Jump to content

Recommended Posts

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for your help MrCharlie.I'm running MBAM 2.0 premium and before running
roguekiller i did a threat scan which showed no threats.
Here's the roguekiller report.

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Neil [Admin rights]
Mode : Scan -- Date : 04/02/2014 15:38:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][ROGUE ST] 4573 : wscript.exe - C:\Users\Neil\AppData\Local\Temp\launchie.vbs //B -> FOUND
[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Neil\AppData\Local\Temp\IHUEBF4.tmp.exe [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA SAMSUNG HM641JI SCSI Disk Device +++++
--- User ---
[MBR] 8ef7fa14b73d658c01cf77d27b2dabf6
[bSP] cc73dae0d88cdf314856497c40e502ec : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 589678 MB
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1207869440 | Size: 20700 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04022014_153840.txt >>



 

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[V2][ROGUE ST] 4573 : wscript.exe - C:\Users\Neil\AppData\Local\Temp\launchie.vbs //B -> FOUND

[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Neil\AppData\Local\Temp\IHUEBF4.tmp.exe [x][x] -> FOUND

Now click Delete on the right hand column under Options

-------------

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

What are you using as your anti-virus?? AVAST or Defender....you can't have both running

----------------------------------------------

Did you run TDSSKiller?? Logs??

MrC

Link to post
Share on other sites

I've always had Avast Internet Security running aswell as Windows defender,i always thought they

were supposed to run side by side without any issues.

Sorry i forgot the TDSSKiller log file,it did'nt find anything untoward.But here it is.

TDSSKiller.3.0.0.26_02.04.2014_18.37.49_log.txt

Link to post
Share on other sites

I've always had Avast Internet Security running aswell as Windows defender,i always thought they
were supposed to run side by side without any issues.


It's really not recommended, for now please disable it:
How to Disable Defender

Dangers of running 2 anti-virus programs

--------------------------------------------

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Please download the latest update for Malwarebytes from the link below...install them:
http://data-cdn.mbamupdates.com/tools/mbam-rules.exe

Please run a Threat Scan and post the logs.

MrC

Link to post
Share on other sites

Just ran AdwCleaner and it found 7 reg keys to be removed i was'nt sure ii i should
remove these so i unchecked the boxes so they would'nt be  removed.
I also disabled Windows defender.

# AdwCleaner v3.023 - Report created 02/04/2014 at 21:28:31
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Neil - NEIL-PC
# Running from : C:\Users\Neil\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\9zhrf1mc.default-1387121204892\prefs.js ]


*************************

AdwCleaner[R0].txt - [2850 octets] - [25/11/2013 20:59:13]
AdwCleaner[R1].txt - [894 octets] - [26/11/2013 13:58:15]
AdwCleaner[R2].txt - [1084 octets] - [14/12/2013 01:31:38]
AdwCleaner[R3].txt - [1142 octets] - [30/01/2014 10:04:22]
AdwCleaner[R4].txt - [1262 octets] - [09/02/2014 10:30:52]
AdwCleaner[R5].txt - [1382 octets] - [13/02/2014 12:48:14]
AdwCleaner[R6].txt - [2360 octets] - [17/02/2014 16:10:17]
AdwCleaner[R7].txt - [2373 octets] - [17/02/2014 16:33:10]
AdwCleaner[R8].txt - [1854 octets] - [02/04/2014 21:28:31]
AdwCleaner[s0].txt - [2923 octets] - [25/11/2013 21:01:12]
AdwCleaner[s1].txt - [954 octets] - [26/11/2013 13:59:20]
AdwCleaner[s2].txt - [1150 octets] - [14/12/2013 01:35:58]
AdwCleaner[s3].txt - [1204 octets] - [30/01/2014 10:05:52]
AdwCleaner[s4].txt - [1324 octets] - [09/02/2014 10:32:12]
AdwCleaner[s5].txt - [2458 octets] - [17/02/2014 16:34:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [2273 octets] ##########

Link to post
Share on other sites

i deleted those 7 reg keys from AdwCleaner and i updated and ran an
MBAM 2.0 threat scan,here's the log file.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/04/2014
Scan Time: 22:03:28
Logfile: MBAM log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.02.08
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Neil

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381232
Time Elapsed: 20 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

The problem is still there..correct?

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Yeah still there,still wont auto update,stil no auto update notification.The

auto update worked fine on the 1.75 version.Here's a sccreenshot of the

auto update settings,don't know if it will help at all.

 

MBAMAUTO.jpg

MBAMAUTOUPDATE.jpg

Link to post
Share on other sites

Here's the farbar log,there's only one as it's the second time i've used it.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Neil (administrator) on NEIL-PC on 02-04-2014 23:03:42
Running from C:\Users\Neil\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Acrylic DNS Proxy\AcrylicService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\nlssrv32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(SparkLabs) C:\Program Files\Viscosity\ViscosityService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Acronis) C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe
(Microsoft Corporation) C:\windows\sysWOW64\wbem\wmiprvse.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Creative SB Monitoring Utility] - C:\windows\system32\sbavmon.dll [109056 2010-01-12] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-27] (AVAST Software)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3229218069-4286818700-2186583130-1000\...\Run: [Power2GoExpress8] - NA
HKU\S-1-5-21-3229218069-4286818700-2186583130-1000\...\RunOnce: [inetReg] - "C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6
HKU\S-1-5-21-3229218069-4286818700-2186583130-1005\...\RunOnce: [inetReg] - "C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6F1EAE5B-28F1-4561-8D35-24A1006BB693} URL = http://www.bing.com/search?q={searchTerms}&r=644
SearchScopes: HKCU - {807B81D4-C1C9-418B-9ACD-C6B70DFA24AB} URL = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=c935b4839da949198876401b992ee2b7&tu=10G9y00Ak2B0Ca0&sku=&tstsId=&ver=&&r=312
SearchScopes: HKCU - {E6F29360-3E5E-4C8D-B937-46235E171FC2} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{07957024-83CF-4988-A36A-424CB4C58F3D}: [NameServer]127.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\9zhrf1mc.default-1387121204892

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @ei.RecipeHub_2j.com/Plugin - C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\NP2jEISB.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Extension: ContextMenuPlus - C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\9zhrf1mc.default-1387121204892\Extensions\jid1-JslOo8hXnC8AZA@jetpack.xpi [2013-12-16]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\9zhrf1mc.default-1387121204892\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-01-03]
FF Extension: eBay Sidebar for Firefox - C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\9zhrf1mc.default-1387121204892\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2014-02-08]
FF Extension: Adblock Plus - C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\9zhrf1mc.default-1387121204892\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-05-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-30]

==================== Services (Whitelisted) =================

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1906576 2010-10-22] (Acronis)
R2 AcrylicController; C:\Program Files (x86)\Acrylic DNS Proxy\AcrylicService.exe [508928 2013-08-20] ()
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
S3 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-03-27] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 DMS; C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [4632864 2010-10-22] (Acronis)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 ViscosityService; C:\Program Files\Viscosity\ViscosityService.exe [46368 2013-12-18] (SparkLabs)
S3 Media Center 19 Service; C:\Program Files (x86)\J River\Media Center 19\JRService.exe [X]

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-03-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-27] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [445304 2014-03-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-27] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-27] ()
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90096 2011-09-08] (CyberLink)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2013-10-05] (Digiarty Software, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1558528 2013-03-26] (Creative Technology Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [23968 2013-02-07] (Resplendence Software Projects Sp.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-29] (Windows ® 2003 DDK 3790 provider)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [108296 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [19720 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [144648 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [126216 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [31496 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [123656 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [130824 2007-04-03] (MCCI Corporation)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-07-25] (Synaptics Incorporated)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2011-12-08] (MCCI Corporation)
S3 subvgaproduct64; C:\Windows\System32\DRIVERS\subvga64.sys [5120 2013-08-23] (Windows ® Win 7 DDK provider)
S2 thdudf; C:\Windows\SysWOW64\DRIVERS\thdudf.sys [66944 2012-01-10] (TOSHIBA Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [287304 2012-07-07] (BitDefender S.R.L.)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [31744 2013-12-18] (The OpenVPN Project)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2011-09-06] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SBIOSIO; \??\C:\Users\Neil\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-02 23:03 - 2014-04-02 23:03 - 00024857 _____ () C:\Users\Neil\Downloads\FRST.txt
2014-04-02 21:41 - 2014-04-02 21:41 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\Neil\Downloads\mbam-rules.exe
2014-04-02 21:41 - 2014-04-02 21:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 21:25 - 2014-04-02 21:25 - 01426178 _____ () C:\Users\Neil\Downloads\AdwCleaner(1).exe
2014-04-02 19:46 - 2014-04-02 19:46 - 00034767 _____ () C:\ComboFix.txt
2014-04-02 18:29 - 2014-04-02 18:29 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Neil\Desktop\tdsskiller.exe
2014-04-02 18:28 - 2014-04-02 18:28 - 00002455 _____ () C:\Users\Neil\Desktop\RKreport[0]_D_04022014_182811.txt
2014-04-02 18:26 - 2014-04-02 18:26 - 00002387 _____ () C:\Users\Neil\Desktop\RKreport[0]_S_04022014_182610.txt
2014-04-02 17:24 - 2014-04-02 17:25 - 00991232 _____ () C:\Users\Neil\Downloads\MicrosoftFixit50267.msi
2014-04-02 15:38 - 2014-04-02 15:38 - 00004807 _____ () C:\Users\Neil\Desktop\RKreport[0]_S_04022014_153840.txt
2014-04-02 15:32 - 2014-04-02 15:38 - 00000000 ____D () C:\Users\Neil\Desktop\RK_Quarantine
2014-04-02 15:31 - 2014-04-02 15:31 - 04527616 _____ () C:\Users\Neil\Downloads\RogueKillerX64.exe
2014-04-02 09:35 - 2014-04-02 23:03 - 00000000 ____D () C:\FRST
2014-04-02 09:34 - 2014-04-02 09:34 - 02157056 _____ (Farbar) C:\Users\Neil\Downloads\FRST64.exe
2014-04-02 09:31 - 2014-04-02 09:31 - 00049639 _____ () C:\Users\Neil\Desktop\CheckResults.txt
2014-04-02 09:27 - 2014-04-02 09:27 - 00029777 _____ () C:\Users\Neil\Desktop\dds.txt
2014-04-02 09:27 - 2014-04-02 09:27 - 00016229 _____ () C:\Users\Neil\Desktop\attach.txt
2014-04-02 09:19 - 2014-04-02 09:19 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Neil\Downloads\mbam-check-2.1.0.0002.exe
2014-04-02 09:18 - 2014-04-02 09:18 - 00688992 ____R (Swearware) C:\Users\Neil\Downloads\dds.scr
2014-04-02 08:11 - 2014-04-02 22:41 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 08:10 - 2014-04-02 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 08:10 - 2014-04-02 08:10 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 08:10 - 2014-04-02 08:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-02 08:10 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-02 08:10 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-02 08:10 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-02 07:59 - 2014-04-02 07:59 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Neil\Downloads\mbam-setup-2.0.0.1000(1).exe
2014-04-02 07:57 - 2014-04-02 07:57 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Neil\Downloads\mbam-clean-2.0.2.0.exe
2014-04-02 07:51 - 2014-04-02 07:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 10:15 - 2014-04-02 19:48 - 00018004 _____ () C:\windows\PFRO.log
2014-03-27 10:13 - 2014-03-27 10:13 - 00445304 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-03-27 10:13 - 2014-03-27 10:13 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-03-26 08:44 - 2014-04-02 22:19 - 00005432 _____ () C:\windows\setupact.log
2014-03-26 08:44 - 2014-03-26 08:44 - 05322344 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-26 08:44 - 2014-03-26 08:44 - 00000000 _____ () C:\windows\setuperr.log
2014-03-25 22:39 - 2014-03-25 22:39 - 00002952 _____ () C:\windows\System32\Tasks\elbyExecuteWithUAC
2014-03-25 22:38 - 2014-03-25 22:39 - 10822736 _____ () C:\Users\Neil\Downloads\SetupAnyDVD7450.exe
2014-03-25 22:33 - 2014-03-25 22:33 - 00209536 _____ () C:\Users\Neil\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-25 19:22 - 2014-03-25 19:22 - 00000020 _____ () C:\Users\Neil\Downloads\samsung password.txt
2014-03-24 21:16 - 2014-03-24 21:16 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Neil\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-20 14:19 - 2014-03-20 14:19 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-17 12:27 - 2014-03-17 12:28 - 123318783 _____ () C:\Users\Neil\Downloads\X3D_Series_V3.0.4_14March2014_BETA.zip
2014-03-12 09:59 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 09:59 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 09:59 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-12 09:59 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 09:59 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 09:59 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-12 09:59 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 09:59 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 09:59 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 09:59 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-12 09:59 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-12 09:59 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-12 09:59 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 09:59 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-12 09:59 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 09:59 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-12 09:59 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 09:59 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 09:59 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-12 09:59 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-12 09:59 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 09:59 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-12 09:59 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-12 09:59 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 09:59 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-12 09:59 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-12 09:59 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-12 09:59 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-12 09:59 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 09:59 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-12 09:59 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 09:59 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 09:59 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 09:59 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-12 09:59 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 09:59 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 09:59 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 09:59 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 09:59 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 09:59 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-12 09:59 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 09:59 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 09:59 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 09:59 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-12 09:59 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-12 09:59 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 09:59 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-12 09:59 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-11 16:19 - 2014-03-11 16:19 - 00946453 _____ () C:\Users\Neil\Downloads\USBDiskEjector1.3.0.3.zip
2014-03-07 09:28 - 2014-03-07 09:28 - 00000048 _____ () C:\Users\Neil\Downloads\Batterys.txt
2014-03-03 08:49 - 2014-03-03 08:49 - 10768800 _____ () C:\Users\Neil\Downloads\SetupAnyDVD7440.exe

==================== One Month Modified Files and Folders =======

2014-04-02 23:03 - 2014-04-02 23:03 - 00024857 _____ () C:\Users\Neil\Downloads\FRST.txt
2014-04-02 23:03 - 2014-04-02 09:35 - 00000000 ____D () C:\FRST
2014-04-02 22:55 - 2013-11-17 10:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-02 22:41 - 2014-04-02 08:11 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 22:40 - 2013-08-09 14:57 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\AIMP3
2014-04-02 22:27 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-02 22:27 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-02 22:24 - 2009-07-14 06:13 - 00784326 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-02 22:19 - 2014-03-26 08:44 - 00005432 _____ () C:\windows\setupact.log
2014-04-02 22:19 - 2012-08-10 13:05 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-04-02 22:19 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-02 22:18 - 2013-11-25 20:58 - 00000000 ____D () C:\AdwCleaner
2014-04-02 22:18 - 2012-05-05 12:38 - 01606268 _____ () C:\windows\WindowsUpdate.log
2014-04-02 21:41 - 2014-04-02 21:41 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\Neil\Downloads\mbam-rules.exe
2014-04-02 21:41 - 2014-04-02 21:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-02 21:41 - 2014-04-02 08:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 21:25 - 2014-04-02 21:25 - 01426178 _____ () C:\Users\Neil\Downloads\AdwCleaner(1).exe
2014-04-02 19:57 - 2012-05-06 11:46 - 00000000 ____D () C:\windows\ERDNT
2014-04-02 19:48 - 2014-03-27 10:15 - 00018004 _____ () C:\windows\PFRO.log
2014-04-02 19:46 - 2014-04-02 19:46 - 00034767 _____ () C:\ComboFix.txt
2014-04-02 19:44 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-04-02 19:38 - 2012-09-27 10:07 - 00000000 ____D () C:\Users\Neil\AppData\Local\CrashDumps
2014-04-02 19:04 - 2012-02-19 07:14 - 00000000 ____D () C:\Users\Neil
2014-04-02 18:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-04-02 18:29 - 2014-04-02 18:29 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Neil\Desktop\tdsskiller.exe
2014-04-02 18:28 - 2014-04-02 18:28 - 00002455 _____ () C:\Users\Neil\Desktop\RKreport[0]_D_04022014_182811.txt
2014-04-02 18:26 - 2014-04-02 18:26 - 00002387 _____ () C:\Users\Neil\Desktop\RKreport[0]_S_04022014_182610.txt
2014-04-02 17:28 - 2012-02-19 00:26 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Adobe
2014-04-02 17:25 - 2014-04-02 17:24 - 00991232 _____ () C:\Users\Neil\Downloads\MicrosoftFixit50267.msi
2014-04-02 17:15 - 2013-11-06 11:35 - 00000000 ____D () C:\Program Files\Adobe
2014-04-02 17:15 - 2013-11-05 18:44 - 00000000 ____D () C:\Users\Neil\AppData\Local\Adobe
2014-04-02 17:15 - 2012-02-19 21:48 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-02 17:15 - 2012-02-19 21:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-02 17:09 - 2013-11-05 22:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-02 15:38 - 2014-04-02 15:38 - 00004807 _____ () C:\Users\Neil\Desktop\RKreport[0]_S_04022014_153840.txt
2014-04-02 15:38 - 2014-04-02 15:32 - 00000000 ____D () C:\Users\Neil\Desktop\RK_Quarantine
2014-04-02 15:31 - 2014-04-02 15:31 - 04527616 _____ () C:\Users\Neil\Downloads\RogueKillerX64.exe
2014-04-02 09:34 - 2014-04-02 09:34 - 02157056 _____ (Farbar) C:\Users\Neil\Downloads\FRST64.exe
2014-04-02 09:31 - 2014-04-02 09:31 - 00049639 _____ () C:\Users\Neil\Desktop\CheckResults.txt
2014-04-02 09:27 - 2014-04-02 09:27 - 00029777 _____ () C:\Users\Neil\Desktop\dds.txt
2014-04-02 09:27 - 2014-04-02 09:27 - 00016229 _____ () C:\Users\Neil\Desktop\attach.txt
2014-04-02 09:19 - 2014-04-02 09:19 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Neil\Downloads\mbam-check-2.1.0.0002.exe
2014-04-02 09:18 - 2014-04-02 09:18 - 00688992 ____R (Swearware) C:\Users\Neil\Downloads\dds.scr
2014-04-02 08:10 - 2014-04-02 08:10 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 08:10 - 2014-04-02 08:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-02 08:06 - 2014-02-08 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-02 07:59 - 2014-04-02 07:59 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Neil\Downloads\mbam-setup-2.0.0.1000(1).exe
2014-04-02 07:57 - 2014-04-02 07:57 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Neil\Downloads\mbam-clean-2.0.2.0.exe
2014-04-02 07:51 - 2014-04-02 07:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-01 22:01 - 2013-08-09 14:57 - 00000869 _____ () C:\Users\Public\Desktop\AIMP3.lnk
2014-04-01 22:01 - 2013-08-09 14:57 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-04-01 21:47 - 2013-12-30 11:07 - 00002032 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-04-01 21:47 - 2013-12-30 11:07 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-04-01 21:46 - 2013-12-27 10:53 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-04-01 21:40 - 2011-10-11 05:14 - 00000000 ____D () C:\ProgramData\WinClon
2014-04-01 21:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration
2014-04-01 21:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-03-27 10:13 - 2014-03-27 10:13 - 00445304 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-03-27 10:13 - 2014-03-27 10:13 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-03-27 10:13 - 2013-12-30 11:06 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-03-27 10:13 - 2013-12-30 11:06 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-03-27 10:13 - 2013-12-30 11:06 - 00208928 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-03-27 10:13 - 2013-12-30 11:06 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-03-27 10:13 - 2013-12-30 11:06 - 00084816 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-03-27 10:13 - 2013-12-30 11:06 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-03-27 10:13 - 2013-12-30 11:06 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-03-27 10:13 - 2013-12-30 11:06 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-03-27 10:13 - 2013-12-30 11:05 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-03-26 08:44 - 2014-03-26 08:44 - 05322344 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-26 08:44 - 2014-03-26 08:44 - 00000000 _____ () C:\windows\setuperr.log
2014-03-25 22:39 - 2014-03-25 22:39 - 00002952 _____ () C:\windows\System32\Tasks\elbyExecuteWithUAC
2014-03-25 22:39 - 2014-03-25 22:38 - 10822736 _____ () C:\Users\Neil\Downloads\SetupAnyDVD7450.exe
2014-03-25 22:39 - 2012-02-20 11:50 - 00001065 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-03-25 22:33 - 2014-03-25 22:33 - 00209536 _____ () C:\Users\Neil\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-25 19:29 - 2012-02-19 03:00 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Skype
2014-03-25 19:22 - 2014-03-25 19:22 - 00000020 _____ () C:\Users\Neil\Downloads\samsung password.txt
2014-03-24 21:16 - 2014-03-24 21:16 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Neil\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-22 16:53 - 2012-02-26 13:25 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\vlc
2014-03-22 14:03 - 2013-10-30 19:36 - 00000000 ____D () C:\Program Files\Common Files\Viscosity
2014-03-20 14:19 - 2014-03-20 14:19 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-20 14:19 - 2013-12-09 11:36 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-17 12:31 - 2013-06-22 12:01 - 00000000 ____D () C:\Users\Neil\Downloads\X3D1000 Latest Firmware Update
2014-03-17 12:31 - 2012-02-21 03:18 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-03-17 12:28 - 2014-03-17 12:27 - 123318783 _____ () C:\Users\Neil\Downloads\X3D_Series_V3.0.4_14March2014_BETA.zip
2014-03-16 10:38 - 2014-02-20 16:23 - 00000000 ____D () C:\ProgramData\Creative
2014-03-16 10:29 - 2014-02-20 16:23 - 00002285 _____ () C:\Users\Public\Desktop\Creative Product Registration.lnk
2014-03-16 10:29 - 2014-02-20 16:22 - 00000000 ___HD () C:\Program Files (x86)\Creative Installation Information
2014-03-16 10:29 - 2014-02-20 16:19 - 00000000 ____D () C:\Program Files\Creative
2014-03-16 10:29 - 2014-02-20 16:18 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-03-16 10:29 - 2011-10-11 04:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-16 10:28 - 2014-02-20 16:21 - 00000286 ___RH () C:\windows\ctfile.rfc
2014-03-16 10:27 - 2014-02-20 16:20 - 00466520 _____ (Creative Labs) C:\windows\system32\wrap_oal.dll
2014-03-16 10:27 - 2014-02-20 16:20 - 00445016 _____ (Creative Labs) C:\windows\SysWOW64\wrap_oal.dll
2014-03-16 10:27 - 2014-02-20 16:20 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\windows\system32\OpenAL32.dll
2014-03-16 10:27 - 2014-02-20 16:20 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\windows\SysWOW64\OpenAL32.dll
2014-03-16 10:14 - 2009-07-14 03:34 - 00000428 _____ () C:\windows\win.ini
2014-03-15 11:54 - 2013-10-11 21:57 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-15 11:30 - 2012-02-22 17:25 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Media Player Classic
2014-03-15 11:28 - 2012-11-04 13:55 - 00000000 ____D () C:\Program Files (x86)\Abrosoft
2014-03-14 21:04 - 2012-03-16 23:17 - 00000000 ____D () C:\Users\Neil\AppData\Local\MPlayer
2014-03-14 15:52 - 2014-02-14 15:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-12 18:55 - 2013-11-17 10:22 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:55 - 2013-11-17 10:22 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 18:55 - 2013-11-17 10:22 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 16:57 - 2013-07-16 19:23 - 00000000 ____D () C:\Users\Neil\AppData\Roaming\Winamp
2014-03-12 10:32 - 2013-07-11 01:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 10:32 - 2013-07-11 01:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 10:30 - 2013-08-14 00:31 - 00000000 ____D () C:\windows\system32\MRT
2014-03-12 10:28 - 2012-02-19 10:51 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-11 16:19 - 2014-03-11 16:19 - 00946453 _____ () C:\Users\Neil\Downloads\USBDiskEjector1.3.0.3.zip
2014-03-07 09:28 - 2014-03-07 09:28 - 00000048 _____ () C:\Users\Neil\Downloads\Batterys.txt
2014-03-05 09:26 - 2014-04-02 08:10 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-02 08:10 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-02 08:10 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-03 08:49 - 2014-03-03 08:49 - 10768800 _____ () C:\Users\Neil\Downloads\SetupAnyDVD7440.exe

Files to move or delete:
====================
C:\ProgramData\PKP_DLbx.DAT
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdy.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\ProgramData\whlpusp32.dll


Some content of TEMP:
====================
C:\Users\Neil\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 09:27

==================== End Of Log ============================

Link to post
Share on other sites

Check this setting:

In Malwarebytes > Update Settings > make sure the No Proxy button is enabled

Next:

Clean out temp files but first..upgrade to CCleaner 4.12 (you can install it right over the top of the old one):

CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) <----old

http://www.piriform.com/ccleaner/download

-----------------------------------

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Reboot and let me know, MrC

Link to post
Share on other sites

One problem with that is,if i go into safemode w/networking it wont

connect to the network,i've no idea why but it never has done since i got

the laptop 2yrs ago.

But i will try again later.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.