Jump to content

Trouble Removing PUP Objects


Recommended Posts

First, I'm new to this forum, but I've been quite amazed at the wealth of information and generosity displayed by this community. What a great site - great work!

 

So to my problem: My computer was infected with Conduit/Spigot adware, and after uninstalling the software I ran a battery of recommended anti-malware diagnostics including Malwarebytes Anti-Malware Pro (quick, full, flash scans/fixes), Microsoft Security Essentials (quick, full scans/fixes), AdwCleaner, Combofix, JRT and Roguekiller (scan only), and while the vast majority of the malware has been removed I noticed that MBAW kept detecting a number of Linksicle and TidyNetwork objects but was unable to remove them. I haven't noticed any symptomatic performance impacts, but I would still like to remove them. Any ideas what I'm missing? I'm happy to perform re-scans as needed.

 

Thank you for your help.

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.21.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16521

Michael Coolen :: VELOCITY [limited]

 

Protection: Enabled

 

3/21/2014 11:33:29 AM

MBAM-log-2014-03-21 (11-45-05).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 229189

Time elapsed: 6 minute(s), 25 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 4

HKCR\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.Optional.TidyNetwork.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.Optional.TidyNetwork.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.Optional.TidyNetwork.A) -> No action taken.

HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> No action taken.

 

Registry Values Detected: 1

HKLM\SOFTWARE\Mozilla\Firefox\Extensions|linksicle@linksicle.com (PUP.Optional.Linksicle.A) -> Data: C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com -> No action taken.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16521

Run by Admin at 10:34:36 on 2014-03-21

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.1976 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Michael Coolen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Common Files\AOL\1308046456\ee\aolsoftware.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.



BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1308046456\ee\AOLSoftware.exe

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com




TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{0CB2CA46-39D8-48EB-A5F0-A2363E3E9172} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{AD38D717-402F-443D-8C74-A52DE26FCAA7} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B60ECCAA-44F7-419E-876A-E4852AA4027E} : DHCPNameServer = 10.0.0.3

TCP: Interfaces\{B60ECCAA-44F7-419E-876A-E4852AA4027E}\2496760244F66756 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{B60ECCAA-44F7-419E-876A-E4852AA4027E}\2496760244F66756F5548545 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{B60ECCAA-44F7-419E-876A-E4852AA4027E}\841696C60216E64602B416C656 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{B60ECCAA-44F7-419E-876A-E4852AA4027E}\E4544574541425F5548545 : DHCPNameServer = 192.168.1.250

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart

x64-RunOnce: [install Toolbar] "C:\Program Files (x86)\DriverUpdate\avgtoolbar.exe"  /INSTALL /ENABLEDSP /ENABLEHOMEPAGE /PASSWORD=TB38GF9P66 /SILENT /DISTRIBUTIONSOURCE=ts019 /LOCAL=us /PROFILE=SATB /BROWSER=DEFAULT

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bjgm0ik9.default\

.

============= SERVICES / DRIVERS ===============

.

R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-3-21 17600]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2011-2-10 297000]

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-8-12 72240]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-8-12 15920]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-6 55856]

R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2013-10-4 918144]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2013-10-4 915584]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2013-10-4 586880]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-9-11 9216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-26 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-26 701512]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]

R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-6 1494304]

R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-6 15129376]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-16 411936]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-22 121832]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-22 364520]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-10-4 26136]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-4 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-6 39200]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-2-6 888536]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-2-10 209424]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]

S3 MegaSR1;MegaSR1;C:\Windows\System32\drivers\MegaSR1.sys [2011-2-10 462344]

S3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\System32\drivers\MRVW13C.sys [2007-5-3 244736]

S3 mv91cons;mv91cons;C:\Windows\System32\drivers\mv91cons.sys [2011-3-9 24880]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-6 931168]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 83080]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 184968]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-2 19456]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]

S3 Si3124r5;Si3124r5;C:\Windows\System32\drivers\Si3124r5.sys [2011-2-10 340008]

S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-3-8 16152]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-16 56832]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-2 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-4 1255736]

.

=============== Created Last 30 ================

.

2014-03-21 17:28:49 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0ECDAC5-7C51-4E60-B79A-B0838378570D}\offreg.dll

2014-03-21 13:20:44 17600 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys

2014-03-21 13:20:07 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2014-03-21 13:15:24 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0ECDAC5-7C51-4E60-B79A-B0838378570D}\mpengine.dll

2014-03-21 13:09:05 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-03-21 13:04:10 -------- d-sh--w- C:\$RECYCLE.BIN

2014-03-21 13:04:00 -------- d-----w- C:\Users\Admin\AppData\Local\temp

2014-03-21 12:33:11 98816 ----a-w- C:\Windows\sed.exe

2014-03-21 12:33:11 256000 ----a-w- C:\Windows\PEV.exe

2014-03-21 12:33:11 208896 ----a-w- C:\Windows\MBR.exe

2014-03-21 12:24:09 -------- d-----w- C:\Windows\ERUNT

2014-03-21 12:20:05 -------- d-----w- C:\AdwCleaner

2014-03-20 21:53:56 -------- d-----w- C:\Windows\pss

2014-03-20 04:05:47 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9AE55463-3E37-4A9E-80D8-C0879001BCFA}\gapaengine.dll

2014-03-17 13:11:02 6574592 ----a-w- C:\Windows\System32\mstscax.dll

2014-03-17 13:11:02 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll

2014-03-16 22:33:28 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll

2014-03-16 22:33:28 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll

2014-03-16 22:23:51 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2014-03-12 19:12:24 228864 ----a-w- C:\Windows\System32\wwansvc.dll

2014-03-12 19:11:46 624128 ----a-w- C:\Windows\System32\qedit.dll

2014-03-12 19:11:46 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2014-03-12 19:11:45 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-03-12 19:11:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-03-09 01:23:11 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys

2014-03-09 01:23:08 -------- d-----w- C:\Users\Admin\AppData\Local\SlimWare Utilities Inc

2014-03-06 19:29:19 -------- d-----w- C:\Windows\D06BA64C444749B4B99DE85BEA9E1035.TMP

2014-03-02 15:57:19 -------- d-----w- C:\Program Files\iPod

2014-03-02 15:57:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-02 15:57:18 -------- d-----w- C:\Program Files\iTunes

2014-03-02 15:57:18 -------- d-----w- C:\Program Files (x86)\iTunes

2014-02-26 06:03:25 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll

2014-02-26 06:03:25 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll

2014-02-26 06:03:25 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll

2014-02-26 06:03:25 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll

2014-02-26 06:03:25 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll

2014-02-25 21:35:13 1885472 ----a-w- C:\Windows\System32\nvdispco6433489.dll

2014-02-25 21:35:13 1515296 ----a-w- C:\Windows\System32\nvdispgenco6433489.dll

2014-02-25 21:16:59 -------- d-----w- C:\Users\Admin\AppData\Roaming\minmaxgames

2014-02-25 21:16:49 -------- d-----w- C:\Users\Admin\AppData\Local\zachtronics industries

.

==================== Find3M  ====================

.

2014-03-17 06:22:56 118048 ----a-w- C:\Windows\System32\BootDefrag.exe

2014-03-11 22:42:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-11 22:42:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll

2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll

2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe

2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll

2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll

2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin

2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys

2014-02-05 13:26:08 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe

2014-01-30 21:22:25 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2014-01-30 21:22:24 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll

2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll

2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe

2014-01-18 00:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2014-01-18 00:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

.

============= FINISH: 10:34:46.05 ===============
Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 6/3/2011 5:05:49 PM

System Uptime: 3/21/2014 6:31:37 AM (4 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. |  | P8P67 LE

Processor: Intel® Core i5-2500 CPU @ 3.30GHz | LGA1155 | 3301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 932 GiB total, 342.694 GiB free.

D: is CDROM (UDF)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is FIXED (NTFS) - 932 GiB total, 907.288 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP585: 3/21/2014 5:33:14 AM - ComboFix created restore point

RP586: 3/21/2014 6:14:54 AM - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20

Abrosoft FantaMorph 4.0

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Creative Cloud

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Digital Editions

Adobe Download Assistant

Adobe Dreamweaver CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Help Manager

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop Elements 10

Adobe Photoshop.com Inspiration Browser

Adobe Reader XI (11.0.06)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player 12.0

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

Adobe® Content Viewer

Advertising Center

Alan Wake

Alan Wake's American Nightmare

Alien Swarm

Anomaly Warzone Earth

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

Asus 802.11n Network Adapter

Bastion

Batman: Arkham Asylum GOTY Edition

Batman: Arkham City GOTY

BioShock

BIT.TRIP RUNNER

Blacklight: Retribution

Bonjour

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.8

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities WFT Utility

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Cargo Commander

Cave Story+

CDisplay 1.8

Company of Heroes (New Steam Version)

Connect

Core Temp 1.0 RC5

Counter-Strike

Crusader Kings II

Crysis 2 Maximum Edition

D-Link DFE-530TX+

D3DX10

Darksiders

Dead Space

Dear Esther

DEFCON

Defense Grid: The Awakening

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DiRT 2

Dota 2

Dual-Core Optimizer

Dungeons of Dredmor

Dwarfs!?

EB Documentation 1.1

EB Trivial Script 0.125

Elements 10 Organizer

Europa Barbarorum 1.1

F.E.A.R. 2: Project Origin

F.E.A.R. 3

ffdshow [rev 2527] [2008-12-19]

Finale NotePad 2011

FL Studio 7

Flotilla

FTL: Faster Than Light

Galactic Arms Race

GeForce Experience NvStream Client Components

Gemini Rue

Geneforge 1

Geneforge 2

Geneforge 3

Geneforge 4

Geneforge 5

Glary Utilities 4.8

Google Chrome

Google Earth

Google Update Helper

Gratuitous Space Battles

Half-Life

Half-Life 2

Half-Life 2: Deathmatch

Half-Life 2: Episode One

Half-Life: Blue Shift

Half-Life: Opposing Force

Hi-Rez Studios Authenticate and Update Service

Home

Homefront

Hotline Miami

iCloud

ImagXpress

ImgBurn

Intel® Control Center

Intel® Management Engine Components

Intel® Watchdog Timer Driver (Intel® WDT)

Itibiti RTC

iTunes

Jamestown

Junk Mail filter update

Just Cause 2

King's Bounty: The Legend

kuler

Left 4 Dead 2

LibreOffice 4.1 Help Pack (English (United States))

LibreOffice 4.2.0.4

LIMBO

Magicka

Malwarebytes Anti-Malware version 1.75.0.1300

Mark of the Ninja

Medieval II: Total War

Medieval II: Total War Kingdoms

Metro 2033

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft IntelliType Pro 8.1

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

MINERVA: Metastasis

Mirror's Edge

Mortal Kombat Kollection

Mozilla Firefox 28.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble 1.2.3

Natural Selection 2

Nero Backup Drivers

Nero ControlCenter

Nero DiscSpeed

Nero DriveSpeed

Nero Express Help

Nero InfoTool

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero Vision Help

NeroExpress

neroxml

NewLive All Audio To Mp3 Converter 6.4

Nexuiz

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 335.21

NVIDIA 3D Vision Driver 335.23

NVIDIA Control Panel 335.23

NVIDIA GeForce Experience 1.8.1

NVIDIA Graphics Driver 335.23

NVIDIA HD Audio Driver 1.3.30.1

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.1220

NVIDIA ShadowPlay 10.11.15

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 10.11.15

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.19

Offspring Fling!

OpenAL

Orcs Must Die!

Patrician IV: Rise of a Dynasty

Patrician IV: Steam Special Edition

Penny Arcade's On the Rain-Slick Precipice of Darkness 3

Photoshop Camera Raw

PlanetSide 2

Portal

Portal 2

PSE10 STI Installer

Puzzle Pirates

PxMergeModule

QuickTime 7

Realm of the Mad God

Realtek Ethernet Controller Driver

Recruitment Viewer 0.9

Red Faction: Armageddon

Red Faction: Guerrilla 

Rome: Total War Gold Edition

Runaway: A Road Adventure

Saints Row: The Third

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

SHIELD Streaming

Sid Meier's Civilization V

Skype™ 6.11

Sonic Foundry Super Duper Music Looper

Source SDK Base 2007

Space Pirates and Zombies

SpaceChem

Spiral Knights

StarCraft II

Steam

Suite Shared Configuration CS4

Super Monday Night Combat

Superbrothers: Sword & Sworcery EP

swMSM

Team Fortress 2

Terraria

The Binding of Isaac

TI Connect 1.6

Titan Quest

Torchlight

Total War Battles: SHOGUN

Total War: SHOGUN 2

Tower Solitaire version 1.00

Toy Soldiers

Tribes: Ascend

Trine

Trine 2

Tropico 3 - Steam Special Edition

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition

ViewSonic Monitor Drivers

VirtualCloneDrive

VLC media player 2.1.1

War of the Roses

Warhammer 40,000 Space Marine

Warhammer 40,000: Dawn of War - Game of the Year Edition

Warhammer® 40,000™: Dawn of War® II

Warhammer® 40,000™: Dawn of War® II - Chaos Rising™

Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)

Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wizorb

World of Warcraft

Xiph.Org Open Codecs 0.85.17777

Zeno Clash

.

==== Event Viewer Messages From Past Week ========

.


3/21/2014 6:33:00 AM, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

3/21/2014 6:32:13 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ASPI32

3/21/2014 6:31:44 AM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

3/21/2014 5:55:09 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

3/21/2014 5:51:55 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

.

==== End Of File ===========================
Link to post
Share on other sites

RogueKiller V8.8.12 _x64_ [Mar 20 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Admin [Admin rights]

Mode : Scan -- Date : 03/22/2014 17:55:25

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA332 ATA Device +++++

--- User ---

[MBR] 969c43284a70ef9067325fee699a61ae

[bSP] fd278036bf7c2cc222e8146cbc8e6134 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic USB SD Reader USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic USB CF Reader USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic USB SM Reader USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic USB MS Reader USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Seagate FA GoFlex Desk USB Device +++++

--- User ---

[MBR] ccffd420a52e2876c88ed8e2b62ae526

[bSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) USB DISK 2.0 USB Device +++++

--- User ---

[MBR] 0a11c66c1c46fe416a975d9f0ed4eed8

[bSP] f548aabfe626d3d32e010257e1d2da44 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 58978 MB

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) HP Photosmart C5500 USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

Finished : << RKreport[0]_S_03222014_175525.txt >>

RKreport[0]_S_03212014_105236.txt

 

 

 

Link to post
Share on other sites

Please make sure you run MB like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Then...............

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.22.10

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16521

Michael Coolen :: VELOCITY [limited]

 

Protection: Enabled

 

3/23/2014 4:13:52 PM

MBAM-log-2014-03-23 (16-23-15).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 229758

Time elapsed: 6 minute(s), 1 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 4

HKCR\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.Optional.TidyNetwork.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.Optional.TidyNetwork.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.Optional.TidyNetwork.A) -> No action taken.

HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> No action taken.

 

Registry Values Detected: 1

HKLM\SOFTWARE\Mozilla\Firefox\Extensions|linksicle@linksicle.com (PUP.Optional.Linksicle.A) -> Data: C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com -> No action taken.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Link to post
Share on other sites

Here are the FRST logs. I also attached the final version of the MBAM Quick Scan log to indicate that the objects were indeed marked for quarantine and deletion. The computer restarted and I ran a MBAM Flash Scan and two MBAM Quick Scans (just for detection, so without removing what they found). It looks like the three TidyNetwork objects were finally hunted down, though they've gone undetected before, but the two Linksicle objects are still there.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Michael Coolen (ATTENTION: The logged in user is not administrator) on VELOCITY on 23-03-2014 16:30:15

Running from C:\Users\Michael Coolen\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

() C:\Users\Michael Coolen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1308046456\ee\aolsoftware.exe

(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)

HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1308046456\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)

HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-09-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM\...\Runonce: [install Toolbar] - "C:\Program Files (x86)\DriverUpdate\avgtoolbar.exe"  /INSTALL /ENABLEDSP /ENABLEHOMEPAGE /PASSWORD=TB38GF9P66 /SILENT /DISTRIBUTIONSOURCE=ts019 /LOCAL=us /PROFILE=SATB /BROWSER=DEFAULT

HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1

HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\Run: [20090604] - C:\Program Files (x86)\Encore\Hoyle Card Games 2011\Ereg\encore_reg.exe /r "C:\Program Files (x86)\Encore\Hoyle Card Games 2011\Ereg\encore_reg.rpd"

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\Run: [Akamai NetSession Interface] - "C:\Users\Michael Coolen\AppData\Local\Akamai\netsession_win.exe"

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\Run: [AdobeBridge] - [X]

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\Run: [CPN Notifier] - C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\Run: [Amazon Cloud Player] - C:\Users\Michael Coolen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3108864 2013-06-21] ()

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [73176 2014-01-30] (AOL Inc.)

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\MountPoints2: J - J:\LaunchU3.exe -a

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\MountPoints2: {934dcf73-3167-11e1-9936-00038a000015} - J:\LaunchU3.exe

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\MountPoints2: {ea2d3148-95dd-11e0-8b43-f46d04105b18} - L:\setup.exe

HKU\S-1-5-21-3425189372-4014455108-3825910120-1001\...\MountPoints2: {ff5ad491-2400-11e1-9b71-00038a000015} - J:\LaunchU3.exe -a

Startup: C:\Users\Michael Coolen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Michael Coolen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File

Toolbar: HKCU - No Name - {C5C4FD2C-C7AC-492C-A689-2E0843BA4E55} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF ProfilePath: C:\Users\Michael Coolen\AppData\Roaming\Mozilla\Firefox\Profiles\kpw6pey3.default-1395350541760


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File

FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com

 

Chrome: 

=======


CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Skype Toolbars) - C:\Users\Michael Coolen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\npSkypeChromePlugin.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File

CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\Michael Coolen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]

CHR Extension: (Adblock Plus) - C:\Users\Michael Coolen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-10]

CHR Extension: (Google Search) - C:\Users\Michael Coolen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]

CHR Extension: (Google Wallet) - C:\Users\Michael Coolen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Gmail) - C:\Users\Michael Coolen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]

CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Michael Coolen\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-06-07]

CHR HKLM-x32\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Administrator\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [2013-03-11]

 

==================== Services (Whitelisted) =================

 

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3953632 2012-03-06] (INCA Internet Co., Ltd.)

R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S3 ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [209424 2007-12-19] (AMD Technologies Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()

S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-03-16] (Glarysoft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 MegaSR1; C:\Windows\system32\drivers\MegaSR1.sys [462344 2009-07-08] (LSI Corporation, Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [151848 2007-04-15] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc)

R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2010-04-13] (Silicon Image, Inc.)

R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2010-04-13] (Silicon Image, Inc.)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-08] ()

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-23 16:30 - 2014-03-23 16:30 - 00019501 _____ () C:\Users\Michael Coolen\Downloads\FRST.txt

2014-03-23 16:29 - 2014-03-23 16:30 - 00000000 ____D () C:\FRST

2014-03-23 16:14 - 2014-03-23 16:15 - 02157056 _____ (Farbar) C:\Users\Michael Coolen\Downloads\FRST64.exe

2014-03-22 17:55 - 2014-03-22 17:55 - 00003642 _____ () C:\Users\Admin\Desktop\RKreport[0]_S_03222014_175525.txt

2014-03-22 17:39 - 2014-03-22 17:43 - 00000000 ___SD () C:\Users\Michael Coolen\Documents\My MP3

2014-03-22 17:39 - 2014-03-22 17:39 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Local\CrashDumps

2014-03-22 17:38 - 2014-03-22 17:38 - 00001053 _____ () C:\Users\Michael Coolen\Desktop\MP3Resizer.lnk

2014-03-22 17:37 - 2014-03-22 17:37 - 02488625 _____ (Skyshape Software ) C:\Users\Michael Coolen\Downloads\mp3resizersetup(1).exe

2014-03-22 17:37 - 2014-03-22 17:37 - 00001035 _____ () C:\Users\Admin\Desktop\MP3Resizer.lnk

2014-03-22 17:37 - 2014-03-22 17:37 - 00000000 ____D () C:\Program Files (x86)\MP3Resizer

2014-03-22 17:36 - 2014-03-22 17:36 - 02488625 _____ (Skyshape Software ) C:\Users\Michael Coolen\Downloads\mp3resizersetup.exe

2014-03-22 17:33 - 2014-03-22 17:33 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Local\Windows Live

2014-03-22 17:33 - 2014-03-22 17:33 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Local\{0B8BEF12-683F-454B-AA35-EAF442F7D647}

2014-03-21 17:08 - 2014-03-21 17:08 - 01141680 _____ () C:\Users\Michael Coolen\Downloads\SteamSetup.exe

2014-03-21 17:08 - 2014-03-21 17:08 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-03-21 11:48 - 2014-03-21 11:48 - 00688992 _____ (Swearware) C:\Users\Michael Coolen\Downloads\dds.scr

2014-03-21 10:52 - 2014-03-21 10:52 - 00003376 _____ () C:\Users\Admin\Desktop\RKreport[0]_S_03212014_105236.txt

2014-03-21 10:50 - 2014-03-21 10:53 - 00000000 ____D () C:\Users\Admin\Desktop\RK_Quarantine

2014-03-21 10:50 - 2014-03-21 10:50 - 04486144 _____ () C:\Users\Michael Coolen\Downloads\RogueKillerX64.exe

2014-03-21 10:30 - 2014-03-21 10:35 - 00021392 _____ () C:\Users\Admin\Desktop\dds.txt

2014-03-21 10:30 - 2014-03-21 10:35 - 00013365 _____ () C:\Users\Admin\Desktop\attach.txt

2014-03-21 06:20 - 2014-03-16 23:07 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys

2014-03-21 06:18 - 2014-03-21 06:19 - 00000000 ____D () C:\Users\Michael Coolen\Downloads\Choir Photos

2014-03-21 06:17 - 2014-03-21 06:19 - 25200168 _____ (Mozilla) C:\Users\Admin\Downloads\Mozilla_Firefox_v28.0.exe

2014-03-21 06:17 - 2014-03-21 06:18 - 12448960 _____ () C:\Users\Admin\Downloads\Glary_Utilities_v4.8.0.97.exe

2014-03-21 06:03 - 2014-03-21 06:03 - 00026647 _____ () C:\ComboFix.txt

2014-03-21 05:33 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-03-21 05:33 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-03-21 05:33 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-03-21 05:33 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-03-21 05:33 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-03-21 05:33 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe

2014-03-21 05:33 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe

2014-03-21 05:33 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe

2014-03-21 05:31 - 2014-03-21 06:04 - 00000000 ____D () C:\Qoobox

2014-03-21 05:31 - 2014-03-21 06:01 - 00000000 ____D () C:\Windows\erdnt

2014-03-21 05:29 - 2014-03-21 05:29 - 00001531 _____ () C:\Users\Admin\Desktop\JRT.txt

2014-03-21 05:24 - 2014-03-21 05:24 - 00000000 ____D () C:\Windows\ERUNT

2014-03-21 05:20 - 2014-03-21 05:20 - 00000000 ____D () C:\AdwCleaner

2014-03-21 05:19 - 2014-03-21 05:19 - 05190052 ____R (Swearware) C:\Users\Michael Coolen\Downloads\ComboFix.exe

2014-03-21 05:19 - 2014-03-21 05:19 - 01037734 _____ (Thisisu) C:\Users\Michael Coolen\Downloads\JRT.exe

2014-03-21 05:18 - 2014-03-21 05:19 - 01950720 _____ () C:\Users\Michael Coolen\Downloads\AdwCleaner.exe

2014-03-20 14:53 - 2014-03-20 14:53 - 00000000 ____D () C:\Windows\pss

2014-03-17 06:11 - 2014-01-08 19:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-03-17 06:11 - 2014-01-03 15:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-03-16 22:03 - 2014-03-16 22:03 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\New folder (2)

2014-03-16 15:34 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2014-03-16 15:34 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-03-16 15:34 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-03-16 15:34 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2014-03-16 15:34 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2014-03-16 15:34 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-03-16 15:34 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2014-03-16 15:34 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2014-03-16 15:34 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2014-03-16 15:34 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2014-03-16 15:34 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2014-03-16 15:34 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2014-03-16 15:34 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-03-16 15:34 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-03-16 15:34 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2014-03-16 15:34 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-03-16 15:33 - 2013-09-24 19:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-03-16 15:33 - 2013-09-24 18:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-03-16 15:25 - 2014-03-16 15:26 - 12393008 _____ () C:\Users\Admin\Downloads\Glary_Utilities_v4.7.0.96.exe

2014-03-16 15:23 - 2014-03-04 04:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-03-16 15:18 - 2014-03-04 07:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-03-16 15:18 - 2014-03-04 07:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-03-16 15:18 - 2014-03-04 07:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2014-03-12 12:12 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-12 12:12 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-12 12:12 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-12 12:12 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-12 12:12 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-12 12:12 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-12 12:12 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-12 12:12 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-12 12:12 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-12 12:12 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-12 12:12 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-12 12:12 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-12 12:12 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-12 12:12 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-12 12:12 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-12 12:12 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-12 12:12 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-12 12:12 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-12 12:12 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-12 12:12 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-12 12:12 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-12 12:12 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-12 12:12 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-12 12:12 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-12 12:12 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-12 12:12 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-12 12:12 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-12 12:12 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-12 12:12 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-12 12:12 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-12 12:12 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-12 12:12 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-12 12:12 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-12 12:12 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-12 12:12 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-12 12:12 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-12 12:12 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-12 12:12 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-12 12:12 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-12 12:12 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-12 12:12 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-12 12:12 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-12 12:12 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-12 12:12 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-12 12:11 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-12 12:11 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-12 12:11 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-12 12:11 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-03-10 05:55 - 2014-03-21 13:40 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\Tristan's Files

2014-03-10 05:53 - 2014-03-20 14:55 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\Memoir Ideas started

2014-03-08 18:23 - 2014-03-08 18:23 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys

2014-03-08 18:23 - 2014-03-08 18:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\SlimWare Utilities Inc

2014-03-08 18:04 - 2014-03-08 18:04 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2014-03-08 17:45 - 2014-03-08 17:46 - 00739704 _____ (SlimWare Utilities, Inc.) C:\Users\Admin\Downloads\DriverUpdate-setup.exe

2014-03-06 12:55 - 2014-03-06 12:55 - 00297732 _____ () C:\Users\Admin\Downloads\ticoder.zip

2014-03-06 12:55 - 2014-03-06 12:55 - 00000000 ____D () C:\Users\Admin\Downloads\ticoder

2014-03-06 12:48 - 2014-03-06 12:48 - 00027536 _____ () C:\Users\Michael Coolen\Downloads\tibasic-1.4.4.zip

2014-03-06 12:29 - 2014-03-06 12:29 - 00000000 ____D () C:\Windows\D06BA64C444749B4B99DE85BEA9E1035.TMP

2014-03-06 12:25 - 2014-03-06 12:25 - 00297732 _____ () C:\Users\Michael Coolen\Downloads\ticoder.zip

2014-03-06 12:24 - 2014-03-06 12:25 - 18089328 _____ () C:\Users\Michael Coolen\Downloads\TI-Connect-4.0.0.218.exe

2014-03-04 08:54 - 2014-03-10 05:54 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\A quite exceptional

2014-03-02 08:57 - 2014-03-02 08:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-02 08:57 - 2014-03-02 08:58 - 00000000 ____D () C:\Program Files\iTunes

2014-03-02 08:57 - 2014-03-02 08:58 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-03-02 08:57 - 2014-03-02 08:57 - 00000000 ____D () C:\Program Files\iPod

2014-02-26 15:04 - 2014-02-26 15:04 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Local\Blizzard Entertainment

2014-02-25 23:03 - 2014-02-25 23:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-02-25 15:13 - 2014-02-25 15:13 - 12096128 _____ () C:\Users\Admin\Downloads\gu4setup (2).exe

2014-02-25 14:41 - 2014-02-25 14:41 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-02-25 14:35 - 2014-02-08 11:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll

2014-02-25 14:35 - 2014-02-08 11:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll

2014-02-25 14:16 - 2014-02-25 14:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\minmaxgames

2014-02-25 14:16 - 2014-02-25 14:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\zachtronics industries

2014-02-25 12:39 - 2014-02-25 12:39 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Roaming\qBittorrent

2014-02-25 12:39 - 2014-02-25 12:39 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Local\qBittorrent

 

==================== One Month Modified Files and Folders =======

 

2014-03-23 16:30 - 2014-03-23 16:30 - 00019501 _____ () C:\Users\Michael Coolen\Downloads\FRST.txt

2014-03-23 16:30 - 2014-03-23 16:29 - 00000000 ____D () C:\FRST

2014-03-23 16:27 - 2013-09-20 17:06 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Roaming\Dropbox

2014-03-23 16:27 - 2012-09-09 11:45 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-03-23 16:27 - 2011-10-24 16:51 - 00130252 _____ () C:\Windows\setupact.log

2014-03-23 16:27 - 2011-06-20 20:34 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-23 16:26 - 2014-01-16 14:12 - 00000358 _____ () C:\Windows\Tasks\SoftwareUpdateGU4.job

2014-03-23 16:26 - 2011-06-05 11:18 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-03-23 16:26 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-23 16:25 - 2011-05-25 12:54 - 01719806 _____ () C:\Windows\WindowsUpdate.log

2014-03-23 16:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing

2014-03-23 16:15 - 2014-03-23 16:14 - 02157056 _____ (Farbar) C:\Users\Michael Coolen\Downloads\FRST64.exe

2014-03-23 16:00 - 2011-06-20 20:34 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-23 15:42 - 2012-05-20 11:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-23 05:44 - 2013-06-02 10:56 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\Mike's Book

2014-03-23 05:34 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-23 05:34 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-22 17:55 - 2014-03-22 17:55 - 00003642 _____ () C:\Users\Admin\Desktop\RKreport[0]_S_03222014_175525.txt

2014-03-22 17:49 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-22 17:43 - 2014-03-22 17:39 - 00000000 ___SD () C:\Users\Michael Coolen\Documents\My MP3

2014-03-22 17:39 - 2014-03-22 17:39 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Local\CrashDumps

2014-03-22 17:38 - 2014-03-22 17:38 - 00001053 _____ () C:\Users\Michael Coolen\Desktop\MP3Resizer.lnk

2014-03-22 17:37 - 2014-03-22 17:37 - 02488625 _____ (Skyshape Software ) C:\Users\Michael Coolen\Downloads\mp3resizersetup(1).exe

2014-03-22 17:37 - 2014-03-22 17:37 - 00001035 _____ () C:\Users\Admin\Desktop\MP3Resizer.lnk

2014-03-22 17:37 - 2014-03-22 17:37 - 00000000 ____D () C:\Program Files (x86)\MP3Resizer

2014-03-22 17:36 - 2014-03-22 17:36 - 02488625 _____ (Skyshape Software ) C:\Users\Michael Coolen\Downloads\mp3resizersetup.exe

2014-03-22 17:33 - 2014-03-22 17:33 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Local\Windows Live

2014-03-22 17:33 - 2014-03-22 17:33 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Local\{0B8BEF12-683F-454B-AA35-EAF442F7D647}

2014-03-21 21:54 - 2013-04-15 21:44 - 03052032 ___SH () C:\Users\Michael Coolen\Desktop\Thumbs.db

2014-03-21 17:08 - 2014-03-21 17:08 - 01141680 _____ () C:\Users\Michael Coolen\Downloads\SteamSetup.exe

2014-03-21 17:08 - 2014-03-21 17:08 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-03-21 16:58 - 2013-09-20 17:10 - 00000000 ___RD () C:\Users\Michael Coolen\Dropbox

2014-03-21 16:58 - 2011-06-03 17:05 - 00000000 ___RD () C:\Users\Michael Coolen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-21 13:40 - 2014-03-10 05:55 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\Tristan's Files

2014-03-21 11:48 - 2014-03-21 11:48 - 00688992 _____ (Swearware) C:\Users\Michael Coolen\Downloads\dds.scr

2014-03-21 10:53 - 2014-03-21 10:50 - 00000000 ____D () C:\Users\Admin\Desktop\RK_Quarantine

2014-03-21 10:52 - 2014-03-21 10:52 - 00003376 _____ () C:\Users\Admin\Desktop\RKreport[0]_S_03212014_105236.txt

2014-03-21 10:50 - 2014-03-21 10:50 - 04486144 _____ () C:\Users\Michael Coolen\Downloads\RogueKillerX64.exe

2014-03-21 10:35 - 2014-03-21 10:30 - 00021392 _____ () C:\Users\Admin\Desktop\dds.txt

2014-03-21 10:35 - 2014-03-21 10:30 - 00013365 _____ () C:\Users\Admin\Desktop\attach.txt

2014-03-21 06:31 - 2014-02-02 13:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-21 06:31 - 2010-11-20 20:47 - 00719992 _____ () C:\Windows\PFRO.log

2014-03-21 06:20 - 2014-02-14 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-21 06:20 - 2014-02-02 13:33 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-03-21 06:20 - 2013-11-19 15:04 - 00001084 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk

2014-03-21 06:20 - 2013-11-19 15:04 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job

2014-03-21 06:20 - 2013-11-19 15:04 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4

2014-03-21 06:19 - 2014-03-21 06:18 - 00000000 ____D () C:\Users\Michael Coolen\Downloads\Choir Photos

2014-03-21 06:19 - 2014-03-21 06:17 - 25200168 _____ (Mozilla) C:\Users\Admin\Downloads\Mozilla_Firefox_v28.0.exe

2014-03-21 06:18 - 2014-03-21 06:17 - 12448960 _____ () C:\Users\Admin\Downloads\Glary_Utilities_v4.8.0.97.exe

2014-03-21 06:04 - 2014-03-21 05:31 - 00000000 ____D () C:\Qoobox

2014-03-21 06:04 - 2012-10-09 14:16 - 00000000 ____D () C:\Users\Michael

2014-03-21 06:04 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default

2014-03-21 06:03 - 2014-03-21 06:03 - 00026647 _____ () C:\ComboFix.txt

2014-03-21 06:01 - 2014-03-21 05:31 - 00000000 ____D () C:\Windows\erdnt

2014-03-21 05:55 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini

2014-03-21 05:29 - 2014-03-21 05:29 - 00001531 _____ () C:\Users\Admin\Desktop\JRT.txt

2014-03-21 05:24 - 2014-03-21 05:24 - 00000000 ____D () C:\Windows\ERUNT

2014-03-21 05:20 - 2014-03-21 05:20 - 00000000 ____D () C:\AdwCleaner

2014-03-21 05:19 - 2014-03-21 05:19 - 05190052 ____R (Swearware) C:\Users\Michael Coolen\Downloads\ComboFix.exe

2014-03-21 05:19 - 2014-03-21 05:19 - 01037734 _____ (Thisisu) C:\Users\Michael Coolen\Downloads\JRT.exe

2014-03-21 05:19 - 2014-03-21 05:18 - 01950720 _____ () C:\Users\Michael Coolen\Downloads\AdwCleaner.exe

2014-03-20 14:55 - 2014-03-10 05:53 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\Memoir Ideas started

2014-03-20 14:53 - 2014-03-20 14:53 - 00000000 ____D () C:\Windows\pss

2014-03-18 08:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

2014-03-16 23:22 - 2014-01-16 14:11 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe

2014-03-16 23:07 - 2014-03-21 06:20 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys

2014-03-16 22:03 - 2014-03-16 22:03 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\New folder (2)

2014-03-16 15:41 - 2012-07-17 13:03 - 00000000 ____D () C:\Users\Admin

2014-03-16 15:31 - 2013-07-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-16 15:28 - 2011-06-04 17:42 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-16 15:26 - 2014-03-16 15:25 - 12393008 _____ () C:\Users\Admin\Downloads\Glary_Utilities_v4.7.0.96.exe

2014-03-16 15:23 - 2011-06-05 11:18 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-03-15 08:02 - 2013-02-24 00:28 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-03-13 08:02 - 2014-01-21 09:50 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\Iain Stuff

2014-03-13 06:26 - 2009-07-13 21:45 - 05228848 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-13 06:25 - 2012-05-11 13:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-13 06:25 - 2012-05-11 13:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-12 22:41 - 2011-06-05 09:49 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-03-11 15:42 - 2012-05-20 11:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-11 15:42 - 2011-06-04 18:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-10 05:54 - 2014-03-04 08:54 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\A quite exceptional

2014-03-08 18:23 - 2014-03-08 18:23 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys

2014-03-08 18:23 - 2014-03-08 18:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\SlimWare Utilities Inc

2014-03-08 18:13 - 2012-10-16 22:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe

2014-03-08 18:04 - 2014-03-08 18:04 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2014-03-08 17:46 - 2014-03-08 17:45 - 00739704 _____ (SlimWare Utilities, Inc.) C:\Users\Admin\Downloads\DriverUpdate-setup.exe

2014-03-06 15:29 - 2011-06-05 14:08 - 00000000 ____D () C:\Users\Michael Coolen\Desktop\Mike's Stuff

2014-03-06 12:55 - 2014-03-06 12:55 - 00297732 _____ () C:\Users\Admin\Downloads\ticoder.zip

2014-03-06 12:55 - 2014-03-06 12:55 - 00000000 ____D () C:\Users\Admin\Downloads\ticoder

2014-03-06 12:48 - 2014-03-06 12:48 - 00027536 _____ () C:\Users\Michael Coolen\Downloads\tibasic-1.4.4.zip

2014-03-06 12:29 - 2014-03-06 12:29 - 00000000 ____D () C:\Windows\D06BA64C444749B4B99DE85BEA9E1035.TMP

2014-03-06 12:25 - 2014-03-06 12:25 - 00297732 _____ () C:\Users\Michael Coolen\Downloads\ticoder.zip

2014-03-06 12:25 - 2014-03-06 12:24 - 18089328 _____ () C:\Users\Michael Coolen\Downloads\TI-Connect-4.0.0.218.exe

2014-03-05 16:17 - 2011-07-01 08:15 - 00000000 ____D () C:\Program Files (x86)\StarCraft II

2014-03-04 07:35 - 2014-03-16 15:18 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-03-04 07:35 - 2014-03-16 15:18 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-03-04 07:35 - 2014-03-16 15:18 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2014-03-04 07:35 - 2013-09-27 13:02 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2014-03-04 07:35 - 2013-09-27 13:02 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2014-03-04 07:35 - 2012-10-10 22:23 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2014-03-04 07:35 - 2012-10-10 22:23 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2014-03-04 07:35 - 2012-10-10 22:23 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2014-03-04 07:35 - 2011-06-05 11:15 - 00024544 _____ () C:\Windows\system32\nvinfo.pb

2014-03-04 06:06 - 2011-06-05 11:17 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2014-03-04 06:06 - 2011-06-05 11:17 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2014-03-04 06:05 - 2012-09-13 11:00 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin

2014-03-04 06:05 - 2011-06-05 11:17 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2014-03-04 06:05 - 2011-06-05 11:17 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2014-03-04 06:05 - 2011-06-05 11:17 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2014-03-04 04:32 - 2014-03-16 15:23 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-03-02 08:58 - 2014-03-02 08:57 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-02 08:58 - 2014-03-02 08:57 - 00000000 ____D () C:\Program Files\iTunes

2014-03-02 08:58 - 2014-03-02 08:57 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-03-02 08:58 - 2014-02-02 13:24 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-02 08:57 - 2014-03-02 08:57 - 00000000 ____D () C:\Program Files\iPod

2014-02-28 23:05 - 2014-03-12 12:12 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-28 22:17 - 2014-03-12 12:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-28 22:16 - 2014-03-12 12:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-28 21:58 - 2014-03-12 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-28 21:52 - 2014-03-12 12:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-28 21:51 - 2014-03-12 12:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-28 21:42 - 2014-03-12 12:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-28 21:40 - 2014-03-12 12:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-28 21:37 - 2014-03-12 12:12 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-28 21:33 - 2014-03-12 12:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-28 21:33 - 2014-03-12 12:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-28 21:32 - 2014-03-12 12:12 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-28 21:30 - 2014-03-12 12:12 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-28 21:23 - 2014-03-12 12:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-02-28 21:17 - 2014-03-12 12:12 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-28 21:11 - 2014-03-12 12:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-28 21:02 - 2014-03-12 12:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-28 20:54 - 2014-03-12 12:12 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-28 20:52 - 2014-03-12 12:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-28 20:51 - 2014-03-12 12:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-28 20:47 - 2014-03-12 12:12 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-28 20:43 - 2014-03-12 12:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-28 20:43 - 2014-03-12 12:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-28 20:42 - 2014-03-12 12:12 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-28 20:40 - 2014-03-12 12:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-28 20:38 - 2014-03-12 12:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-28 20:37 - 2014-03-12 12:12 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-28 20:35 - 2014-03-12 12:12 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-28 20:18 - 2014-03-12 12:12 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-28 20:16 - 2014-03-12 12:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-28 20:14 - 2014-03-12 12:12 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-28 20:10 - 2014-03-12 12:12 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-28 20:03 - 2014-03-12 12:12 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-28 20:00 - 2014-03-12 12:12 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-28 19:57 - 2014-03-12 12:12 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-28 19:38 - 2014-03-12 12:12 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-28 19:32 - 2014-03-12 12:12 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-28 19:27 - 2014-03-12 12:12 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-28 19:25 - 2014-03-12 12:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-28 19:25 - 2014-03-12 12:12 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-26 15:04 - 2014-02-26 15:04 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Local\Blizzard Entertainment

2014-02-26 14:42 - 2011-07-01 08:15 - 00000000 ____D () C:\Users\Michael Coolen\Documents\StarCraft II

2014-02-25 23:03 - 2014-02-25 23:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-02-25 23:03 - 2013-05-27 14:48 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-02-25 15:13 - 2014-02-25 15:13 - 12096128 _____ () C:\Users\Admin\Downloads\gu4setup (2).exe

2014-02-25 14:41 - 2014-02-25 14:41 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-02-25 14:16 - 2014-02-25 14:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\minmaxgames

2014-02-25 14:16 - 2014-02-25 14:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\zachtronics industries

2014-02-25 12:39 - 2014-02-25 12:39 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Roaming\qBittorrent

2014-02-25 12:39 - 2014-02-25 12:39 - 00000000 ____D () C:\Users\Michael Coolen\AppData\Local\qBittorrent

2014-02-24 23:59 - 2011-10-30 17:47 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-02-24 23:59 - 2011-10-30 17:47 - 00000000 ____D () C:\ProgramData\Skype

 

Files to move or delete:

====================

C:\ProgramData\hash.dat

 

 

Some content of TEMP:

====================

C:\Users\Admin\AppData\Local\Temp\ntdll_dump.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

Addition.txt

mbam-log-2014-03-23 (16-13-52).txt

Link to post
Share on other sites

Great, thanks. Oh and one last thing, I've gone looking for C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com, but as far as I can tell the extensions folder does not exist. I've double-checked to ensure that all my hidden files were visible (using this checklist http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/) but there was no folder visible and I couldn't navigate to it directly via the Title Bar. When I checked the Firefox Add-On settings there was no sign of any recognized extensions. I had reset the browser when I was working on the problem prior to posting this topic, and so perhaps the objects are actually registry errors stemming from that action.

Link to post
Share on other sites

In fact, I took a hunch that it was a rights issue and rebooted into Safe Mode as the Administrator, then ran a MBAM Flash Scan and it finally removed those last two objects. MBAM is reporting a clean bill of health now, so I don't think that I'll need any more help unless you have some further recommendations. Thank you so kindly for your time. You and your colleagues here are providing a wonderful service.

Link to post
Share on other sites

A little more work to do...........

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then......

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Last.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by Admin at 2014-03-24 09:14:39 Run:1

Running from C:\Users\Michael Coolen\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\ProgramData\hash.dat

HKLM\...\Runonce: [install Toolbar] - "C:\Program Files (x86)\DriverUpdate\avgtoolbar.exe"  /INSTALL /ENABLEDSP /ENABLEHOMEPAGE /PASSWORD=TB38GF9P66 /SILENT /DISTRIBUTIONSOURCE=ts019 /LOCAL=us /PROFILE=SATB /BROWSER=DEFAULT

Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File

Toolbar: HKCU - No Name - {C5C4FD2C-C7AC-492C-A689-2E0843BA4E55} -  No File

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File

FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFLB0RPNM4G60MVP89TH1FCRVYKXFSPF7VB4VP4GV

AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_SBXNV9VVGV1BFLB0RPNM4G60MVP89TH1FCRVYKXFSPF7VB4VP4GV

AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_SBXNV9VVGV1BFLB0RPNM4G60MVP89TH1FCRVYKXFSPF7VB4VP4GV

AlternateDataStreams: C:\ProgramData\TEMP:88050731

 

*****************

 

C:\ProgramData\hash.dat => Moved successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Install Toolbar => Value not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} => Value not found.

HKCR\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55} => Value not found.

HKCR\CLSID\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55} => Key not found.

HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.

"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.

HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.

HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeExManDetect => Key deleted successfully.

C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll not found.

HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin => Key deleted successfully.

C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll not found.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\linksicle@linksicle.com => Value not found.

C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll not found.

C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll not found.

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.

C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.

C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.

C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll not found.

C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.

C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.

C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.

C:\Windows\system32\Adobe\Director\np32dsw.dll not found.

c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll not found.

C:\ProgramData => ":$SS_DESCRIPTOR_SBXNV9VVGV1BFLB0RPNM4G60MVP89TH1FCRVYKXFSPF7VB4VP4GV" ADS removed successfully.

"C:\Users\All Users" => ":$SS_DESCRIPTOR_SBXNV9VVGV1BFLB0RPNM4G60MVP89TH1FCRVYKXFSPF7VB4VP4GV" ADS not found.

"C:\ProgramData\Application Data" => ":$SS_DESCRIPTOR_SBXNV9VVGV1BFLB0RPNM4G60MVP89TH1FCRVYKXFSPF7VB4VP4GV" ADS not found.

C:\ProgramData\TEMP => ":88050731" ADS removed successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.81  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Reader XI  

 Mozilla Firefox (28.0) 

 Google Chrome 33.0.1750.146  

 Google Chrome 33.0.1750.154  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Looks Good!

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.