Jump to content

Unable to remove Stolen.Date files


Recommended Posts

Hi, I run a daily scheduled scan and each time it finds and quarantines StolenData files. Can anyone help me remove these forever please.

 

I downloaded and ran the Farbar Recovery Scan Tool, The results are below.

 

(when trying to post I was informed that the post was too long. I removed the addition.txt paste data and added as an attachment if that's OK)

 

Frst.txt

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by Johnnys (administrator) on JOHNNYS-PC on 14-09-2014 13:58:58

Running from C:\Users\Johnnys\Desktop

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Softomotive) C:\Program Files\WinAutomation\WinAutomation.DIAgent.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Softomotive) C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe

(Softmotive Ltd) C:\Users\Johnnys\AppData\Roaming\Skype Inc\skypeupdater.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

(Yealink) C:\Program Files (x86)\SkypeMate\SkypeMate.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Corel Corporation) C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelDRW.exe

(Corel Corporation) C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelPP.exe

(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe

(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\DreamweaverHelper.exe

(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\DreamweaverHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google) C:\Users\Johnnys\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

(Trimble Navigation Limited) C:\Program Files (x86)\SketchUp\SketchUp 2014\SketchUp.exe

() C:\ProgramData\ASGVIS\Common\x64\vc10\Distributed Rendering\XMLDRSpawner.exe

(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\DreamweaverHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [WinAutomation Agent] => C:\Program Files\WinAutomation\WinAutomation.DIAgent.exe [356976 2014-02-12] (Softomotive)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)

HKU\S-1-5-21-239446909-1222475982-65556035-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-239446909-1222475982-65556035-1000\...\Run: [skype Inc] => C:\Users\Johnnys\AppData\Roaming\Skype Inc\skypeupdater.exe [43565056 2013-01-07] (Softmotive Ltd)

HKU\S-1-5-21-239446909-1222475982-65556035-1000\...\Run: [Google Update] => C:\Users\Johnnys\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-24] (Google Inc.)

HKU\S-1-5-21-239446909-1222475982-65556035-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)

HKU\S-1-5-21-239446909-1222475982-65556035-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2672488 2011-05-25] (Hewlett-Packard Co.)

Startup: C:\Users\Johnnys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkypeMate.lnk

ShortcutTarget: SkypeMate.lnk -> C:\Program Files (x86)\SkypeMate\SkypeMate.exe (Yealink)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnnys\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnnys\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnnys\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnnys\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll No File

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnnys\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnnys\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnnys\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnnys\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 


HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ie/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x255A15C88247CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKCU - DefaultScope {A2745447-3262-452B-8679-C04C79D5FF7B} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKCU - {A2745447-3262-452B-8679-C04C79D5FF7B} URL = https://www.google.com/search?q={searchTerms}

BHO: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} ->  No File

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} ->  No File

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Johnnys\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Johnnys\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Johnnys\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Johnnys\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\Johnnys\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Johnnys\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-24]

FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-08-12]

FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Johnnys\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Johnnys\AppData\Roaming\IDM\idmmzcc5 [2014-08-16]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.ie/

CHR StartupUrls: Default -> "https://uk.yahoo.com?fr=hp-avast&type=avastbcl", "www.google.com"

CHR DefaultSearchKeyword: Default -> 0F8C45E9AA577D1B1BD633893C80BD9BA03CD3CA55D98B02083508ABDE247362

CHR DefaultSearchURL: Default -> 34722DA6AC18A0B9C8FF72931B58001E6B5B61BAC013533A36536B3EC9C781DA

CHR Profile: C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (SEOquake) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2014-03-24]

CHR Extension: (Google Docs) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]

CHR Extension: (Google Drive) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]

CHR Extension: (ColorZilla) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2014-05-08]

CHR Extension: (Tab Resize - split screen layouts) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2014-03-24]

CHR Extension: (YouTube) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24]

CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2014-03-24]

CHR Extension: (Google Search) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24]

CHR Extension: (Chrome Remote Desktop) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-08-14]

CHR Extension: (AdBlock) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-24]

CHR Extension: (Yesware Email Tracking) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2014-03-24]

CHR Extension: (avast! Online Security) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-11]

CHR Extension: (Rapportive) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2014-03-24]

CHR Extension: (Tab Split) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbfeponcaggdpmoiadjbafihlojbco [2014-03-24]

CHR Extension: (WhatFont) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-03-24]

CHR Extension: (Freemake Video Converter) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-08-12]

CHR Extension: (Color Picker) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcmgligingjhdnhdhgepemlckgcgmgaj [2014-09-12]

CHR Extension: (Page Ruler) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2014-03-26]

CHR Extension: (Window Resizer) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2014-03-24]

CHR Extension: (Google Wallet) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]

CHR Extension: (SEO for Chrome) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2014-03-24]

CHR Extension: (Adblock Pro) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-03-24]

CHR Extension: (Image Size Info) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2014-03-24]

CHR Extension: (SEO Global For Google Search™) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2014-03-24]

CHR Extension: (One Window) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\papnlnnbddhckngcblfljaelgceffobn [2014-03-24]

CHR Extension: (Gmail) - C:\Users\Johnnys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-24]

CHR Extension: (RoboForm) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome [2014-03-25]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-08-12]

CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-08-12]

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-04] (AVAST Software)

S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)

S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)

S4 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87928 2012-03-22] (CyberLink Corp.)

S2 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-06-27] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-06-27] (Creative Labs) [File not signed]

R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]

S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75640 2012-03-22] (CyberLink)

S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296824 2012-03-22] (CyberLink)

S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-03-25] (Macrovision Europe Ltd.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2012-05-10] ()

R2 WinAutomation Service; C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe [252016 2014-04-21] (Softomotive) [File not signed]

S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-04] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-04] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()

R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)

R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-03-24] (DT Soft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-14] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-11-17] (CyberLink Corp.)

R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-02-16] (CyberLink Corp.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]

S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-14 13:58 - 2014-09-14 13:59 - 00030091 _____ () C:\Users\Johnnys\Desktop\FRST.txt

2014-09-14 13:58 - 2014-09-14 13:59 - 00000000 ____D () C:\FRST

2014-09-14 13:57 - 2014-09-14 13:58 - 02105856 _____ (Farbar) C:\Users\Johnnys\Desktop\FRST64.exe

2014-09-12 12:11 - 2014-09-12 12:11 - 00001992 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk

2014-09-12 10:58 - 2014-09-12 10:58 - 00000000 ____D () C:\Users\Public\Documents\AKVIS

2014-09-11 19:08 - 2014-09-11 19:08 - 00003608 _____ () C:\Users\Johnnys\Documents\Printer accessories.msam-journal

2014-09-11 14:40 - 2014-09-11 19:08 - 00019456 _____ () C:\Users\Johnnys\Documents\Printer accessories.msam

2014-09-03 13:55 - 2014-09-03 13:55 - 00016484 _____ () C:\Users\Johnnys\Downloads\D8.tmp

2014-09-03 13:51 - 2014-09-03 13:51 - 00016484 _____ () C:\Users\Johnnys\Downloads\2C7F.tmp

2014-08-29 09:12 - 2007-02-02 11:34 - 00000293 _____ () C:\Windows\SysWOW64\readme.txt

2014-08-29 09:12 - 2004-05-04 10:53 - 01645320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll

2014-08-29 09:12 - 2003-09-10 15:06 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll

2014-08-29 09:12 - 2003-02-28 17:26 - 00947472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjava.dll

2014-08-29 09:12 - 2002-12-04 09:57 - 00651264 _____ () C:\Windows\SysWOW64\libeay32.dll

2014-08-29 09:12 - 2002-12-04 09:57 - 00147456 _____ () C:\Windows\SysWOW64\ssleay32.dll

2014-08-29 09:12 - 2002-01-05 05:48 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll

2014-08-29 09:12 - 2002-01-05 04:38 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvci70.dll

2014-08-29 09:12 - 2002-01-05 03:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll

2014-08-29 09:09 - 2014-09-12 11:59 - 00000000 ____D () C:\Program Files (x86)\Render Plus Systems

2014-08-29 09:01 - 2014-09-12 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group

2014-08-29 08:58 - 2014-09-14 12:35 - 00000000 ____D () C:\ProgramData\ASGVIS

2014-08-28 19:31 - 2014-08-28 19:33 - 174606558 _____ () C:\Users\Johnnys\AppData\Local\ACCCx2_7_1_418.zip.aamdownload

2014-08-28 19:31 - 2014-08-28 19:33 - 00002111 _____ () C:\Users\Johnnys\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd

2014-08-28 17:46 - 2014-08-28 17:46 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\java

2014-08-24 15:35 - 2014-08-26 08:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-08-24 15:35 - 2014-08-24 15:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-08-24 15:35 - 2014-08-24 15:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-08-24 15:35 - 2014-08-24 15:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-08-24 15:35 - 2014-08-24 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 09:00 - 2014-08-21 09:02 - 00000000 ____D () C:\Users\Johnnys\AppData\Local\SCF

2014-08-20 13:16 - 2014-08-20 13:16 - 00000000 ____D () C:\Users\Johnnys\AppData\Local\SpaceClaim

2014-08-20 12:38 - 2014-08-20 12:38 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignSpark Mechanical 1.0.lnk

2014-08-20 12:38 - 2014-08-20 12:38 - 00002109 _____ () C:\Users\Public\Desktop\DesignSpark Mechanical 1.0.lnk

2014-08-20 12:37 - 2014-08-20 13:16 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\SpaceClaim

2014-08-20 12:37 - 2014-08-20 13:14 - 00000000 ____D () C:\ProgramData\SpaceClaim

2014-08-20 12:37 - 2014-08-20 12:37 - 00000000 ____D () C:\Program Files\DesignSpark

2014-08-18 15:20 - 2014-08-18 15:20 - 06052529 _____ (Tim Kosse) C:\Users\Johnnys\Downloads\FileZilla_3.9.0.3_win32-setup.exe

2014-08-17 20:05 - 2014-09-14 12:59 - 00003754 _____ () C:\Windows\System32\Tasks\AutoKMS

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-14 13:59 - 2014-09-14 13:58 - 00030091 _____ () C:\Users\Johnnys\Desktop\FRST.txt

2014-09-14 13:59 - 2014-09-14 13:58 - 00000000 ____D () C:\FRST

2014-09-14 13:58 - 2014-09-14 13:57 - 02105856 _____ (Farbar) C:\Users\Johnnys\Desktop\FRST64.exe

2014-09-14 13:57 - 2014-03-24 18:17 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\Skype

2014-09-14 13:25 - 2014-06-17 09:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-14 13:19 - 2014-06-10 11:09 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-14 13:14 - 2014-03-24 20:50 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-239446909-1222475982-65556035-1000UA.job

2014-09-14 13:04 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-14 13:04 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-14 12:59 - 2014-08-17 20:05 - 00003754 _____ () C:\Windows\System32\Tasks\AutoKMS

2014-09-14 12:35 - 2014-08-29 08:58 - 00000000 ____D () C:\ProgramData\ASGVIS

2014-09-14 12:09 - 2014-03-24 17:21 - 01765666 _____ () C:\Windows\WindowsUpdate.log

2014-09-14 07:39 - 2014-06-27 09:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-14 01:19 - 2014-06-10 11:09 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-13 20:21 - 2014-03-24 20:50 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-239446909-1222475982-65556035-1000Core.job

2014-09-13 10:28 - 2014-07-30 07:46 - 00002885 _____ () C:\Windows\setupact.log

2014-09-13 04:10 - 2014-03-24 23:17 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\vlc

2014-09-12 20:44 - 2014-05-03 14:17 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\.minecraft

2014-09-12 15:32 - 2014-03-24 17:45 - 00061480 _____ () C:\Users\Johnnys\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-12 12:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-12 12:55 - 2009-07-14 05:45 - 00359184 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-12 12:46 - 2014-06-10 11:09 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-09-12 12:42 - 2014-03-25 13:54 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\FileZilla

2014-09-12 12:11 - 2014-09-12 12:11 - 00001992 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk

2014-09-12 12:11 - 2014-04-28 17:18 - 00001932 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk

2014-09-12 12:11 - 2014-03-24 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-09-12 12:10 - 2014-03-24 23:10 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-09-12 12:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-12 12:05 - 2014-03-24 17:35 - 00000000 ____D () C:\Users\Johnnys

2014-09-12 12:04 - 2014-05-06 13:44 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\Chief Architect Inc

2014-09-12 12:04 - 2014-04-11 20:32 - 00000000 ____D () C:\Users\Johnnys\AppData\Local\PokerStars

2014-09-12 12:04 - 2014-03-24 20:46 - 00000000 ____D () C:\Windows\AutoKMS

2014-09-12 12:04 - 2014-03-24 20:24 - 00000000 ___HD () C:\Users\Johnnys\AppData\Roaming\Skype Inc

2014-09-12 12:04 - 2014-03-24 19:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform

2014-09-12 12:04 - 2014-03-24 18:19 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\SkypeMate

2014-09-12 12:04 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-09-12 12:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-12 12:03 - 2014-08-29 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group

2014-09-12 12:03 - 2014-06-21 14:49 - 00000000 ____D () C:\Program Files (x86)\Market Samurai

2014-09-12 12:03 - 2014-06-10 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-09-12 12:03 - 2014-04-11 20:31 - 00000000 ____D () C:\Program Files (x86)\PokerStars

2014-09-12 12:03 - 2014-03-24 21:42 - 00000000 ____D () C:\ProgramData\Protexis

2014-09-12 12:03 - 2014-03-24 21:37 - 00000000 ____D () C:\ProgramData\Protexis64

2014-09-12 12:03 - 2014-03-24 18:59 - 00000000 ____D () C:\ProgramData\DAEMON Tools Pro

2014-09-12 12:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration

2014-09-12 12:01 - 2014-06-13 09:16 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\Aegisub

2014-09-12 12:01 - 2014-05-06 13:43 - 00000000 ___RD () C:\Users\Johnnys\Documents\Chief Architect Premier X6 Data

2014-09-12 12:01 - 2014-03-24 21:53 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\CyberLink

2014-09-12 12:00 - 2014-03-24 21:50 - 00000000 ____D () C:\ProgramData\CyberLink

2014-09-12 11:59 - 2014-08-29 09:09 - 00000000 ____D () C:\Program Files (x86)\Render Plus Systems

2014-09-12 11:59 - 2014-03-24 17:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-09-12 10:58 - 2014-09-12 10:58 - 00000000 ____D () C:\Users\Public\Documents\AKVIS

2014-09-12 10:58 - 2014-03-24 21:50 - 00000000 ____D () C:\ProgramData\Temp

2014-09-12 10:35 - 2014-03-28 22:45 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\DMCache

2014-09-12 08:54 - 2014-03-24 18:58 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\BitComet

2014-09-11 19:08 - 2014-09-11 19:08 - 00003608 _____ () C:\Users\Johnnys\Documents\Printer accessories.msam-journal

2014-09-11 19:08 - 2014-09-11 14:40 - 00019456 _____ () C:\Users\Johnnys\Documents\Printer accessories.msam

2014-09-11 08:48 - 2014-03-24 22:54 - 00000000 ____D () C:\Users\Johnnys\Documents\CyberLink

2014-09-03 18:06 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-09-03 13:55 - 2014-09-03 13:55 - 00016484 _____ () C:\Users\Johnnys\Downloads\D8.tmp

2014-09-03 13:51 - 2014-09-03 13:51 - 00016484 _____ () C:\Users\Johnnys\Downloads\2C7F.tmp

2014-08-28 19:33 - 2014-08-28 19:31 - 174606558 _____ () C:\Users\Johnnys\AppData\Local\ACCCx2_7_1_418.zip.aamdownload

2014-08-28 19:33 - 2014-08-28 19:31 - 00002111 _____ () C:\Users\Johnnys\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd

2014-08-28 19:31 - 2014-06-21 14:48 - 00000000 ____D () C:\Users\Johnnys\AppData\Local\Adobe

2014-08-28 17:46 - 2014-08-28 17:46 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\java

2014-08-28 10:22 - 2014-06-17 09:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-28 10:22 - 2014-04-21 02:22 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-28 10:22 - 2014-04-21 02:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-26 08:15 - 2014-08-24 15:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-08-26 08:14 - 2014-05-03 14:17 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-26 08:14 - 2014-05-03 14:16 - 00000000 ____D () C:\Program Files (x86)\Java

2014-08-24 23:17 - 2014-03-27 17:13 - 00704450 _____ () C:\Windows\system32\perfh007.dat

2014-08-24 23:17 - 2014-03-27 17:13 - 00154166 _____ () C:\Windows\system32\perfc007.dat

2014-08-24 23:17 - 2009-07-14 06:13 - 01637312 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-24 15:35 - 2014-08-24 15:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-08-24 15:35 - 2014-08-24 15:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-08-24 15:35 - 2014-08-24 15:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-08-24 15:35 - 2014-08-24 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 09:02 - 2014-08-21 09:00 - 00000000 ____D () C:\Users\Johnnys\AppData\Local\SCF

2014-08-20 13:16 - 2014-08-20 13:16 - 00000000 ____D () C:\Users\Johnnys\AppData\Local\SpaceClaim

2014-08-20 13:16 - 2014-08-20 12:37 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\SpaceClaim

2014-08-20 13:14 - 2014-08-20 12:37 - 00000000 ____D () C:\ProgramData\SpaceClaim

2014-08-20 12:38 - 2014-08-20 12:38 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignSpark Mechanical 1.0.lnk

2014-08-20 12:38 - 2014-08-20 12:38 - 00002109 _____ () C:\Users\Public\Desktop\DesignSpark Mechanical 1.0.lnk

2014-08-20 12:37 - 2014-08-20 12:37 - 00000000 ____D () C:\Program Files\DesignSpark

2014-08-19 21:50 - 2014-06-21 23:01 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-08-18 16:12 - 2014-03-25 13:44 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

2014-08-18 16:12 - 2014-03-25 13:44 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client

2014-08-18 15:20 - 2014-08-18 15:20 - 06052529 _____ (Tim Kosse) C:\Users\Johnnys\Downloads\FileZilla_3.9.0.3_win32-setup.exe

2014-08-16 21:30 - 2014-07-01 16:03 - 00001005 _____ () C:\Users\Johnnys\Desktop\Internet Download Manager.lnk

2014-08-16 21:30 - 2014-07-01 16:03 - 00000000 ____D () C:\Users\Johnnys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

 

Some content of TEMP:

====================

C:\Users\Johnnys\AppData\Local\Temp\AdobeApplicationManager.exe

C:\Users\Johnnys\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Johnnys\AppData\Local\Temp\vcredist_vs2005_x86.exe

C:\Users\Johnnys\AppData\Local\Temp\vcredist_vs2010_x64.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-06 03:02

 

==================== End Of Log ============================


 

 

 

 

 

Regards

 

John

Addition.txt

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • Click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
  • Save the file to your desktop and include its content in your next reply.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.