Jump to content

Had a compromised firefox addon - Is my machine clean?


Recommended Posts

Hello, I would like assistance determining if my machine is clean after a compromised addon was updated. As far as I know the malware would open a popup with a special offer "Click here for Deal" on any ecommerce site.

 

The addon has been removed but I can't help but feel paranoid. As you will see in the logs, I thought I could successfully self-diagnose, but my understanding of what some tools show me is lacking.

 

This is a 32bit Windows Vista computer.  FRST logs attached. Thank you!

 

--

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-08-2014 01
Ran by silly1 (administrator) on SPINDIP on 14-08-2014 13:34:40
Running from C:\Users\silly1\Desktop
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.5.0.19\nis.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Users\silly1\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-688223253-2486381196-4085858500-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-688223253-2486381196-4085858500-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-688223253-2486381196-4085858500-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKU\S-1-5-21-688223253-2486381196-4085858500-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-07] (Samsung)
HKU\S-1-5-21-688223253-2486381196-4085858500-1000\...\Run: [Amazon Cloud Player] => C:\Users\silly1\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab102118.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\silly1\AppData\Roaming\Mozilla\Firefox\Profiles\b660bjkk.default-1407779472473
FF Homepage: file:///C:/~Downloads/Local%20Start%20Page/Local%20Start%20Page.htm
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\silly1\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\silly1\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\silly1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\silly1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\silly1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll (PopCap Games)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\silly1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\silly1\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\silly1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: HTTPS-Everywhere - C:\Users\silly1\AppData\Roaming\Mozilla\Firefox\Profiles\b660bjkk.default-1407779472473\Extensions\https-everywhere@eff.org [2014-08-11]
FF Extension: Flashblock - C:\Users\silly1\AppData\Roaming\Mozilla\Firefox\Profiles\b660bjkk.default-1407779472473\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-08-11]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\silly1\AppData\Roaming\Mozilla\Firefox\Profiles\b660bjkk.default-1407779472473\Extensions\adblockpopups@jessehakanen.net.xpi [2014-08-11]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\silly1\AppData\Roaming\Mozilla\Firefox\Profiles\b660bjkk.default-1407779472473\Extensions\elemhidehelper@adblockplus.org.xpi [2014-08-11]
FF Extension: Ghostery - C:\Users\silly1\AppData\Roaming\Mozilla\Firefox\Profiles\b660bjkk.default-1407779472473\Extensions\firefox@ghostery.com.xpi [2014-08-11]
FF Extension: Lightbeam - C:\Users\silly1\AppData\Roaming\Mozilla\Firefox\Profiles\b660bjkk.default-1407779472473\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-08-11]
FF Extension: TinEye Reverse Image Search - C:\Users\silly1\AppData\Roaming\Mozilla\Firefox\Profiles\b660bjkk.default-1407779472473\Extensions\tineye@ideeinc.com.xpi [2014-08-11]
FF Extension: Adblock Plus - C:\Users\silly1\AppData\Roaming\Mozilla\Firefox\Profiles\b660bjkk.default-1407779472473\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-17]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-08-14]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-19]

Chrome:
=======
CHR HomePage: file:///C:/~Downloads/Local%20Start%20Page/Local%20Start%20Page.htm
CHR StartupUrls: "file:///C:/~Downloads/Local%20Start%20Page/Local%20Start%20Page.htm"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\silly1\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\silly1\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\silly1\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Chrome IE Tab) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (PopCap Games Plugin) - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll (PopCap Games)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\silly1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\silly1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\silly1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Plugin) - C:\Users\silly1\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Entanglement Web App) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-15]
CHR Extension: (Adblock Plus) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2011-10-06]
CHR Extension: (Facebook Disconnect) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2012-03-04]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2012-03-26]
CHR Extension: (IE Tab) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2011-10-25]
CHR Extension: (WidgetBlock) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiihiookhijpbhaflohognbhmamdnol [2012-05-18]
CHR Extension: (Norton Identity Safe) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-11]
CHR Extension: (Disconnect) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2012-03-04]
CHR Extension: (Poppit!) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-02-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-02-18]
CHR Extension: (Ghostery) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2011-10-06]
CHR Extension: (Google Wallet) - C:\Users\silly1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-11]
CHR StartMenuInternet: Google Chrome - C:\Users\silly1\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [297472 2009-05-20] (Amazon.com) [File not signed]
S2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2014-05-30] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [189248 2014-05-30] ()
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-05-14] (Sonic Solutions)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-05-06] (SigmaTel, Inc.)
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx86.sys [1101616 2014-05-09] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1505000.013\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [95744 2011-01-10] (Windows ® Win 7 DDK provider) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140813.001\IDSvix86.sys [395992 2014-03-25] (Symantec Corporation)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64160 2009-03-09] (Lavasoft AB)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140814.002\NAVENG.SYS [93272 2014-08-03] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140814.002\NAVEX15.SYS [1612376 2014-08-03] (Symantec Corporation)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2013-04-30] (Advanced Micro Devices, Inc.)
R3 RivaTuner32; C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [9088 2009-08-22] () [File not signed]
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [136832 2008-03-31] (Saitek)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1505000.013\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1505000.013\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)
R0 SymDS; C:\Windows\System32\drivers\NIS\1505000.013\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1505000.013\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-18] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1505000.013\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1505000.013\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
U3 catchme; \??\C:\Users\silly1\AppData\Local\Temp\catchmehpxg.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
R3 PCDSRVC{5B8A2B68-04D6B966-06020200}_0; \??\c:\program files\my dell\pcdsrvc.pkms [X]
U3 mbr; \??\C:\Users\silly1\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 13:34 - 2014-08-14 13:35 - 00028015 _____ () C:\Users\silly1\Desktop\FRST.txt
2014-08-14 13:34 - 2014-08-14 13:34 - 01092096 _____ (Farbar) C:\Users\silly1\Desktop\frst.exe
2014-08-14 12:35 - 2014-08-14 12:35 - 00015244 _____ () C:\ComboFix.txt
2014-08-14 12:12 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-14 12:12 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-14 12:12 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-14 12:12 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-14 12:12 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-14 12:12 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-14 12:12 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-14 12:12 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-14 12:08 - 2014-08-14 12:35 - 00000000 ____D () C:\Qoobox
2014-08-14 12:07 - 2014-08-14 12:32 - 00000000 ____D () C:\Windows\erdnt
2014-08-14 11:54 - 2014-08-14 11:54 - 05571579 ____R (Swearware) C:\Users\silly1\Desktop\ComboFix.exe
2014-08-14 11:12 - 2014-08-14 13:04 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-14 11:12 - 2014-08-14 11:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-14 11:12 - 2014-08-11 13:39 - 04817496 _____ () C:\Users\silly1\Desktop\RogueKiller.exe
2014-08-14 11:09 - 2014-08-14 11:09 - 00019513 _____ () C:\Users\silly1\Desktop\DDS-8-14-2014.txt
2014-08-14 11:09 - 2014-08-14 11:09 - 00015939 _____ () C:\Users\silly1\Desktop\Attach-8-14-2014.txt
2014-08-14 11:04 - 2014-08-14 11:04 - 00019513 _____ () C:\Users\silly1\Desktop\dds.txt
2014-08-14 11:04 - 2014-08-14 11:04 - 00015939 _____ () C:\Users\silly1\Desktop\attach.txt
2014-08-11 13:55 - 2014-08-11 13:55 - 00002686 _____ () C:\Users\silly1\Desktop\JRT.txt
2014-08-11 13:51 - 2014-08-11 13:51 - 00607314 _____ () C:\Users\silly1\Desktop\bookmarks-2014-08-11.json
2014-08-11 13:51 - 2014-08-11 13:51 - 00000000 ____D () C:\Windows\ERUNT
2014-08-11 13:51 - 2014-08-11 13:51 - 00000000 ____D () C:\Users\silly1\Desktop\Old Firefox Data
2014-08-11 13:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-11 13:46 - 2014-08-11 13:47 - 00000000 ____D () C:\AdwCleaner
2014-08-11 13:39 - 2014-08-11 13:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-11 13:38 - 2014-08-11 13:38 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-11 13:38 - 2014-08-11 13:38 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-11 13:38 - 2014-08-11 13:38 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-11 13:38 - 2014-08-11 13:38 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-11 13:38 - 2014-08-11 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-11 13:19 - 2014-08-11 13:19 - 00008238 _____ () C:\Users\silly1\Desktop\FF_Data.txt
2014-08-11 13:00 - 2014-08-14 13:34 - 00000000 ____D () C:\FRST
2014-08-11 11:09 - 2014-08-13 12:44 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 11:08 - 2014-08-11 11:08 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-11 11:08 - 2014-08-11 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-11 11:08 - 2014-08-11 11:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-11 11:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-11 11:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-05 21:20 - 2014-08-05 21:20 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-08-03 22:49 - 2014-08-14 12:30 - 00000000 ____D () C:\Users\silly1\AppData\Local\Adobe
2014-07-23 13:22 - 2014-07-23 13:22 - 00011679 _____ () C:\Users\silly1\Documents\Test-s1914calc.xlsx
2014-07-22 22:57 - 2014-08-06 16:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-17 13:15 - 2014-07-17 13:15 - 00000214 _____ () C:\Users\silly1\Desktop\Montgomery Works Home Page.URL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 13:35 - 2014-08-14 13:34 - 00028015 _____ () C:\Users\silly1\Desktop\FRST.txt
2014-08-14 13:34 - 2014-08-14 13:34 - 01092096 _____ (Farbar) C:\Users\silly1\Desktop\frst.exe
2014-08-14 13:34 - 2014-08-11 13:00 - 00000000 ____D () C:\FRST
2014-08-14 13:34 - 2013-12-11 16:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-14 13:23 - 2010-07-07 17:32 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-688223253-2486381196-4085858500-1000UA.job
2014-08-14 13:04 - 2014-08-14 11:12 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-14 12:44 - 2008-12-03 07:40 - 01440667 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 12:41 - 2014-06-03 20:11 - 00000516 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-688223253-2486381196-4085858500-1000.job
2014-08-14 12:35 - 2014-08-14 12:35 - 00015244 _____ () C:\ComboFix.txt
2014-08-14 12:35 - 2014-08-14 12:08 - 00000000 ____D () C:\Qoobox
2014-08-14 12:35 - 2014-04-22 16:15 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-14 12:35 - 2008-12-11 13:18 - 00000000 ____D () C:\Users\silly1\AppData\Local\Apps\2.0
2014-08-14 12:35 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2014-08-14 12:35 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-08-14 12:32 - 2014-08-14 12:07 - 00000000 ____D () C:\Windows\erdnt
2014-08-14 12:31 - 2006-11-02 06:23 - 00000298 _____ () C:\Windows\system.ini
2014-08-14 12:30 - 2014-08-03 22:49 - 00000000 ____D () C:\Users\silly1\AppData\Local\Adobe
2014-08-14 12:30 - 2008-12-10 21:02 - 00000000 ____D () C:\Users\silly1
2014-08-14 12:25 - 2006-11-02 08:46 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-14 12:25 - 2006-11-02 08:46 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-14 11:54 - 2014-08-14 11:54 - 05571579 ____R (Swearware) C:\Users\silly1\Desktop\ComboFix.exe
2014-08-14 11:13 - 2009-07-25 16:38 - 00000000 ____D () C:\Program Files\Steam
2014-08-14 11:12 - 2014-08-14 11:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-14 11:12 - 2010-06-20 13:37 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 11:09 - 2014-08-14 11:09 - 00019513 _____ () C:\Users\silly1\Desktop\DDS-8-14-2014.txt
2014-08-14 11:09 - 2014-08-14 11:09 - 00015939 _____ () C:\Users\silly1\Desktop\Attach-8-14-2014.txt
2014-08-14 11:04 - 2014-08-14 11:04 - 00019513 _____ () C:\Users\silly1\Desktop\dds.txt
2014-08-14 11:04 - 2014-08-14 11:04 - 00015939 _____ () C:\Users\silly1\Desktop\attach.txt
2014-08-14 10:49 - 2010-12-16 19:45 - 00000000 ___HD () C:\ProgramData\PCDr
2014-08-14 09:33 - 2011-11-10 17:01 - 00000000 ____D () C:\Program Files\WinDirStat
2014-08-14 08:25 - 2006-11-02 09:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 08:24 - 2006-11-02 09:00 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-14 08:12 - 2014-04-30 14:08 - 00000000 ____D () C:\Program Files\Origin Games
2014-08-14 08:08 - 2010-01-23 19:09 - 00000000 ____D () C:\Users\silly1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-14 00:06 - 2013-12-31 20:58 - 00021112 _____ () C:\2014.xlsx
2014-08-13 20:58 - 2012-03-29 11:26 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-13 20:58 - 2011-05-15 17:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-13 13:09 - 2013-11-07 15:11 - 00000000 ____D () C:\Program Files\My Dell
2014-08-13 12:44 - 2014-08-11 11:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 12:44 - 2009-02-03 20:11 - 00000000 ____D () C:\~Images
2014-08-13 00:23 - 2010-07-07 17:32 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-688223253-2486381196-4085858500-1000Core.job
2014-08-11 13:55 - 2014-08-11 13:55 - 00002686 _____ () C:\Users\silly1\Desktop\JRT.txt
2014-08-11 13:51 - 2014-08-11 13:51 - 00607314 _____ () C:\Users\silly1\Desktop\bookmarks-2014-08-11.json
2014-08-11 13:51 - 2014-08-11 13:51 - 00000000 ____D () C:\Windows\ERUNT
2014-08-11 13:51 - 2014-08-11 13:51 - 00000000 ____D () C:\Users\silly1\Desktop\Old Firefox Data
2014-08-11 13:47 - 2014-08-11 13:46 - 00000000 ____D () C:\AdwCleaner
2014-08-11 13:39 - 2014-08-14 11:12 - 04817496 _____ () C:\Users\silly1\Desktop\RogueKiller.exe
2014-08-11 13:39 - 2014-08-11 13:39 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-11 13:39 - 2013-10-20 01:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-11 13:38 - 2014-08-11 13:38 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-11 13:38 - 2014-08-11 13:38 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-11 13:38 - 2014-08-11 13:38 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-11 13:38 - 2014-08-11 13:38 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-11 13:38 - 2014-08-11 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-11 13:32 - 2013-11-19 11:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-11 13:32 - 2012-02-18 19:10 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-08-11 13:19 - 2014-08-11 13:19 - 00008238 _____ () C:\Users\silly1\Desktop\FF_Data.txt
2014-08-11 11:08 - 2014-08-11 11:08 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-11 11:08 - 2014-08-11 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-11 11:08 - 2014-08-11 11:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-11 11:08 - 2012-09-10 00:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-11 11:08 - 2008-12-11 13:33 - 00000000 ___HD () C:\ProgramData\Malwarebytes
2014-08-11 11:08 - 2008-12-11 13:33 - 00000000 ____D () C:\Users\silly1\AppData\Roaming\Malwarebytes
2014-08-10 14:28 - 2010-11-19 15:06 - 00000000 ____D () C:\Games
2014-08-07 16:39 - 2014-05-11 14:46 - 00000000 ____D () C:\Program Files\World War 2 Time of Wrath
2014-08-07 16:37 - 2013-02-07 18:17 - 00000000 ____D () C:\Users\silly1\AppData\Local\CrashDumps
2014-08-06 16:12 - 2014-07-22 22:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-05 23:59 - 2013-07-20 15:46 - 00000000 ____D () C:\Users\silly1\AppData\Local\Amazon Cloud Player
2014-08-05 21:20 - 2014-08-05 21:20 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-08-05 17:06 - 2006-11-02 08:35 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-25 10:28 - 2008-12-20 20:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 23:13 - 2010-06-04 04:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 11:53 - 2008-12-03 13:48 - 00000000 ____D () C:\Program Files\Java
2014-07-24 11:40 - 2012-06-25 14:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-23 13:22 - 2014-07-23 13:22 - 00011679 _____ () C:\Users\silly1\Documents\Test-s1914calc.xlsx
2014-07-22 09:55 - 2006-11-02 08:59 - 00230980 _____ () C:\Windows\PFRO.log
2014-07-21 00:07 - 2013-08-26 12:16 - 00000000 ____D () C:\Users\silly1\Documents\OpenTTD
2014-07-17 13:15 - 2014-07-17 13:15 - 00000214 _____ () C:\Users\silly1\Desktop\Montgomery Works Home Page.URL

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\silly1\jagex_runescape_preferences.dat
C:\Users\silly1\jagex_runescape_preferences2.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-14 08:34

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.