Virus help-SERIOUS

KIda · July 10, 2014

Hello, yesterday, I have downloaded something and after I installed it I quickly deleted/un-installed it realizing it was a keylog/infection of some sort.

I went into Task manager and saw "psr.exe" knowing it was some kind of recording software/program to look at my info.

I deleted it, as well as terminated it, but the problem is, it seems that it has corrupted my administrative privileges.

PROBLEM: It prevents me from installing/opening virus-protection related softwares. -Including malawarebytes, etc.

Please help me ASAP, I'm in safe mode and shall remain in safe mode unless instructed other wise.

Thank you.

KIda · July 10, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014

Ran by User (administrator) on USER-PC on 10-07-2014 04:31:20

Running from C:\Users\User\Downloads

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\ProgramData\NT Kernel\NTKernel.exe

(Microsoft Corporation) C:\Users\User\AppData\Roaming\csrss.exe

(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe

() C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe

(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(OldTimer Tools) C:\Users\User\Downloads\OTL.exe

(Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe

(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-04-09] (Alps Electric Co., Ltd.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3732848 2012-03-23] (Dell Inc.)

HKLM\...\Run: [Dell Audio] => C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20567552 2012-05-10] ()

HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2012-04-26] (Dell Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-03-23] (CANON INC.)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577024 2012-03-06] (Creative Technology Ltd)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\Run: [bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

HKU\.DEFAULT\...\Run: [bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard

HKU\.DEFAULT\...\Run: [bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

HKU\S-1-5-21-2278122046-1784014762-222765858-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-2278122046-1784014762-222765858-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2278122046-1784014762-222765858-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)

HKU\S-1-5-21-2278122046-1784014762-222765858-1000\...\Run: [skyDrive] => C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-15] (Microsoft Corporation)

HKU\S-1-5-21-2278122046-1784014762-222765858-1000\...\Run: [bitTorrent] => C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-06-30] (BitTorrent Inc.)

HKU\S-1-5-21-2278122046-1784014762-222765858-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-2278122046-1784014762-222765858-1000\...\Run: [LightShot] => C:\Users\User\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-12] ()

HKU\S-1-5-21-2278122046-1784014762-222765858-1000\...\Winlogon: [shell] C:\ProgramData\NT Kernel\NTKernel.exe [329728 2014-07-10] (Microsoft Corporation) <==== ATTENTION

IFEO\AvastSvc.exe: [Debugger] nqij.exe

IFEO\AvastUI.exe: [Debugger] nqij.exe

IFEO\avcenter.exe: [Debugger] nqij.exe

IFEO\avconfig.exe: [Debugger] nqij.exe

IFEO\avgcsrvx.exe: [Debugger] nqij.exe

IFEO\avgidsagent.exe: [Debugger] nqij.exe

IFEO\avgnt.exe: [Debugger] nqij.exe

IFEO\avgrsx.exe: [Debugger] nqij.exe

IFEO\avguard.exe: [Debugger] nqij.exe

IFEO\avgui.exe: [Debugger] nqij.exe

IFEO\avgwdsvc.exe: [Debugger] nqij.exe

IFEO\avp.exe: [Debugger] nqij.exe

IFEO\avscan.exe: [Debugger] nqij.exe

IFEO\bdagent.exe: [Debugger] nqij.exe

IFEO\blindman.exe: [Debugger] nqij.exe

IFEO\ccuac.exe: [Debugger] nqij.exe

IFEO\ComboFix.exe: [Debugger] nqij.exe

IFEO\egui.exe: [Debugger] nqij.exe

IFEO\hijackthis.exe: [Debugger] nqij.exe

IFEO\instup.exe: [Debugger] nqij.exe

IFEO\keyscrambler.exe: [Debugger] nqij.exe

IFEO\mbam.exe: [Debugger] nqij.exe

IFEO\mbamgui.exe: [Debugger] nqij.exe

IFEO\mbampt.exe: [Debugger] nqij.exe

IFEO\mbamscheduler.exe: [Debugger] nqij.exe

IFEO\mbamservice.exe: [Debugger] nqij.exe

IFEO\rstrui.exe: [Debugger] nqij.exe

IFEO\SDFiles.exe: [Debugger] nqij.exe

IFEO\SDMain.exe: [Debugger] nqij.exe

IFEO\SDWinSec.exe: [Debugger] nqij.exe

IFEO\spybotsd.exe: [Debugger] nqij.exe

IFEO\wireshark.exe: [Debugger] nqij.exe

IFEO\zlclient.exe: [Debugger] nqij.exe

Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

BootExecute: autocheck autochk * SmartDefragBootTime.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fastosearch.info/?pid=1387&r=2014/06/17&hid=6051478625501509087&lg=EN&cc=US&unqvl=55

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

URLSearchHook: HKCU - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File

SearchScopes: HKLM - DefaultScope {451DB2E5-62A4-4DD8-A2DC-399981F96083} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {451DB2E5-62A4-4DD8-A2DC-399981F96083} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS

SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=1387&r=2014/06/17&hid=6051478625501509087&lg=EN&cc=US&unqvl=55

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {451DB2E5-62A4-4DD8-A2DC-399981F96083} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS

SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=1387&r=2014/06/17&hid=6051478625501509087&lg=EN&cc=US&unqvl=55

SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=1387&r=2014/06/17&hid=6051478625501509087&lg=EN&cc=US&unqvl=55

SearchScopes: HKCU - {7921E2E4-7EAD-4857-8EA9-A83BC9AC7E6B} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130626,0,0,6,7635

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={0CC125A9-9D1C-4A21-83F5-639125A54B06}&mid=8e59ebc49e444b9ca9e1be91718fd5d3-a49a24e35e7697e4496ced687597af7283a7b3c1〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=sa&d=2014-02-12 03:46:10&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {A614661F-9ECA-437D-AD8A-2B7D5B9F6FFD} URL = http://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}

SearchScopes: HKCU - {B8438770-B1D4-47E7-9A49-251664C87BB5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN20002488731718830&UM=2

SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=1387&r=2014/06/17&hid=6051478625501509087&lg=EN&cc=US&unqvl=55

SearchScopes: HKCU - {FE1E1825-A348-4887-86FE-3BE585FC54C8} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}

BHO: No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No File

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-x32: No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File

BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File

BHO-x32: No Name - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - No File

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: No Name - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - No File

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File

Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File

Toolbar: HKLM-x32 - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File

DPF: HKLM-x32 {688C8675-1834-48FA-9DEF-4755CEFB9EDE} http://192.168.1.69/EDVR.CAB

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File

FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File

FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\User\AppData\Local\Roblox\Versions\version-1112937d32504d8c\\NPRobloxProxy.dll ( ROBLOX Corporation)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-12]

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514

FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.514 []

FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox

FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

Chrome:

=======

CHR HomePage: hxxp://google.com/

CHR StartupUrls: "hxxp://google.com/"

CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-07-01]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (Roblox Group Enhancer by Merely) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddjfhkkpgfghimddaekfocbahebohdim [2014-07-02]

CHR Extension: (SoundGecko) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpdaiiodhbjjcfmmflmidbhgibekagi [2014-07-02]

CHR Extension: (Roblox Auto-Signature) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkjblojhhiigcklodheehnlmmjpibak [2014-05-05]

CHR Extension: (AVG SafeGuard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-07-02]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-27]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-27]

CHR HKCU\...\Chrome\Extension: [kjjpeodeilefdpblgopdaoojammobcaf] - C:\Users\User\AppData\Local\CRE\kjjpeodeilefdpblgopdaoojammobcaf.crx [2014-04-27]

CHR HKLM-x32\...\Chrome\Extension: [kjjpeodeilefdpblgopdaoojammobcaf] - C:\Users\User\AppData\Local\CRE\kjjpeodeilefdpblgopdaoojammobcaf.crx [2014-04-27]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] () [File not signed]

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4784312 2013-04-23] (INCA Internet Co., Ltd.) [File not signed]

S2 NVMS-SRV-CMS; C:\Program Files (x86)\NVMS5 Standard Edition\bin\cms.exe [155136 2012-05-23] () [File not signed]

S2 NVMS-SRV-DB; C:\Program Files (x86)\NVMS5 Standard Edition\data\bin\mysqld.exe [6562432 2009-03-16] ()

S2 NVMS-SRV-NRU; C:\Program Files (x86)\NVMS5 Standard Edition\bin\nru.exe [15872 2012-05-23] () [File not signed]

S2 NVMS-SRV-VTDU; C:\Program Files (x86)\NVMS5 Standard Edition\bin\vtdu.exe [14848 2012-05-23] () [File not signed]

S2 NVMS-SRV-WATCH; C:\Program Files (x86)\NVMS5 Standard Edition\bin\watch.exe [176640 2012-03-31] () [File not signed]

S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]

S2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1807896 2014-06-24] (AVG Secure Search)

S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-04-26] (Dell Inc.) [File not signed]

S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [X]

S2 f7dc94c1; "C:\Windows\system32\rundll32.exe" "c:\progra~2\sssupp~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

S1 1551350drv; C:\Windows\System32\DRIVERS\1551350drv.sys [556632 2013-11-25] (Kaspersky Lab)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2014-06-24] (Broadcom Corporation.)

S3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx64.sys [35328 2012-05-10] (Cirrus Logic)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-06-24] (Intel Corporation)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-06] (Ralink Technology Corp.)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [X]

S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]

S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

S3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [X]

S3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [X]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-10 04:31 - 2014-07-10 04:31 - 02084352 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe

2014-07-10 04:31 - 2014-07-10 04:31 - 00023701 _____ () C:\Users\User\Downloads\FRST.txt

2014-07-10 04:31 - 2014-07-10 04:31 - 00000000 ____D () C:\FRST

2014-07-10 04:22 - 2014-07-10 04:22 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\User\Downloads\avira_en_av___ws2.exe

2014-07-10 04:21 - 2014-07-10 04:21 - 38612976 _____ (IObit ) C:\Users\User\Downloads\Advanced-SystemCare.exe

2014-07-10 04:20 - 2014-07-10 04:20 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-07-10 04:17 - 2014-07-10 04:17 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe

2014-07-10 04:12 - 2014-07-10 04:12 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe

2014-07-10 04:03 - 2014-07-10 04:03 - 00222294 _____ () C:\Users\User\Documents\cc_20140710_040334.reg

2014-07-10 04:02 - 2014-07-10 04:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012 (2).exe

2014-07-10 04:01 - 2014-07-10 04:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-07-10 04:00 - 2014-07-10 04:00 - 06153352 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\1234.exe

2014-07-10 03:53 - 2014-07-10 03:53 - 03736040 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup415_slim.exe

2014-07-10 03:53 - 2014-07-10 03:53 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-10 03:53 - 2014-07-10 03:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-07-10 03:53 - 2014-07-10 03:53 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-10 03:48 - 2014-07-10 03:48 - 00000000 ____D () C:\Windows\erdnt

2014-07-10 03:48 - 2014-07-10 03:48 - 00000000 ____D () C:\32788R22FWJFW

2014-07-10 03:47 - 2014-07-10 03:47 - 05217324 ____R (Swearware) C:\Users\User\Downloads\123.exe

2014-07-10 03:45 - 2014-07-10 03:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-10 03:00 - 2014-07-10 03:00 - 00000000 __SHD () C:\Windows\SysWOW64\NT Kernel

2014-07-10 02:48 - 2014-07-10 02:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices

2014-07-10 02:33 - 2014-07-10 02:37 - 00000320 _____ () C:\Windows\Tasks\Start Registry Reviver for User-PC@User(logon).job

2014-07-10 02:33 - 2014-07-10 02:33 - 00001057 _____ () C:\Users\Public\Desktop\Registry Reviver.lnk

2014-07-10 02:33 - 2014-07-10 02:33 - 00000000 ____D () C:\ProgramData\ReviverSoft

2014-07-10 02:33 - 2014-07-10 02:33 - 00000000 ____D () C:\ProgramData\RegistryReviver.exe

2014-07-10 02:33 - 2014-07-10 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft

2014-07-10 02:33 - 2014-07-10 02:33 - 00000000 ____D () C:\Program Files\ReviverSoft

2014-07-10 02:32 - 2014-07-10 02:32 - 05513976 _____ (ReviverSoft LLC) C:\Users\User\Downloads\RegistryReviverSetup (1).exe

2014-07-10 02:28 - 2014-07-10 02:28 - 05513976 _____ (ReviverSoft LLC) C:\Users\User\Downloads\RegistryReviverSetup.exe

2014-07-10 02:17 - 2014-07-10 02:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Process Hacker 2

2014-07-10 02:16 - 2014-07-10 02:16 - 01932448 _____ (wj32 ) C:\Users\User\Downloads\processhacker-2.33-setup (1).exe

2014-07-10 02:16 - 2014-07-10 02:16 - 00001843 _____ () C:\Users\User\Desktop\Process Hacker 2.lnk

2014-07-10 02:16 - 2014-07-10 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2

2014-07-10 02:16 - 2014-07-10 02:16 - 00000000 ____D () C:\Program Files\Process Hacker 2

2014-07-10 02:14 - 2014-07-10 02:14 - 01932448 _____ (wj32 ) C:\Users\User\Downloads\processhacker-2.33-setup.exe

2014-07-10 02:05 - 2014-07-10 02:05 - 01243655 _____ () C:\Users\User\Downloads\ProcessExplorer.zip

2014-07-10 01:50 - 2014-07-10 04:31 - 00059392 _____ () C:\Users\User\AppData\Roaming\msconfig.ini

2014-07-10 01:49 - 2014-07-10 02:48 - 00000000 __SHD () C:\ProgramData\NT Kernel

2014-07-10 01:47 - 2014-07-10 01:49 - 00329728 ___SH (Microsoft Corporation) C:\Users\User\AppData\Roaming\csrss.exe

2014-07-09 13:35 - 2014-07-09 13:35 - 00000000 _____ () C:\asc_rdflag

2014-07-09 03:05 - 2014-07-09 03:05 - 00000000 ____D () C:\4dd46bf29c26f1c43867ca6cf6ad

2014-07-09 02:36 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-09 02:36 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-09 02:36 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-09 02:36 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-09 02:36 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-09 02:36 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-09 02:36 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-09 02:36 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-09 02:36 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-09 02:36 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-09 02:36 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-09 02:36 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-09 02:36 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-09 02:36 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-09 02:36 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-09 02:36 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-09 02:36 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-09 02:36 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-09 02:36 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-09 02:36 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-09 02:36 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-09 02:36 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-09 02:36 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-09 02:36 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-09 02:36 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-09 02:36 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-09 02:36 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-09 02:36 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-09 02:36 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-09 02:36 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-09 02:36 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-09 02:36 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-09 02:36 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-09 02:36 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-09 02:36 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-09 02:36 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-07-09 02:36 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-07-09 02:36 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-07-09 02:36 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-07-09 02:36 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-07-09 02:36 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-07-09 02:36 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-07-09 02:36 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-07-09 02:36 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-07-09 02:36 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-07-09 02:36 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-07-09 02:36 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-07-09 02:36 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-07-09 02:36 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-07-09 02:36 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-09 02:35 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-09 02:35 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-09 02:35 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-09 02:35 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-09 02:35 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-09 02:35 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-09 02:35 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-09 02:35 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-09 02:35 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-09 02:35 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-09 02:35 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-09 02:35 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-09 02:35 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-09 02:35 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-09 02:35 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-09 02:35 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-09 02:35 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-09 02:35 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-09 02:35 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-09 02:35 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-09 02:35 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-09 02:35 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-09 02:35 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-09 02:35 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-09 02:35 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-09 02:35 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-09 02:35 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-09 02:35 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-07-09 02:35 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-07-08 17:12 - 2014-07-08 17:12 - 00347816 _____ (Microsoft Corporation) C:\Users\User\Downloads\MicrosoftFixit.Printing.Run.exe

2014-07-07 19:34 - 2014-07-10 01:56 - 00000000 ____D () C:\Users\User\Documents\Exploits

2014-07-05 00:19 - 2014-07-05 00:19 - 00000222 _____ () C:\Users\User\Desktop\Dead Island Epidemic.url

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____D () C:\Users\User\Documents\My Cheat Tables

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4

2014-07-03 20:10 - 2014-07-03 20:10 - 00000000 __SHD () C:\found.003

2014-07-03 02:33 - 2014-07-03 02:33 - 00001053 _____ () C:\Users\User\Desktop\Notepad++.lnk

2014-07-03 02:33 - 2014-07-03 02:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2014-07-03 02:33 - 2014-07-03 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

2014-07-01 23:07 - 2014-07-01 23:08 - 03359578 _____ () C:\Users\User\Documents\YouTube-449f8a55c5be4a2c8bd0030a91d1ed66.mp4

2014-07-01 22:47 - 2014-07-01 22:47 - 03502232 _____ () C:\Users\User\Documents\YouTube-8a4ae8b9b35e47e7a73adca6d55551e1.mp4

2014-07-01 10:26 - 2014-07-10 03:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Assistant

2014-07-01 08:58 - 2014-07-01 08:58 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys

2014-07-01 08:58 - 2014-07-01 08:58 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll

2014-07-01 03:16 - 2014-07-01 03:16 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk

2014-07-01 01:19 - 2014-07-01 01:19 - 00000000 ___RD () C:\Users\User\Creative Cloud Files

2014-06-27 21:50 - 2014-06-27 22:12 - 00000000 ____D () C:\Fraps

2014-06-27 21:50 - 2014-06-27 21:50 - 00000574 _____ () C:\Users\User\Desktop\Fraps.lnk

2014-06-27 21:50 - 2014-06-27 21:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps

2014-06-26 22:28 - 2014-06-26 22:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\No Company Name

2014-06-26 21:43 - 2014-06-26 21:43 - 00001040 _____ () C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk

2014-06-26 21:43 - 2014-06-26 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2014-06-26 21:42 - 2014-06-26 21:42 - 00000000 ____D () C:\Program Files\Sony

2014-06-26 21:42 - 2014-06-26 21:42 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-06-26 17:45 - 2014-06-26 17:45 - 00003164 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup

2014-06-26 17:42 - 2014-06-26 17:42 - 00003356 _____ () C:\Windows\System32\Tasks\EnergoTech Update

2014-06-26 17:42 - 2014-06-26 17:42 - 00000000 ____D () C:\ProgramData\EnergoTech

2014-06-26 16:23 - 2014-06-26 16:24 - 00000000 ____D () C:\Users\User\Documents\SPACE

2014-06-26 13:35 - 2014-07-01 10:38 - 00000000 ____D () C:\ProgramData\TechSmith

2014-06-25 21:54 - 2014-06-25 21:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\StormFall

2014-06-25 21:54 - 2014-06-25 21:54 - 00000000 ____D () C:\Users\User\AppData\Local\StormFall

2014-06-25 18:35 - 2014-06-25 18:35 - 00005053 _____ () C:\ProgramData\hwjqxkkr.zva

2014-06-25 18:35 - 2014-06-25 18:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\MOVAVI

2014-06-25 18:35 - 2014-06-25 18:35 - 00000000 ____D () C:\Users\User\AppData\Local\Movavi

2014-06-25 18:32 - 2014-06-25 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture Studio 5

2014-06-25 15:46 - 2014-06-25 15:46 - 00000000 ____D () C:\ProgramData\BlueStacks

2014-06-25 15:44 - 2014-06-25 15:44 - 00000000 ____D () C:\Users\User\Documents\NewBlueFX

2014-06-25 14:56 - 2014-06-28 23:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2014-06-25 14:41 - 2014-06-25 14:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys

2014-06-24 17:04 - 2014-07-10 03:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter

2014-06-24 16:51 - 2014-06-24 16:51 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll

2014-06-24 16:51 - 2014-06-24 16:51 - 00271064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys

2014-06-24 16:50 - 2014-06-24 16:50 - 00170200 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys

2014-06-24 16:50 - 2014-06-24 16:50 - 00057270 _____ () C:\Windows\system32\Drivers\BCM43142A0_001.001.011.0161.0177.hex

2014-06-24 16:50 - 2014-06-24 16:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf

2014-06-24 16:49 - 2014-06-24 16:49 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll

2014-06-24 16:49 - 2014-06-24 16:49 - 00100312 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys

2014-06-24 16:34 - 2014-06-24 16:34 - 00003170 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update

2014-06-24 16:33 - 2014-06-24 16:33 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)

2014-06-24 16:26 - 2013-11-19 16:52 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe

2014-06-24 16:25 - 2014-07-10 03:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3

2014-06-24 16:25 - 2014-07-10 03:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster

2014-06-24 16:25 - 2014-06-24 16:33 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan

2014-06-24 16:25 - 2014-06-24 16:33 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update

2014-06-24 16:25 - 2014-06-24 16:25 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (User)

2014-06-24 16:25 - 2014-03-10 18:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140624163407.dll

2014-06-24 16:25 - 2014-03-10 18:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll20140624162611.dll

2014-06-24 16:25 - 2014-03-10 18:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll

2014-06-24 16:25 - 2013-12-24 10:40 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys

2014-06-24 11:41 - 2014-06-24 11:41 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-06-18 12:25 - 2014-06-18 12:25 - 00000222 _____ () C:\Users\User\Desktop\Soldier Front 2.url

2014-06-18 09:58 - 2014-07-10 02:49 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe

2014-06-17 22:09 - 2014-07-09 23:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-17 22:08 - 2014-07-10 03:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-17 22:07 - 2014-07-10 03:39 - 00000000 ____D () C:\Program Files (x86)\winlogon.exe

2014-06-17 22:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-17 22:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-17 21:55 - 2014-06-17 21:55 - 00000604 _____ () C:\Users\User\Documents\MC instruc.txt

2014-06-16 21:48 - 2014-06-16 21:50 - 01557060 _____ (TeamExtreme) C:\Users\User\Desktop\Minecraft.exe

2014-06-16 21:10 - 2014-06-27 12:10 - 00000000 ____D () C:\ProgramData\MySearch

2014-06-16 21:10 - 2014-06-18 19:12 - 00000000 ____D () C:\ProgramData\Appday software

2014-06-16 21:10 - 2014-06-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ss Supporter

2014-06-16 21:09 - 2014-06-27 12:10 - 00000000 ____D () C:\ProgramData\Downoload keaEper

2014-06-16 21:09 - 2014-06-27 12:10 - 00000000 ____D () C:\ProgramData\Adblocker

2014-06-16 21:09 - 2014-06-17 22:32 - 00000000 ____D () C:\ProgramData\77e9934e1b4ae1eb

2014-06-16 21:09 - 2014-06-17 22:32 - 00000000 ____D () C:\Program Files (x86)\Adblocker

2014-06-16 21:09 - 2014-06-17 22:30 - 00000000 ____D () C:\Program Files (x86)\Downoload keaEper

2014-06-16 21:09 - 2014-06-16 21:09 - 00000000 ____D () C:\Users\User\AppData\Local\Packages

2014-06-16 21:09 - 2014-06-16 21:09 - 00000000 ____D () C:\Users\User\AppData\Local\Chromatic Browser

2014-06-16 21:08 - 2014-06-17 22:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\SkypEmoticons

2014-06-16 21:08 - 2014-06-16 21:10 - 00000000 ____D () C:\ProgramData\InstallMate

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\User\AppData\Local\Torch

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\User\AppData\Local\Comodo

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\Guest

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser

2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\Users\Administrator

2014-06-11 11:46 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-11 11:46 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-06-11 11:46 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-06-11 11:46 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2014-06-11 11:46 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-11 11:46 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-11 11:46 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-06-11 11:46 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-11 11:46 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-06-11 11:46 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-06-11 11:46 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2014-06-11 11:46 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-06-11 11:46 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2014-06-11 11:46 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-06-10 17:34 - 2014-06-10 17:57 - 00000000 ____D () C:\Users\User\Downloads\[Fuwanovel] Yandere

2014-06-10 00:48 - 2014-06-10 15:05 - 00005486 _____ () C:\Users\User\Downloads\[Fuwanovel] Yandere.torrent

==================== One Month Modified Files and Folders =======

2014-07-10 04:31 - 2014-07-10 04:31 - 02084352 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe

2014-07-10 04:31 - 2014-07-10 04:31 - 00023701 _____ () C:\Users\User\Downloads\FRST.txt

2014-07-10 04:31 - 2014-07-10 04:31 - 00000000 ____D () C:\FRST

2014-07-10 04:31 - 2014-07-10 01:50 - 00059392 _____ () C:\Users\User\AppData\Roaming\msconfig.ini

2014-07-10 04:22 - 2014-07-10 04:22 - 04621032 _____ (Avira Operations GmbH & Co. KG) C:\Users\User\Downloads\avira_en_av___ws2.exe

2014-07-10 04:21 - 2014-07-10 04:21 - 38612976 _____ (IObit ) C:\Users\User\Downloads\Advanced-SystemCare.exe

2014-07-10 04:20 - 2014-07-10 04:20 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-07-10 04:17 - 2014-07-10 04:17 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe

2014-07-10 04:12 - 2014-07-10 04:12 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe

2014-07-10 04:06 - 2013-08-08 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-07-10 04:03 - 2014-07-10 04:03 - 00222294 _____ () C:\Users\User\Documents\cc_20140710_040334.reg

2014-07-10 04:02 - 2014-07-10 04:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012 (2).exe

2014-07-10 04:01 - 2014-07-10 04:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-07-10 04:00 - 2014-07-10 04:00 - 06153352 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\1234.exe

2014-07-10 03:59 - 2014-07-01 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Assistant

2014-07-10 03:59 - 2014-06-24 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter

2014-07-10 03:59 - 2014-06-24 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3

2014-07-10 03:59 - 2014-06-24 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster

2014-07-10 03:59 - 2014-06-17 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-10 03:59 - 2014-04-13 12:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent

2014-07-10 03:59 - 2014-01-04 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7

2014-07-10 03:59 - 2013-07-10 21:57 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-07-10 03:59 - 2013-06-26 21:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2014-07-10 03:58 - 2014-05-04 18:19 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps

2014-07-10 03:58 - 2013-11-25 13:18 - 00000000 ____D () C:\Windows\Minidump