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-25 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-25 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-25 1255736]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
.
=============== Created Last 30 ================
.
2014-01-26 19:53:03 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-01-26 16:55:47 -------- d-----w- C:\Windows\SysWow64\RTCOM
2014-01-26 16:55:47 -------- d-----w- C:\Program Files\Realtek
2014-01-26 16:53:56 603984 ----a-w- C:\Windows\System32\KAAPORT64.dll
2014-01-26 16:52:17 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2014-01-26 15:40:36 -------- d-----w- C:\Program Files (x86)\Realtek
2014-01-25 23:04:28 -------- d-----w- C:\Windows\pss
2014-01-25 13:31:11 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDCC5FBB-3A1D-4C36-9E02-45CB312B07E1}\mpengine.dll
2014-01-20 01:04:55 -------- d-----w- C:\Users\User.User-PC\AppData\Roaming\4Front
2014-01-19 03:19:02 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2014-01-19 03:18:51 -------- d-----w- C:\Program Files\Common Files\VST3
2014-01-19 03:18:49 -------- d-----w- C:\Program Files\Common Files\VST2
2014-01-19 03:18:33 -------- d-----w- C:\Program Files\Common Files\Avid
2014-01-19 03:18:20 -------- d-----w- C:\Program Files\Celemony
2014-01-19 03:18:19 -------- d-----w- C:\Program Files (x86)\Celemony
2014-01-18 13:45:38 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2014-01-18 12:40:38 -------- d-----w- C:\Users\User.User-PC\AppData\Local\Cakewalk
2014-01-18 12:26:05 118784 ----a-w- C:\Windows\dsdxirmv.exe
2014-01-18 03:19:33 -------- d-----w- C:\Program Files (x86)\u-he
2014-01-18 01:52:28 -------- d-----w- C:\Users\User.User-PC\AppData\Roaming\Celemony Software GmbH
2014-01-18 01:52:20 -------- d-----w- C:\Users\User.User-PC\TruePianos Settings
2014-01-18 01:51:46 -------- d-----w- C:\Users\User.User-PC\AppData\Roaming\Applied Acoustics Systems
2014-01-18 01:51:32 -------- d-----w- C:\Users\User.User-PC\AppData\Roaming\Overloud
2014-01-18 01:47:11 -------- d-----w- C:\Users\User.User-PC\AppData\Roaming\Cakewalk
2014-01-17 23:58:54 -------- d-----w- C:\ProgramData\Celemony Software GmbH
2014-01-17 23:57:58 -------- d-----w- C:\Program Files (x86)\Common Files\Celemony
2014-01-17 23:57:57 -------- d-----w- C:\Program Files\Common Files\Celemony
2014-01-17 23:54:56 -------- d-----w- C:\ProgramData\Temporary
2014-01-17 23:49:03 -------- d-----w- C:\Cakewalk Projects
2014-01-17 23:30:43 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-01-17 23:30:43 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2014-01-17 23:30:43 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-01-17 23:30:43 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2014-01-17 23:30:43 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2014-01-17 23:30:43 1047552 ----a-w- C:\Windows\SysWow64\mfc71u.dll
2014-01-17 23:29:28 -------- d-----w- C:\ProgramData\Package Cache
2014-01-17 23:24:25 -------- d-----w- C:\Cakewalk Content
2014-01-17 23:21:13 -------- d-----w- C:\ProgramData\Overloud
2014-01-17 23:21:13 -------- d-----w- C:\ProgramData\Cakewalk
2014-01-17 23:21:13 -------- d-----w- C:\Program Files (x86)\Cakewalk
2014-01-17 19:33:37 -------- d-----w- C:\Program Files (x86)\JDownloader
2014-01-15 21:12:43 -------- d-----w- C:\Users\User.User-PC\AppData\Roaming\Malwarebytes
2014-01-15 21:11:43 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-15 21:11:35 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-15 21:11:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 09:06:32 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 09:06:32 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 09:06:31 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 09:06:31 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 09:06:31 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 09:06:30 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 09:06:30 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 09:06:28 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 09:06:25 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-01-21 17:44:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-21 17:44:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-18 06:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-05 19:47:54 3707864 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2013-11-05 18:54:54 38385664 ----a-w- C:\Windows\System32\RCoRes64.dat
2013-11-04 19:26:24 153304 ----a-w- C:\Windows\System32\RCoInstII64.dll
2013-11-04 11:11:44 2587864 ----a-w- C:\Windows\System32\RtkAPO64.dll
2013-10-30 16:31:04 929080 ----a-w- C:\Windows\System32\NAHIMICAPOSettingsIPC.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 22:57:46.60 ===============
 
 
Thanks,
 
Michael

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

P2P/Piracy Warning:

    
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Let me see those two logs...

 

Kevin

Link to post
Share on other sites

Cheers. Addition attached.

 

Michael

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02

Ran by User (administrator) on USER-PC on 27-01-2014 23:24:07

Running from C:\Users\User.User-PC\Downloads

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)

HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)

HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB68264A890CACD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5

 

FireFox:

========

FF ProfilePath: C:\Users\User.User-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ugjzqyeo.default

FF user.js: detected! => C:\Users\User.User-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ugjzqyeo.default\user.js

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @meadco.com/neptune plugin,version=2.0.0.29 - C:\PROGRA~2\MEADCO~1\npmeadax.dll (MeadCo Corp.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-18]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-26]

 

Chrome: 

=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (Google Drive) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-25]

CHR Extension: (YouTube) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-25]

CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2013-12-23]

CHR Extension: (Google Search) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-25]

CHR Extension: (Don't track me Google) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbofhhdmcladcmmfjolgndfkpobecpg [2013-07-28]

CHR Extension: (AdBlock) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-01]

CHR Extension: (Hola Better Internet) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-11-11]

CHR Extension: (Trustwave SecureBrowsing) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif [2013-04-27]

CHR Extension: (Traffic Slam 3) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjmailnmofkkffoemgmdbemmohldhe [2013-08-14]

CHR Extension: (Skype Click to Call) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-19]

CHR Extension: (Google Wallet) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]

CHR Extension: (Gmail) - C:\Users\User.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-25]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

 

==================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.)

R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)

S4 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

 

==================== Drivers (Whitelisted) ====================

 

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-24] (DT Soft Ltd)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]

S3 tsusbhub; system32\drivers\tsusbhub.sys [x]

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-27 23:24 - 2014-01-27 23:24 - 00017265 _____ C:\Users\User.User-PC\Downloads\FRST.txt

2014-01-27 23:23 - 2014-01-27 23:23 - 02079232 _____ (Farbar) C:\Users\User.User-PC\Downloads\FRST64.exe

2014-01-27 23:23 - 2014-01-27 23:23 - 00000000 ____D C:\FRST

2014-01-27 23:22 - 2014-01-27 23:22 - 01622528 _____ (Farbar) C:\Users\User.User-PC\Downloads\FRST.exe

2014-01-27 22:58 - 2014-01-27 23:02 - 00021454 _____ C:\Users\User.User-PC\Desktop\dds.txt

2014-01-27 22:58 - 2014-01-27 23:02 - 00013333 _____ C:\Users\User.User-PC\Desktop\attach.txt

2014-01-27 22:50 - 2014-01-27 22:51 - 00688992 ____R (Swearware) C:\Users\User.User-PC\Downloads\dds.com

2014-01-27 22:50 - 2014-01-27 22:50 - 00688992 ____R (Swearware) C:\Users\User.User-PC\Downloads\dds.scr

2014-01-27 18:13 - 2014-01-27 18:27 - 00000000 ____D C:\Users\User.User-PC\Desktop\What have we got to do basslines

2014-01-26 23:57 - 2014-01-26 23:57 - 02605768 _____ (Sandboxie Holdings, LLC) C:\Users\User.User-PC\Downloads\SandboxieInstall.exe

2014-01-26 21:27 - 2014-01-27 18:28 - 00051702 _____ C:\Users\User.User-PC\Desktop\What have we got to do.cpr

2014-01-26 18:10 - 2014-01-09 16:47 - 524116823 _____ C:\Users\User.User-PC\Desktop\thescretlifeowaltermitydvdscr-SHULiBAN.mkv

2014-01-26 17:39 - 2014-01-26 18:07 - 524118515 _____ C:\Users\User.User-PC\Downloads\SLWM.SC5-SHULiBAN.rar

2014-01-26 16:56 - 2014-01-26 16:56 - 00000000 ____H C:\ProgramData\DP45977C.lfl

2014-01-26 16:55 - 2014-01-26 16:55 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

2014-01-26 16:55 - 2014-01-26 16:55 - 00000000 ____D C:\Program Files\Realtek

2014-01-26 16:54 - 2013-11-05 19:47 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys

2014-01-26 16:54 - 2013-11-05 18:54 - 38385664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat

2014-01-26 16:54 - 2013-11-05 15:48 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT

2014-01-26 16:54 - 2013-11-04 19:26 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll

2014-01-26 16:54 - 2013-11-04 11:11 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll

2014-01-26 16:54 - 2013-10-30 16:31 - 00929080 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll

2014-01-26 16:54 - 2013-10-28 17:29 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll

2014-01-26 16:54 - 2013-10-25 10:49 - 05751576 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll

2014-01-26 16:54 - 2013-10-18 16:41 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll

2014-01-26 16:54 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll

2014-01-26 16:54 - 2013-10-09 20:13 - 01921792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll

2014-01-26 16:54 - 2013-10-09 20:13 - 01345280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll

2014-01-26 16:54 - 2013-10-09 20:13 - 01286400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll

2014-01-26 16:54 - 2013-10-09 20:12 - 27644160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll

2014-01-26 16:54 - 2013-10-09 20:12 - 14152960 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll

2014-01-26 16:54 - 2013-10-09 20:12 - 03714304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll

2014-01-26 16:54 - 2013-10-09 20:12 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll

2014-01-26 16:54 - 2013-10-09 20:12 - 02036992 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll

2014-01-26 16:54 - 2013-10-09 20:12 - 01012992 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll

2014-01-26 16:54 - 2013-10-07 11:05 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll

2014-01-26 16:54 - 2013-10-02 17:10 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll

2014-01-26 16:54 - 2013-09-09 15:32 - 05681192 _____ C:\Windows\system32\Drivers\rtvienna.dat

2014-01-26 16:54 - 2013-08-24 03:14 - 01014016 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll

2014-01-26 16:54 - 2013-08-24 03:14 - 00897792 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll

2014-01-26 16:54 - 2013-08-24 03:14 - 00722688 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll

2014-01-26 16:54 - 2013-08-24 03:14 - 00244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll

2014-01-26 16:54 - 2013-08-14 16:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll

2014-01-26 16:54 - 2013-08-14 16:35 - 01084160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll

2014-01-26 16:54 - 2013-08-14 16:35 - 00907008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll

2014-01-26 16:54 - 2013-08-14 16:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll

2014-01-26 16:54 - 2013-07-23 15:39 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll

2014-01-26 16:54 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll

2014-01-26 16:54 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll

2014-01-26 16:54 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll

2014-01-26 16:54 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl

2014-01-26 16:54 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll

2014-01-26 16:54 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll

2014-01-26 16:54 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll

2014-01-26 16:54 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll

2014-01-26 16:54 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll

2014-01-26 16:54 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll

2014-01-26 16:54 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll

2014-01-26 16:54 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll

2014-01-26 16:54 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll

2014-01-26 16:54 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll

2014-01-26 16:54 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll

2014-01-26 16:54 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll

2014-01-26 16:54 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll

2014-01-26 16:54 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll

2014-01-26 16:54 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll

2014-01-26 16:54 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll

2014-01-26 16:54 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll

2014-01-26 16:54 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll

2014-01-26 16:54 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll

2014-01-26 16:54 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll

2014-01-26 16:54 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll

2014-01-26 16:54 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll

2014-01-26 16:54 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll

2014-01-26 16:54 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll

2014-01-26 16:54 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll

2014-01-26 16:54 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll

2014-01-26 16:54 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll

2014-01-26 16:54 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll

2014-01-26 16:53 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll

2014-01-26 16:53 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll

2014-01-26 16:53 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll

2014-01-26 16:53 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll

2014-01-26 16:53 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll

2014-01-26 16:53 - 2013-09-10 04:02 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll

2014-01-26 16:53 - 2013-09-10 04:02 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll

2014-01-26 16:53 - 2013-09-10 04:01 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll

2014-01-26 16:53 - 2013-09-10 04:01 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll

2014-01-26 16:53 - 2013-08-20 17:37 - 00605496 _____ C:\Windows\system32\audioLibVc.dll

2014-01-26 16:53 - 2013-08-05 18:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll

2014-01-26 16:53 - 2013-06-21 11:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll

2014-01-26 16:53 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll

2014-01-26 16:53 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll

2014-01-26 16:53 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll

2014-01-26 15:40 - 2014-01-26 15:40 - 00000000 ____D C:\Program Files (x86)\Realtek

2014-01-26 15:39 - 2014-01-26 15:39 - 00000000 ____D C:\Users\USER~1~USE

2014-01-26 14:24 - 2014-01-26 15:37 - 108956093 _____ (Realtek Semiconductor Corp.) C:\Users\User.User-PC\Downloads\64bit_Win7_Win8_Win81_R273.exe

2014-01-25 23:04 - 2014-01-26 20:05 - 00000000 ____D C:\Windows\pss

2014-01-21 17:41 - 2014-01-21 17:42 - 18126032 _____ (Adobe Systems Inc.) C:\Users\User.User-PC\Downloads\AdobeAIRInstaller.exe

2014-01-20 01:04 - 2014-01-20 01:04 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\4Front

2014-01-19 19:57 - 2014-01-19 19:53 - 00000000 ____D C:\Users\User.User-PC\Desktop\Oddsocks Album PrePro

2014-01-19 19:53 - 2014-01-19 19:53 - 41085786 _____ C:\Users\User.User-PC\Downloads\Oddsocks Album PrePro.zip

2014-01-19 19:27 - 2014-01-19 19:48 - 2174826508 _____ C:\Users\User.User-PC\Downloads\Tunes.zip

2014-01-19 15:36 - 2014-01-19 15:36 - 00001267 _____ C:\Users\Public\Desktop\Rapture.lnk

2014-01-19 03:19 - 2014-01-19 03:19 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software

2014-01-19 03:18 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files\Common Files\VST3

2014-01-19 03:18 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files\Common Files\VST2

2014-01-19 03:18 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files\Common Files\Avid

2014-01-19 03:18 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files\Celemony

2014-01-19 03:18 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files (x86)\Celemony

2014-01-18 14:00 - 2014-01-18 14:00 - 00001321 _____ C:\Users\Public\Desktop\SONAR X3 Producer.lnk

2014-01-18 14:00 - 2014-01-18 14:00 - 00000000 ____D C:\Users\User.User-PC\Documents\Cakewalk

2014-01-18 13:46 - 2014-01-18 13:46 - 00000000 ____D C:\Users\User.User-PC\Documents\Nomad Factory

2014-01-18 12:40 - 2014-01-18 12:40 - 00000000 ____D C:\Users\User.User-PC\AppData\Local\Cakewalk

2014-01-18 12:28 - 2014-01-27 19:00 - 00000386 _____ C:\Windows\Tasks\At5.job

2014-01-18 12:28 - 2014-01-18 12:28 - 00001834 _____ C:\Windows\System32\Tasks\At5

2014-01-18 12:26 - 2014-01-18 12:26 - 00118784 _____ C:\Windows\dsdxirmv.exe

2014-01-18 03:57 - 2014-01-27 19:00 - 00000386 _____ C:\Windows\Tasks\At4.job

2014-01-18 03:57 - 2014-01-18 03:57 - 00001834 _____ C:\Windows\System32\Tasks\At4

2014-01-18 03:55 - 2014-01-27 19:00 - 00000386 _____ C:\Windows\Tasks\At3.job

2014-01-18 03:55 - 2014-01-18 03:55 - 00001834 _____ C:\Windows\System32\Tasks\At3

2014-01-18 03:52 - 2014-01-27 19:00 - 00000386 _____ C:\Windows\Tasks\At2.job

2014-01-18 03:52 - 2014-01-18 03:52 - 00001834 _____ C:\Windows\System32\Tasks\At2

2014-01-18 03:19 - 2014-01-18 13:11 - 00000000 ____D C:\Program Files (x86)\u-he

2014-01-18 03:18 - 2014-01-27 19:00 - 00000386 _____ C:\Windows\Tasks\At1.job

2014-01-18 03:18 - 2014-01-18 03:18 - 00001834 _____ C:\Windows\System32\Tasks\At1

2014-01-18 03:06 - 2014-01-18 03:06 - 00014290 _____ C:\Users\User.User-PC\Downloads\[kickass.to]celemony.melodyne.studio.edition.v3.torrent

2014-01-18 02:22 - 2014-01-26 20:11 - 00006656 _____ C:\Users\User.User-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-01-18 01:52 - 2014-01-26 21:14 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Celemony Software GmbH

2014-01-18 01:52 - 2014-01-18 01:52 - 00000000 ____D C:\Users\User.User-PC\TruePianos Settings

2014-01-18 01:52 - 2014-01-18 01:52 - 00000000 ____D C:\Users\User.User-PC\Documents\Celemony

2014-01-18 01:51 - 2014-01-18 01:52 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Applied Acoustics Systems

2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Overloud

2014-01-18 01:47 - 2014-01-18 12:35 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Cakewalk

2014-01-17 23:58 - 2014-01-19 03:18 - 00000000 ____D C:\ProgramData\Celemony Software GmbH

2014-01-17 23:57 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files\Common Files\Celemony

2014-01-17 23:54 - 2014-01-17 23:54 - 00000000 ____D C:\ProgramData\Temporary

2014-01-17 23:51 - 2014-01-17 23:51 - 00038415 _____ C:\Users\User.User-PC\Downloads\[kickass.to]cakewalk.sonar.x3.producer.edition.x3c.update.r2r.ex23.torrent

2014-01-17 23:49 - 2014-01-26 12:29 - 00000000 ____D C:\Cakewalk Projects

2014-01-17 23:36 - 2014-01-19 03:23 - 00770228 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2014-01-17 23:30 - 2012-06-20 17:38 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll

2014-01-17 23:30 - 2012-06-20 17:38 - 01047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71u.dll

2014-01-17 23:30 - 2012-06-20 17:38 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll

2014-01-17 23:30 - 2012-06-20 17:38 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll

2014-01-17 23:30 - 2012-06-20 17:38 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll

2014-01-17 23:30 - 2012-06-20 17:38 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll

2014-01-17 23:29 - 2014-01-17 23:29 - 00000000 ____D C:\ProgramData\Package Cache

2014-01-17 23:24 - 2014-01-18 13:41 - 00000000 ____D C:\Cakewalk Content

2014-01-17 23:21 - 2014-01-19 15:36 - 00000000 ____D C:\Program Files (x86)\Cakewalk

2014-01-17 23:21 - 2014-01-18 13:47 - 00000000 ____D C:\ProgramData\Cakewalk

2014-01-17 23:21 - 2014-01-18 13:31 - 00000000 ____D C:\ProgramData\Overloud

2014-01-17 20:42 - 2014-01-18 03:17 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Azureus

2014-01-17 20:39 - 2014-01-17 20:39 - 00018434 _____ C:\Users\User.User-PC\Downloads\[kickass.to]cakewalk.sonar.x3.producer.union (1).torrent

2014-01-17 20:32 - 2014-01-17 20:32 - 01050092 _____ C:\Users\User.User-PC\Downloads\[kickass.to]cakewalk.sonar.x3.producer.edition.dvdr.r2r.paz (1).torrent

2014-01-17 19:35 - 2014-01-17 19:35 - 00000196 _____ C:\Users\User.User-PC\Downloads\7a3ff2be-11f9-400a-b005-6f9c7b7a540a.htm

2014-01-17 19:33 - 2014-01-17 20:01 - 00000000 ____D C:\Program Files (x86)\JDownloader

2014-01-17 19:31 - 2014-01-17 19:31 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\User.User-PC\Downloads\WebInstaller.exe

2014-01-17 01:21 - 2014-01-17 05:03 - 943718400 _____ C:\Users\User.User-PC\Downloads\Cakewalk123.part06.rar

2014-01-16 11:38 - 2014-01-16 11:38 - 01050092 _____ C:\Users\User.User-PC\Downloads\[kickass.to]cakewalk.sonar.x3.producer.edition.dvdr.r2r.paz.torrent

2014-01-15 23:08 - 2014-01-16 04:16 - 943718400 _____ C:\Users\User.User-PC\Downloads\Cakewalk123.part01.rar

2014-01-15 23:07 - 2014-01-16 02:58 - 658645936 _____ C:\Users\User.User-PC\Downloads\Cakewalk.SONAR.X3.Producer.Edition.X3d.Update-R2R.rar

2014-01-15 23:02 - 2014-01-15 23:02 - 02347384 _____ (ESET) C:\Users\User.User-PC\Downloads\esetsmartinstaller_enu.exe

2014-01-15 23:00 - 2014-01-15 23:00 - 00018434 _____ C:\Users\User.User-PC\Downloads\[kickass.to]cakewalk.sonar.x3.producer.union.torrent

2014-01-15 21:12 - 2014-01-15 21:12 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Malwarebytes

2014-01-15 21:11 - 2014-01-26 19:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-15 21:11 - 2014-01-26 19:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-15 21:11 - 2014-01-15 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-15 21:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-15 09:06 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-15 09:06 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-15 09:06 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-15 09:06 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-15 09:06 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-15 09:06 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-15 09:06 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-15 09:06 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-15 09:06 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-01-08 23:42 - 2014-01-09 13:08 - 00000000 ____D C:\Users\User.User-PC\Desktop\8th Jan 2014

2014-01-07 12:53 - 2014-01-07 17:51 - 00000000 ____D C:\Users\User.User-PC\Desktop\Show me what to do

 

==================== One Month Modified Files and Folders =======

 

2014-01-27 23:24 - 2014-01-27 23:24 - 00017265 _____ C:\Users\User.User-PC\Downloads\FRST.txt

2014-01-27 23:23 - 2014-01-27 23:23 - 02079232 _____ (Farbar) C:\Users\User.User-PC\Downloads\FRST64.exe

2014-01-27 23:23 - 2014-01-27 23:23 - 00000000 ____D C:\FRST

2014-01-27 23:22 - 2014-01-27 23:22 - 01622528 _____ (Farbar) C:\Users\User.User-PC\Downloads\FRST.exe

2014-01-27 23:19 - 2012-11-24 21:38 - 01645107 _____ C:\Windows\WindowsUpdate.log

2014-01-27 23:18 - 2012-11-24 22:14 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8D852255-65B2-428E-9DFA-48D99F82DB19}

2014-01-27 23:02 - 2014-01-27 22:58 - 00021454 _____ C:\Users\User.User-PC\Desktop\dds.txt

2014-01-27 23:02 - 2014-01-27 22:58 - 00013333 _____ C:\Users\User.User-PC\Desktop\attach.txt

2014-01-27 22:55 - 2012-11-24 22:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-27 22:51 - 2014-01-27 22:50 - 00688992 ____R (Swearware) C:\Users\User.User-PC\Downloads\dds.com

2014-01-27 22:50 - 2014-01-27 22:50 - 00688992 ____R (Swearware) C:\Users\User.User-PC\Downloads\dds.scr

2014-01-27 22:41 - 2012-11-25 16:10 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-27 22:41 - 2012-11-25 15:32 - 00000000 ____D C:\Program Files (x86)\SpeedFan

2014-01-27 22:40 - 2013-11-13 16:01 - 00016262 _____ C:\Windows\setupact.log

2014-01-27 22:40 - 2012-11-24 23:29 - 00175036 _____ C:\Windows\PFRO.log

2014-01-27 22:40 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-27 22:35 - 2012-11-25 16:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-27 22:11 - 2009-07-14 04:45 - 00010128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-27 22:11 - 2009-07-14 04:45 - 00010128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-27 21:17 - 2013-03-30 02:26 - 00001692 _____ C:\Windows\Sandboxie.ini

2014-01-27 19:00 - 2014-01-18 12:28 - 00000386 _____ C:\Windows\Tasks\At5.job

2014-01-27 19:00 - 2014-01-18 03:57 - 00000386 _____ C:\Windows\Tasks\At4.job

2014-01-27 19:00 - 2014-01-18 03:55 - 00000386 _____ C:\Windows\Tasks\At3.job

2014-01-27 19:00 - 2014-01-18 03:52 - 00000386 _____ C:\Windows\Tasks\At2.job

2014-01-27 19:00 - 2014-01-18 03:18 - 00000386 _____ C:\Windows\Tasks\At1.job

2014-01-27 18:28 - 2014-01-26 21:27 - 00051702 _____ C:\Users\User.User-PC\Desktop\What have we got to do.cpr

2014-01-27 18:28 - 2013-12-13 11:12 - 00000000 ____D C:\Users\User.User-PC\Desktop\Audio

2014-01-27 18:27 - 2014-01-27 18:13 - 00000000 ____D C:\Users\User.User-PC\Desktop\What have we got to do basslines

2014-01-27 18:06 - 2013-12-13 11:13 - 00000000 ____D C:\Users\User.User-PC\Desktop\Images

2014-01-26 23:57 - 2014-01-26 23:57 - 02605768 _____ (Sandboxie Holdings, LLC) C:\Users\User.User-PC\Downloads\SandboxieInstall.exe

2014-01-26 21:14 - 2014-01-18 01:52 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Celemony Software GmbH

2014-01-26 20:11 - 2014-01-18 02:22 - 00006656 _____ C:\Users\User.User-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-01-26 20:05 - 2014-01-25 23:04 - 00000000 ____D C:\Windows\pss

2014-01-26 19:54 - 2012-11-25 16:09 - 00000000 ____D C:\ProgramData\AVAST Software

2014-01-26 19:44 - 2014-01-15 21:11 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-26 19:44 - 2014-01-15 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-26 18:12 - 2012-11-25 15:40 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\vlc

2014-01-26 18:07 - 2014-01-26 17:39 - 524118515 _____ C:\Users\User.User-PC\Downloads\SLWM.SC5-SHULiBAN.rar

2014-01-26 16:56 - 2014-01-26 16:56 - 00000000 ____H C:\ProgramData\DP45977C.lfl

2014-01-26 16:55 - 2014-01-26 16:55 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

2014-01-26 16:55 - 2014-01-26 16:55 - 00000000 ____D C:\Program Files\Realtek

2014-01-26 16:52 - 2012-11-24 22:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2014-01-26 15:40 - 2014-01-26 15:40 - 00000000 ____D C:\Program Files (x86)\Realtek

2014-01-26 15:39 - 2014-01-26 15:39 - 00000000 ____D C:\Users\USER~1~USE

2014-01-26 15:37 - 2014-01-26 14:24 - 108956093 _____ (Realtek Semiconductor Corp.) C:\Users\User.User-PC\Downloads\64bit_Win7_Win8_Win81_R273.exe

2014-01-26 12:29 - 2014-01-17 23:49 - 00000000 ____D C:\Cakewalk Projects

2014-01-25 22:39 - 2012-11-25 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2014-01-21 17:44 - 2012-11-25 11:33 - 00000000 ____D C:\Users\User.User-PC\AppData\Local\Adobe

2014-01-21 17:44 - 2012-11-24 22:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-01-21 17:44 - 2012-11-24 22:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-21 17:44 - 2012-11-24 22:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-01-21 17:42 - 2014-01-21 17:41 - 18126032 _____ (Adobe Systems Inc.) C:\Users\User.User-PC\Downloads\AdobeAIRInstaller.exe

2014-01-20 01:04 - 2014-01-20 01:04 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\4Front

2014-01-19 19:53 - 2014-01-19 19:57 - 00000000 ____D C:\Users\User.User-PC\Desktop\Oddsocks Album PrePro

2014-01-19 19:53 - 2014-01-19 19:53 - 41085786 _____ C:\Users\User.User-PC\Downloads\Oddsocks Album PrePro.zip

2014-01-19 19:48 - 2014-01-19 19:27 - 2174826508 _____ C:\Users\User.User-PC\Downloads\Tunes.zip

2014-01-19 15:36 - 2014-01-19 15:36 - 00001267 _____ C:\Users\Public\Desktop\Rapture.lnk

2014-01-19 15:36 - 2014-01-17 23:21 - 00000000 ____D C:\Program Files (x86)\Cakewalk

2014-01-19 03:23 - 2014-01-17 23:36 - 00770228 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2014-01-19 03:23 - 2009-07-14 05:13 - 00770228 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-19 03:19 - 2014-01-19 03:19 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software

2014-01-19 03:18 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files\Common Files\VST3

2014-01-19 03:18 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files\Common Files\VST2

2014-01-19 03:18 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files\Common Files\Avid

2014-01-19 03:18 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files\Celemony

2014-01-19 03:18 - 2014-01-19 03:18 - 00000000 ____D C:\Program Files (x86)\Celemony

2014-01-19 03:18 - 2014-01-17 23:58 - 00000000 ____D C:\ProgramData\Celemony Software GmbH

2014-01-19 03:18 - 2014-01-17 23:57 - 00000000 ____D C:\Program Files\Common Files\Celemony

2014-01-19 03:18 - 2012-12-06 17:02 - 00000000 ____D C:\Program Files (x86)\Steinberg

2014-01-18 14:00 - 2014-01-18 14:00 - 00001321 _____ C:\Users\Public\Desktop\SONAR X3 Producer.lnk

2014-01-18 14:00 - 2014-01-18 14:00 - 00000000 ____D C:\Users\User.User-PC\Documents\Cakewalk

2014-01-18 13:47 - 2014-01-17 23:21 - 00000000 ____D C:\ProgramData\Cakewalk

2014-01-18 13:46 - 2014-01-18 13:46 - 00000000 ____D C:\Users\User.User-PC\Documents\Nomad Factory

2014-01-18 13:41 - 2014-01-17 23:24 - 00000000 ____D C:\Cakewalk Content

2014-01-18 13:31 - 2014-01-17 23:21 - 00000000 ____D C:\ProgramData\Overloud

2014-01-18 13:25 - 2009-07-14 04:45 - 04978576 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-18 13:24 - 2012-11-24 22:26 - 00112480 _____ C:\Users\User.User-PC\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-18 13:11 - 2014-01-18 03:19 - 00000000 ____D C:\Program Files (x86)\u-he

2014-01-18 12:40 - 2014-01-18 12:40 - 00000000 ____D C:\Users\User.User-PC\AppData\Local\Cakewalk

2014-01-18 12:35 - 2014-01-18 01:47 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Cakewalk

2014-01-18 12:28 - 2014-01-18 12:28 - 00001834 _____ C:\Windows\System32\Tasks\At5

2014-01-18 12:26 - 2014-01-18 12:26 - 00118784 _____ C:\Windows\dsdxirmv.exe

2014-01-18 03:57 - 2014-01-18 03:57 - 00001834 _____ C:\Windows\System32\Tasks\At4

2014-01-18 03:55 - 2014-01-18 03:55 - 00001834 _____ C:\Windows\System32\Tasks\At3

2014-01-18 03:52 - 2014-01-18 03:52 - 00001834 _____ C:\Windows\System32\Tasks\At2

2014-01-18 03:18 - 2014-01-18 03:18 - 00001834 _____ C:\Windows\System32\Tasks\At1

2014-01-18 03:17 - 2014-01-17 20:42 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Azureus

2014-01-18 03:06 - 2014-01-18 03:06 - 00014290 _____ C:\Users\User.User-PC\Downloads\[kickass.to]celemony.melodyne.studio.edition.v3.torrent

2014-01-18 01:52 - 2014-01-18 01:52 - 00000000 ____D C:\Users\User.User-PC\TruePianos Settings

2014-01-18 01:52 - 2014-01-18 01:52 - 00000000 ____D C:\Users\User.User-PC\Documents\Celemony

2014-01-18 01:52 - 2014-01-18 01:51 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Applied Acoustics Systems

2014-01-18 01:52 - 2012-11-24 22:08 - 00000000 ____D C:\Users\User.User-PC

2014-01-18 01:51 - 2014-01-18 01:51 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Overloud

2014-01-17 23:54 - 2014-01-17 23:54 - 00000000 ____D C:\ProgramData\Temporary

2014-01-17 23:51 - 2014-01-17 23:51 - 00038415 _____ C:\Users\User.User-PC\Downloads\[kickass.to]cakewalk.sonar.x3.producer.edition.x3c.update.r2r.ex23.torrent

2014-01-17 23:29 - 2014-01-17 23:29 - 00000000 ____D C:\ProgramData\Package Cache

2014-01-17 20:44 - 2013-03-29 18:16 - 00000000 ____D C:\Program Files\Vuze

2014-01-17 20:43 - 2013-03-29 18:15 - 00000000 _____ C:\END

2014-01-17 20:39 - 2014-01-17 20:39 - 00018434 _____ C:\Users\User.User-PC\Downloads\[kickass.to]cakewalk.sonar.x3.producer.union (1).torrent

2014-01-17 20:32 - 2014-01-17 20:32 - 01050092 _____ C:\Users\User.User-PC\Downloads\[kickass.to]cakewalk.sonar.x3.producer.edition.dvdr.r2r.paz (1).torrent

2014-01-17 20:01 - 2014-01-17 19:33 - 00000000 ____D C:\Program Files (x86)\JDownloader

2014-01-17 19:35 - 2014-01-17 19:35 - 00000196 _____ C:\Users\User.User-PC\Downloads\7a3ff2be-11f9-400a-b005-6f9c7b7a540a.htm

2014-01-17 19:31 - 2014-01-17 19:31 - 00081488 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\User.User-PC\Downloads\WebInstaller.exe

2014-01-17 05:03 - 2014-01-17 01:21 - 943718400 _____ C:\Users\User.User-PC\Downloads\Cakewalk123.part06.rar

2014-01-16 11:38 - 2014-01-16 11:38 - 01050092 _____ C:\Users\User.User-PC\Downloads\[kickass.to]cakewalk.sonar.x3.producer.edition.dvdr.r2r.paz.torrent

2014-01-16 04:16 - 2014-01-15 23:08 - 943718400 _____ C:\Users\User.User-PC\Downloads\Cakewalk123.part01.rar

2014-01-16 02:58 - 2014-01-15 23:07 - 658645936 _____ C:\Users\User.User-PC\Downloads\Cakewalk.SONAR.X3.Producer.Edition.X3d.Update-R2R.rar

2014-01-15 23:02 - 2014-01-15 23:02 - 02347384 _____ (ESET) C:\Users\User.User-PC\Downloads\esetsmartinstaller_enu.exe

2014-01-15 23:00 - 2014-01-15 23:00 - 00018434 _____ C:\Users\User.User-PC\Downloads\[kickass.to]cakewalk.sonar.x3.producer.union.torrent

2014-01-15 22:26 - 2013-08-20 16:14 - 00000000 ____D C:\Users\User.User-PC\recordings

2014-01-15 22:06 - 2013-12-16 12:11 - 00000000 ____D C:\Windows\system32\MRT

2014-01-15 22:02 - 2012-11-24 23:50 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-15 22:00 - 2012-11-25 20:25 - 00000000 ____D C:\PDFZilla

2014-01-15 21:55 - 2012-11-25 11:30 - 00000000 ____D C:\ProgramData\Adobe

2014-01-15 21:54 - 2012-11-25 11:30 - 00000000 ____D C:\Program Files (x86)\Adobe

2014-01-15 21:52 - 2012-11-25 11:49 - 00000000 ____D C:\Program Files\Common Files\Adobe

2014-01-15 21:48 - 2012-11-24 22:13 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Adobe

2014-01-15 21:12 - 2014-01-15 21:12 - 00000000 ____D C:\Users\User.User-PC\AppData\Roaming\Malwarebytes

2014-01-15 21:11 - 2014-01-15 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-09 16:47 - 2014-01-26 18:10 - 524116823 _____ C:\Users\User.User-PC\Desktop\thescretlifeowaltermitydvdscr-SHULiBAN.mkv

2014-01-09 13:08 - 2014-01-08 23:42 - 00000000 ____D C:\Users\User.User-PC\Desktop\8th Jan 2014

2014-01-09 12:45 - 2013-12-05 19:11 - 00000000 ____D C:\Users\User.User-PC\Desktop\5th dec 13

2014-01-07 17:51 - 2014-01-07 12:53 - 00000000 ____D C:\Users\User.User-PC\Desktop\Show me what to do

2013-12-29 19:41 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache

 

Files to move or delete:

====================

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

C:\Windows\Tasks\At5.job

 

 

Some content of TEMP:

====================

C:\Users\User.User-PC\AppData\Local\Temp\Setup.exe

C:\Users\User.User-PC\AppData\Local\Temp\sfamcc00001.dll

C:\Users\User.User-PC\AppData\Local\Temp\sfareca00001.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-19 00:41

 

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log,,,

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.
 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

 

Next,

 

Run the MGA Diagnostic Tool and post back the report it creates:

 

  •  

     

  • Download MGADiag from here: http://go.microsoft.com/fwlink/?linkid=52012'>http://go.microsoft.com/fwlink/?linkid=52012 and save it to your desktop.

     

     

  • Double-click on MGADiag.exe to launch the program

     

     

  • Click "Continue"

     

     

  • Ensure that the "Windows" tab is selected (it should be by default).

     

     

  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.

     

     

  • Paste the MGA Diagnostic Report back here in your next reply.

     

     

 

 

Let me see those logs....

fixlist.txt

Link to post
Share on other sites

Ok so here's the fix:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014 02
Ran by User at 2014-01-28 00:01:40 Run:1
Running from C:\Users\User.User-PC\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Users\User.User-PC\AppData\Local\Temp\Setup.exe
C:\Users\User.User-PC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\User.User-PC\AppData\Local\Temp\sfareca00001.dll
Task: {15979E1A-7465-47D2-8926-6020840EA063} - System32\Tasks\At2 => C:\Users\USER~1.USE\AppData\Local\Temp\ds2inst.exe <==== ATTENTION
Task: {3DE6E0A1-A42A-4124-95F3-8BCF8E814B4F} - System32\Tasks\At4 => C:\Users\USER~1.USE\AppData\Local\Temp\ds2inst.exe <==== ATTENTION
Task: {710D752B-9BBC-4CB1-B222-5FA25564BB68} - System32\Tasks\At5 => C:\Users\USER~1.USE\AppData\Local\Temp\ds2inst.exe <==== ATTENTION
Task: {BCC4DA0C-1871-42A4-885E-2BA16095F4A1} - System32\Tasks\At3 => C:\Users\USER~1.USE\AppData\Local\Temp\ds2inst.exe <==== ATTENTION
Task: {DE94CEE1-FDF9-4088-8EFC-E7113CC2C6BC} - System32\Tasks\At1 => C:\Users\USER~1.USE\AppData\Local\Temp\ds2inst.exe <==== ATTENTION
End
*****************
 
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Windows\Tasks\At5.job => Moved successfully.
C:\Users\User.User-PC\AppData\Local\Temp\Setup.exe => Moved successfully.
C:\Users\User.User-PC\AppData\Local\Temp\sfamcc00001.dll => Moved successfully.
C:\Users\User.User-PC\AppData\Local\Temp\sfareca00001.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15979E1A-7465-47D2-8926-6020840EA063} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15979E1A-7465-47D2-8926-6020840EA063} => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DE6E0A1-A42A-4124-95F3-8BCF8E814B4F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DE6E0A1-A42A-4124-95F3-8BCF8E814B4F} => Key deleted successfully.
C:\Windows\System32\Tasks\At4 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{710D752B-9BBC-4CB1-B222-5FA25564BB68} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{710D752B-9BBC-4CB1-B222-5FA25564BB68} => Key deleted successfully.
C:\Windows\System32\Tasks\At5 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCC4DA0C-1871-42A4-885E-2BA16095F4A1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCC4DA0C-1871-42A4-885E-2BA16095F4A1} => Key deleted successfully.
C:\Windows\System32\Tasks\At3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE94CEE1-FDF9-4088-8EFC-E7113CC2C6BC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE94CEE1-FDF9-4088-8EFC-E7113CC2C6BC} => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key deleted successfully.
 
==== End of Fixlog ====
 
Just running Quick scan now
Link to post
Share on other sites

Quick Scan results all clear:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.27.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
User :: USER-PC [administrator]
 
Protection: Enabled
 
28/01/2014 00:06:07
mbam-log-2014-01-28 (00-06-07).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251698
Time elapsed: 6 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites


Sorry waiting for reboot. Here is the Adware results and MGA:

 

 

 

# AdwCleaner v3.017 - Report created 28/01/2014 at 00:19:26

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : User - USER-PC

# Running from : C:\Users\User.User-PC\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Program Files (x86)\NCH Software

File Deleted : C:\END

File Deleted : C:\Windows\System32\roboot64.exe

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softube Acoustic Feedback VST RTAS_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softube Bass Amp Room VST RTAS_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softube FET Compressor VST RTAS_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softube Metal Amp Room VST RTAS_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softube Passive-Active Pack VST RTAS_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softube Spring Reverb VST RTAS_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softube Trident A-Range VST RTAS_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softube Tube Delay VST RTAS_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softube Tube-Tech CL 1B VST RTAS_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softube Vintage Amp Room VST RTAS_is1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\FLEXnet

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\NCH Software

Key Deleted : HKLM\Software\PIP

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v17.0 (en-US)

 

-\\ Google Chrome v32.0.1700.76

 

*************************

 

AdwCleaner[R0].txt - [3709 octets] - [28/01/2014 00:16:23]

AdwCleaner[s0].txt - [3483 octets] - [28/01/2014 00:19:26]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3543 octets] ##########

 


 

 

 

 

MGA:

 

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

 

Validation Code: 0

Cached Online Validation Code: 0x0

Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV

Windows Product Key Hash: 55n8g6xdzhe4AOWhmTzdzQoLfa4=

Windows Product ID: 00426-292-0000007-85981

Windows Product ID Type: 5

Windows License Type: Retail

Windows OS version: 6.1.7601.2.00010100.1.0.001

ID: {D2601EBD-AE32-4DBD-816E-0157581D6538}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Ultimate

Architecture: 0x00000009

Build lab: 7601.win7sp1_gdr.130828-1532

TTS Error: 

Validation Diagnostic: 

Resolution Status: N/A

 

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

 

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

 

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

 

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

 

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

 

File Scan Data-->

File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100

File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

 

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{D2601EBD-AE32-4DBD-816E-0157581D6538}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3MBMV</PKey><PID>00426-292-0000007-85981</PID><PIDType>5</PIDType><SID>S-1-5-21-1693230404-891570233-2460468753</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L300D</Model></SYSTEM><BIOS><Manufacturer>Insyde Corp.</Manufacturer><Version>1.80</Version><SMBIOSVersion major="2" minor="4"/><Date>20090901000000.000000+000</Date></BIOS><HWID>25E53C07018400F6</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>QA09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

 

Spsys.log Content: 0x80070002

 

Licensing Data-->

Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

 

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: 0x00000000

HealthStatus: 0x0000000000000000

Event Time Stamp: 11:25:2012 04:30

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Not Registered - 0x80070005

HealthStatus Bitmask Output:

 

 

HWID Data-->

HWID Hash Current: NAAAAAIABAABAAEAAAABAAAAAgABAAEAeqioP3cWnLkQM7CuVPkyy8gr1ErMSczJfqF+KA==

 

OEM Activation 1.0 Data-->

N/A

 

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20001

OEMID and OEMTableID Consistent: yes

BIOS Information: 

  ACPI Table Name OEMID Value OEMTableID Value

  APIC TOSINV TOSINV00

  FACP TOSINV TOSINV00

  SRAT AMD   AMD CRB 

  MSCT AMD   AMD CRB 

  HPET TOSINV TOSINV00

  BOOT TOSINV TOSINV00

  MCFG TOSINV TOSINV00

  SLIC DELL   QA09   

  SSDT AMD   PowerNow
Link to post
Share on other sites

Yes you definitely need an Anti-virus program. Malwarebytes has no AV component.

 

Go here: http://www.microsoft.com/en-gb/download/details.aspx?id=5201 dowload and Install Microsoft Security Essentials, update and run a quick scan. Let me know if anything is found.

 

Also do the following, there is a problem with some system files....

 

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then tap enter.When finished type exit Tap enter, re-boot your PC.

***Note the space between sfc and /scannow.

To get report, at command promt type or copy and paste:
findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt  
 

When the above completes if no remaining issues we can clean up/remove tools etc... I`m off to bed, catch up later...

 

Kevin....

Link to post
Share on other sites

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

When that completes we will need to clean up as follows:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:
 
Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
 
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,
 
Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST
 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Remove disinfection tools
       
  • Purge System Restore

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Let me know if any remaining issues or concerns..

 

Kevin

Link to post
Share on other sites

You will need to sort Java out at some point, maybe go to the Java website, If all tools are gone are we OK to close out...

 

Also read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Take care,

 

Kevin.....

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.