Jump to content

Home Network hijacked? Popup/Redirect on multiple devices

BalconyJedi
 Share

Recommended Posts

BalconyJedi

BalconyJedi

Posted
Posted

Hello there,

Up until last Tuesday night, everything was normal. I was browsing www.minecraftforum.net in Firefox on my gaming/entertainment PC (Win 7, Avast Antivirus, AdblockPlus, everything up to date) when a popup appeared (see screenshot taken later on). I don't usually get popups, so I kind of wondered what that was, then clicked on the X to close it. Then Firefox opened another tab, going to aviasales.ru which I closed. From that moment on, the popup appeared again periodically, Firefox opened new tabs every now and then and sometimes new windows, mostly with the aviasale website, but also some more dubious ones (webcams, humour, even porn). Sometimes it even changed from a legitimate website I was one to one I definitely didn't want to go.

I ran a full Avast virus scan (including boot-time scan, no results) and the Windows Defender, and downloaded Malwarebytes. I did that in Chrome, and hey, got that popup too in Chrome. So it's not browser related I thought, just great. I activated the Malwarebyte trial and did a full scan (including rootkits), the only result was a PUP.Optional.Conduit.A which I quarantined but that didn't change anything with my problem. While that scan was running, I was trying to find out more about the initial popup, I did that on my old, mostly unused though still updated laptop (Vista), using Opera browser, and of course, soon enough I got that popup too. THEN, because I felt "adventurous", I started browsing help sites on my Android phone (Dolphin Browser) and I wanted to scream: The same popup showed up there as well (see attached picture). By that point I was not only frustrated but actually scared. How can it even be that the same issue appears on three devices with different operating systems on four different browsers? Is my router/networked being hijacked? The only thing that's on all three I can think of is Dropbox, but I don't feel that could "transfer" the issue. My computer/laptops aren't in a homegroup. I also downloaded Malwarebytes on my phone now but it didn't find anything.

I also downloaded and ran AdwCleaner on my gaming PC, I attached the log. And I ran Microsoft Safety Scanner. I'm well aware by now that all this scanning was not a good idea and I should have looked for help earlier, but I successfully dealt with some malware in the past and didn't think it would blow out of proportions like that :( Since I installed Malwarebytes, it sometimes blocks maliciouos sites, see the Popup the screenshot and the attached Malwarebytes Protection log.

So if anybody has an idea what's going on, please let me know. Unfortunately I don't have that much time at home to troubleshoot (only in the evenings) but this is really eating away on me.
Thanks everybody, and sorry for the wall of text.
Ben (Eastern Canada)

post-179184-0-29991600-1417664353_thumb.

AdwCleanerS0.txt

post-179184-0-26272200-1417664517_thumb.

Malwarebyte Protection Log.txt

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hello BalconyJedi, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • If you are unable to copy/paste your logs directly into your post, please attach the file. 
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================
 
STEP 1
KOtu1Ft.png Router Reset
 
Consult Router Passwords to find out what default username and password for your brand of router and make a note of that for future reference. Alternatively, your may find the username/password written on the base of your router. If neither options are applicable, please contact the manufacturer of your router. 

Reset Router to Factory Default Settings:

  • Typically a reset can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)
  • In order to get to the router's server, type http:\\192.168.1.1 in the address bar and click Enter. You should see the log in window.
  • Fill in the password you have already found and you will get the configuration page.
  • Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard.
  • If you do not have a setup wizard you have to fill in the log in password your ISP has initially given to you. You can also call your ISP if you don't have your initial password.
  • Don't forget to change the routers default password and set a stronger, more complex password. Note down the password and keep it somewhere for future reference.
     

Please make sure of the following settings on your computer:

  • Click StartControl panel, then double-click Network and Sharing Center.
  • In the left window select Manage Network Connection.
  • In the right window right-click Local Area Connection and select Properties .
  • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it. Make sure of the following settings:
  • The option Obtain an IP address automatically should be checked.
  • The option Obtain DNS server address automatically should be checked.
  • Click OK.
  • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
  • The option Obtain an IP address automatically should be checked.
  • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you need to change any of these settings you will need to reboot your computer.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 3
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did your router reset OK?
  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached!)
Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Hello Adam,

 

Thank you very much for providing assistance. Please call me Ben.

I'm on my way to work, so I will start with the router reset tonight as soon as I can and then check back here, but most likely not before 11pm (EST). I hope I will be able to set up my internet connection again, I didn't have to mess with that in 5 years, but I do have all my login data at least.

 

Thanks again,

Ben

Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Hi Adam,

 

I followed all your steps. My router did reset OK, and I set up a new admin password.

I pasted FRST.txt and Addition.txt here, but the forum thinks my post is too long, so I attached Addition.txt instead, and I have attached the TDSSKiller log.

One question: I did all this on my main PC that's plugged directly into my modem/router (TP-Link TD-W8901G) where I first encountered the symptoms. Should I run the checks on my laptops too and create new replies for those reports? (Obviously I can't do anything like that on my phone.)

 

Thanks again and good night, here come the reports (it's a very long post, is there a way to put that in spoilers or is it okay like this?):

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Ben (administrator) on GAMINGTHING on 04-12-2014 22:50:25
Running from C:\Users\Ben\Desktop
Loaded Profile: Ben (Available profiles: Ben)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Users\Ben\AppData\Local\JogoBox\JogoBoxService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Dropbox, Inc.) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
(Applian Technologies, Inc.) C:\Program Files (x86)\Freecorder\FLVSrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Freecorder FLV Service] => C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936 2011-03-24] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [Google Update] => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [icq] => C:\Users\Ben\AppData\Roaming\ICQM\icq.exe [26599784 2013-02-03] (ICQ)
HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\MountPoints2: {66e498bd-7253-11e0-a8a5-806e6f6e6963} - D:\Bin\assetup.exe
HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\MountPoints2: {9814333f-7258-11e0-9f40-806e6f6e6963} - D:\Autorun.exe
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTemp GT.lnk
ShortcutTarget: RealTemp GT.lnk -> C:\Program Files (x86)\RealTemp_360\RealTempGT.exe (uWebb Software)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows7FirewallControl.lnk
ShortcutTarget: Windows7FirewallControl.lnk -> C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2124055293-823835824-744022225-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
HKU\S-1-5-21-2124055293-823835824-744022225-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6C18C9CC153CC01
HKU\S-1-5-21-2124055293-823835824-744022225-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: @talk.google.com/O1DPlugin -> C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2124055293-823835824-744022225-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ben\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ben\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\canoonet.xml
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\grooveshark.xml
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\leo-deu-eng.xml
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\minecraft-wiki-en.xml
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\searchplugins\youtube-video-search.xml
FF Extension: German Dictionary - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: British English Dictionary - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-04-28]
FF Extension: United States English Spellchecker - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-04-01]
FF Extension: Dictionnaire français «Moderne» - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\fr-moderne@dictionaries.addons.mozilla.org [2011-10-08]
FF Extension: MinimizeToTray revived (MinTrayR) - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\mintrayr@tn123.ath.cx [2012-11-26]
FF Extension: GMX MailCheck - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\toolbar@gmx.net [2014-09-18]
FF Extension: DownloadHelper - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: FoxClocks - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-24]
FF Extension: DivX Web Player - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-10-15]
FF Extension: Hilarious Webcomic Manager - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\hilarious@axnjaxn.com.xpi [2012-01-07]
FF Extension: Translate This! - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2012-08-14]
FF Extension: Enhanced Steam - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2014-10-30]
FF Extension: The Addon Bar (restored) - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-05-02]
FF Extension: Minimize On Start and Close - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\{480adee0-f020-4fef-917d-b05502b17aaf}.xpi [2011-04-28]
FF Extension: Adblock Plus - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-29]
FF Extension: DownThemAll! - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\30hr0lgk.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-29]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://start.icq.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Quickrr World Clock) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnbnekhpkkfaobjalnhdoofajkghidp [2011-08-11]
CHR Extension: (Angry Birds) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-02-09]
CHR Extension: (Beautiful landscape) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2012-09-29]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-02]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-02]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKU\S-1-5-21-2124055293-823835824-744022225-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-18]
CHR StartMenuInternet: Google Chrome - C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-04-30] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
U2 HiPatchService; F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-08-15] (Hi-Rez Studios) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5405456 2014-11-12] (TeamViewer GmbH)
R2 TWEService; C:\Users\Ben\AppData\Local\JogoBox\JogoBoxService.exe [150032 2013-08-14] ()
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [610816 2011-04-06] (Sphinx Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-18] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-08-14] ()
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-08-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S1 ntiomin; No ImagePath
S3 WinRing0_1_2_0; C:\Program Files (x86)\RealTemp_360\WinRing0x64.sys [14544 2011-05-04] (OpenLibSys.org)
R3 ALSysIO; \??\C:\Users\Ben\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 22:50 - 2014-12-04 22:50 - 00023723 _____ () C:\Users\Ben\Desktop\FRST.txt
2014-12-04 22:50 - 2014-12-04 22:50 - 00000000 ____D () C:\FRST
2014-12-04 18:45 - 2014-12-04 18:45 - 02117632 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2014-12-03 22:25 - 2014-12-03 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-03 22:25 - 2014-12-03 22:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-02 21:45 - 2014-12-02 21:47 - 00000000 ____D () C:\AdwCleaner
2014-12-02 21:43 - 2014-12-02 21:43 - 02154496 _____ () C:\Users\Ben\Desktop\AdwCleaner.exe
2014-12-02 21:26 - 2014-12-02 21:26 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Ben\Desktop\RUBottedSetup.exe
2014-12-02 19:46 - 2014-12-02 19:48 - 123926776 _____ (Microsoft Corporation) C:\Users\Ben\Desktop\msert.exe
2014-11-22 20:22 - 2014-11-22 20:22 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-11-18 18:35 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 18:35 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 18:35 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 18:35 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 18:28 - 2014-11-18 18:28 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-18 18:28 - 2014-11-18 18:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-12 18:03 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-12 18:03 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-12 18:03 - 2012-02-11 01:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-11-12 18:03 - 2012-02-11 01:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-11-11 19:21 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-11 19:21 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-11-11 19:06 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-11-11 19:06 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-11-11 19:06 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-11-11 19:06 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-11-11 19:02 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-11 19:02 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-11 19:02 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-11 19:02 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-11 19:02 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-11 19:02 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-11 19:02 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-11 19:02 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-11 19:02 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-11 19:02 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-11 19:02 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-11 19:02 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-11 19:02 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-11 19:02 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-11 19:02 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-11 19:02 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-11 18:58 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-11 18:58 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-11 18:58 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-11-11 18:58 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-11-11 18:54 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-11-11 18:54 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-11-11 18:54 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-11-11 18:54 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-11-11 18:54 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-11-11 18:54 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-11-11 18:54 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-11-11 18:54 - 2012-06-02 09:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-11-11 18:49 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-11-11 18:49 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-11-11 18:48 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 18:48 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 18:48 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-11 18:48 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-11 18:48 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-11 18:48 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-11-11 18:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-11 18:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-11 18:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-11 18:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-11 18:48 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-11 18:48 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-11 18:48 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-11 18:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-11 18:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-11 18:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-11 18:48 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-11-11 18:48 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-11 18:48 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-11 18:48 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-11 18:48 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-11 18:48 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-11 18:48 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-11-11 18:48 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-11-11 18:48 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-11-11 18:48 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-11-11 18:48 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-11-11 18:48 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-11-11 18:48 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-11-11 18:48 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-11-11 18:48 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-11-11 18:48 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-11-11 18:48 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-11-11 18:48 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-11-11 18:48 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-11-11 18:48 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-11-11 18:48 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-11-11 18:48 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-11-11 18:48 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-11-11 18:48 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-11-11 18:48 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-11-11 18:48 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-11-11 18:48 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-11-11 18:48 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-11-11 18:48 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-11-11 18:48 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-11-11 18:48 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-11-11 18:48 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-11-11 18:48 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-11-11 18:48 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-11-11 18:48 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-11-11 18:48 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-11-11 18:48 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-11-11 18:48 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-11-11 18:48 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-11-11 18:48 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-11-11 18:48 - 2012-12-07 08:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-11-11 18:48 - 2012-12-07 08:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-11-11 18:48 - 2012-12-07 07:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-11-11 18:48 - 2012-12-07 07:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-11-11 18:48 - 2012-12-07 06:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-11-11 18:48 - 2012-12-07 06:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-11-11 18:48 - 2012-12-07 06:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-11-11 18:48 - 2012-12-07 06:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-11-11 18:48 - 2012-12-07 06:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-11-11 18:48 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-11-11 18:48 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-11-11 18:48 - 2012-12-07 06:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-11-11 18:48 - 2012-12-07 06:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-11-11 18:48 - 2012-12-07 06:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-11-11 18:48 - 2012-12-07 06:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-11-11 18:48 - 2012-12-07 06:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-11-11 18:48 - 2012-12-07 06:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-11-11 18:48 - 2012-12-07 06:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-11-11 18:48 - 2012-12-07 05:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-11-11 18:48 - 2012-10-09 13:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-11-11 18:48 - 2012-10-09 13:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-11-11 18:48 - 2012-10-09 12:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-11-11 18:48 - 2012-10-09 12:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-11-11 18:48 - 2012-10-03 12:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-11-11 18:48 - 2012-10-03 12:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-11-11 18:48 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-11-11 18:48 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-11-11 18:48 - 2012-10-03 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-11-11 18:48 - 2012-10-03 12:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-11-11 18:48 - 2012-10-03 11:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-11-11 18:48 - 2012-10-03 11:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-11-11 18:48 - 2012-10-03 11:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-11-11 18:48 - 2012-10-03 11:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-11-11 18:48 - 2012-08-22 13:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-11-11 18:48 - 2012-08-21 16:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-11-11 18:48 - 2012-07-04 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-11-11 18:48 - 2012-05-01 00:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-11-11 18:48 - 2012-01-13 02:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-11-11 18:35 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 18:35 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 18:35 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 18:35 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 18:35 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 18:35 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 18:35 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 18:35 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 18:35 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 18:35 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 18:35 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 18:35 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-11-11 18:35 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-11-11 18:35 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-11-11 18:35 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-11-11 18:35 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-11-11 18:35 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-11-11 18:35 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-11-11 18:34 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 18:34 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 18:34 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 18:34 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 18:34 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 18:34 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 18:34 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 18:34 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 18:34 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 18:34 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 18:34 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 18:34 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 18:34 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 18:34 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 18:34 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 18:34 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 18:34 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 18:34 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 18:34 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 18:34 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 18:34 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 18:34 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 18:34 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 18:34 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 18:34 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 18:34 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 18:34 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 18:34 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 18:34 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 18:34 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 18:34 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 18:34 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 18:34 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 18:34 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 18:34 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 18:34 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 18:34 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 18:34 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 18:34 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 18:34 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 18:34 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 18:34 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 18:34 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 18:34 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 18:34 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 18:34 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-11-11 18:34 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-11-11 18:34 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-11-11 18:33 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-11 18:33 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-11 18:33 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 18:33 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 18:33 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-11-11 18:32 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 18:32 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 18:32 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 18:32 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 18:32 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 18:32 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 18:32 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 18:32 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 18:32 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 18:32 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 18:32 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 18:32 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 18:32 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 18:32 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 18:32 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 18:32 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 18:32 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 18:32 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 18:32 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 18:32 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 18:32 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 18:32 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 18:32 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 18:32 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 18:32 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 18:32 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 18:32 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 18:32 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 18:32 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 18:32 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 18:32 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 18:32 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 18:32 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 18:32 - 2013-01-24 01:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-11-11 18:32 - 2012-05-05 03:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-11-11 18:32 - 2012-05-05 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-11-11 18:31 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 18:31 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 18:31 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 18:30 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 18:30 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-10 18:51 - 2014-11-10 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 13:54 - 2014-11-08 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 22:50 - 2013-02-04 22:15 - 00000000 ___RD () C:\Users\Ben\Google Drive
2014-12-04 22:49 - 2011-04-29 06:32 - 01998255 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 22:48 - 2012-07-04 06:57 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-04 22:48 - 2011-04-28 20:21 - 00000000 ___RD () C:\Users\Ben\Dropbox
2014-12-04 22:48 - 2011-04-28 20:21 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Dropbox
2014-12-04 22:46 - 2014-04-22 18:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-04 22:46 - 2012-01-15 11:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 22:46 - 2011-04-28 20:56 - 00000000 ____D () C:\Users\Ben\AppData\Local\LogMeIn Hamachi
2014-12-04 22:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 22:46 - 2009-07-13 23:51 - 00172045 _____ () C:\Windows\setupact.log
2014-12-04 22:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-04 22:36 - 2009-07-13 23:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 22:36 - 2009-07-13 23:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 22:34 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-04 19:21 - 2011-05-21 11:32 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2124055293-823835824-744022225-1000UA.job
2014-12-04 18:57 - 2012-07-18 07:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-04 18:52 - 2012-01-15 11:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 18:38 - 2014-04-22 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 18:38 - 2014-04-22 18:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 22:39 - 2013-07-07 20:16 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uTorrent
2014-12-02 21:48 - 2011-04-29 07:02 - 00275538 _____ () C:\Windows\PFRO.log
2014-12-02 21:47 - 2011-10-05 17:26 - 00000000 ____D () C:\ProgramData\ICQ
2014-11-30 20:14 - 2011-08-06 21:24 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\.minecraft
2014-11-26 18:57 - 2012-07-18 07:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 18:57 - 2012-04-10 17:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 18:57 - 2011-05-13 22:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-23 14:21 - 2011-05-21 11:32 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2124055293-823835824-744022225-1000Core.job
2014-11-23 09:05 - 2011-04-29 07:02 - 00065584 _____ () C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-23 09:03 - 2009-07-13 23:45 - 00299728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-22 20:22 - 2012-07-01 11:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-22 18:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-21 19:52 - 2011-04-30 12:56 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-11-21 19:52 - 2011-04-30 12:56 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-11-21 18:46 - 2011-04-29 06:55 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 06:14 - 2014-04-22 18:13 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-04-22 18:13 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-04-22 18:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 18:28 - 2014-04-22 18:32 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-18 18:28 - 2014-01-07 07:57 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-18 18:28 - 2013-03-05 18:14 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-18 18:28 - 2013-03-05 18:14 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-18 18:28 - 2012-02-24 18:28 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-18 18:28 - 2011-04-29 06:55 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-18 18:28 - 2011-04-29 06:55 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-17 20:23 - 2011-04-28 21:17 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Skype
2014-11-16 17:13 - 2014-05-02 15:35 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Guild Wars 2
2014-11-15 14:16 - 2011-05-21 11:32 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2124055293-823835824-744022225-1000UA
2014-11-15 14:16 - 2011-05-21 11:32 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2124055293-823835824-744022225-1000Core
2014-11-14 19:47 - 2012-01-15 11:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 19:47 - 2012-01-15 11:57 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 18:47 - 2011-04-28 20:21 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 18:51 - 2011-10-05 17:19 - 00000000 ____D () C:\Program Files (x86)\ICQ7.6
2014-11-11 20:20 - 2011-08-30 21:53 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-11 19:16 - 2011-04-29 07:07 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Mozilla
2014-11-11 19:09 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-11 19:08 - 2012-04-28 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 19:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-11 19:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-11 19:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-11 19:04 - 2011-07-11 17:53 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-11 18:53 - 2013-08-14 22:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 18:50 - 2011-05-01 17:13 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 22:12 - 2014-06-03 19:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-08 13:54 - 2011-06-10 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-08 13:54 - 2011-04-28 21:16 - 00000000 ____D () C:\ProgramData\Skype
2014-11-06 18:48 - 2013-02-04 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-04 14:30 - 2011-04-29 06:46 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\AutoRun.exe
C:\Users\Ben\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll1331454246424888356.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll1827947999016689267.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll2491803838511475399.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll3512204222051871070.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll3592425255036692925.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll4749961568662767334.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll5819461704167899060.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll654430894519709366.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll6569901206582923769.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll6949729159658131512.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll7682778882318700763.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll7915004541468703617.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll9019771622133271778.dll
C:\Users\Ben\AppData\Local\Temp\bridj.dll9058929892164767200.dll
C:\Users\Ben\AppData\Local\Temp\certutil.exe
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojfvdl.dll
C:\Users\Ben\AppData\Local\Temp\GURD492.exe
C:\Users\Ben\AppData\Local\Temp\Gw2.exe
C:\Users\Ben\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ben\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ben\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\Ben\AppData\Local\Temp\jre-8u20-windows-au.exe
C:\Users\Ben\AppData\Local\Temp\msvcr71.dll
C:\Users\Ben\AppData\Local\Temp\nspr4.dll
C:\Users\Ben\AppData\Local\Temp\nss3.dll
C:\Users\Ben\AppData\Local\Temp\plc4.dll
C:\Users\Ben\AppData\Local\Temp\plds4.dll
C:\Users\Ben\AppData\Local\Temp\Quarantine.exe
C:\Users\Ben\AppData\Local\Temp\SCC.dll
C:\Users\Ben\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Ben\AppData\Local\Temp\sfextra.dll
C:\Users\Ben\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ben\AppData\Local\Temp\smime3.dll
C:\Users\Ben\AppData\Local\Temp\softokn3.dll
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
C:\Users\Ben\AppData\Local\Temp\SymCCIS.dll
C:\Users\Ben\AppData\Local\Temp\tmpE0AD.exe
C:\Users\Ben\AppData\Local\Temp\Wildstar.exe
C:\Users\Ben\AppData\Local\Temp\_is8D51.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-26 19:04

==================== End Of Log ============================

TDSSKiller.3.0.0.41_04.12.2014_22.51.55_log.txt

Addition.txt

Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Sorry for the double post, I just couldn't go to sleep without it. I ran the same checks on my Win 8.1 laptop (plugged it directly into the modem/router as well). While downloading the tools, Malwarebytes blocked this

Malicious Website Protection, IP, 5.149.250.79, litekristty.uk.to, 55029, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

Here are the logs for the Win 8.1 laptop:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Benjamin (administrator) on G505S on 04-12-2014 23:23:49
Running from C:\Users\Benjamin\Desktop
Loaded Profile: Benjamin (Available profiles: Benjamin & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-09-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-09-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-31] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Run: [Google Update] => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-23] (Google Inc.)
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\S-1-5-21-137688557-3577635493-2510575898-1002 -> DefaultScope {3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F} URL =
SearchScopes: HKU\S-1-5-21-137688557-3577635493-2510575898-1002 -> {3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default-1416363965997
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @talk.google.com/O1DPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default-1416363965997\searchplugins\leo-eng-deu-v20.xml
FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default-1416363965997\searchplugins\minecraft-wiki-en.xml
FF Extension: GMX MailCheck - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default-1416363965997\Extensions\toolbar@gmx.net [2014-11-19]
FF Extension: Hilarious Webcomic Manager - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default-1416363965997\Extensions\hilarious@axnjaxn.com.xpi [2014-11-18]
FF Extension: Minimize On Start and Close - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default-1416363965997\Extensions\{480adee0-f020-4fef-917d-b05502b17aaf}.xpi [2014-11-18]
FF Extension: Adblock Plus - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default-1416363965997\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-30]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://start.icq.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-27]
CHR Extension: (Beautiful landscape) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-03-27]
CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-04]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23]
CHR Extension: (Adblock Plus) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-29]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23]
CHR Extension: (Avast Online Security) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23]
CHR HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-24] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-30] (AVAST Software)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-18] (Stardock Software, Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5405456 2014-11-12] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-09-02] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-24] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-30] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 23:23 - 2014-12-04 23:24 - 00022370 _____ () C:\Users\Benjamin\Desktop\FRST.txt
2014-12-04 23:22 - 2014-12-04 23:24 - 00000000 ____D () C:\FRST
2014-12-04 23:22 - 2014-12-04 23:22 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Benjamin\Desktop\tdsskiller.exe
2014-12-04 23:21 - 2014-12-04 23:21 - 02117632 _____ (Farbar) C:\Users\Benjamin\Desktop\FRST64.exe
2014-12-03 07:50 - 2014-12-04 18:50 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-03 07:50 - 2014-12-03 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 07:50 - 2014-12-03 07:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 07:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-03 07:50 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-03 07:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-19 08:04 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 08:04 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 08:04 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 08:04 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-18 21:26 - 2014-11-18 21:26 - 00000000 ____D () C:\Users\Benjamin\Desktop\Old Firefox Data
2014-11-17 20:54 - 2014-11-17 20:54 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-11-15 20:21 - 2014-11-15 20:21 - 00000000 __SHD () C:\found.000
2014-11-11 18:51 - 2014-11-20 15:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-11 18:51 - 2014-11-20 15:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 18:21 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-11 18:21 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-11 18:20 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-11 18:20 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-11 18:19 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-11 18:19 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-11 18:19 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-11 18:19 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-11 18:19 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-11 18:19 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-11 18:19 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-11 18:19 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-11 18:19 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-11 18:19 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-11 18:19 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-11 18:19 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-11 18:19 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-11 18:19 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-11 18:19 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-11 18:19 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-11 18:19 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-11 18:19 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-11 18:19 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-11 18:19 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-11 18:19 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-11 18:19 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-11 18:19 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-11 18:19 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-11 18:19 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-11 18:19 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-11 18:19 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-11 18:19 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-11 18:19 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-11 18:19 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-11 18:19 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-11 18:19 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-11 18:19 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-11 18:19 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-11 18:19 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-11 18:19 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-11 18:19 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-11 18:19 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-11 18:19 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-11 18:19 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-11 18:19 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-11 18:19 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-11 18:19 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-11 18:19 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-11 18:19 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-11 18:19 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-11 18:19 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-11 18:19 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-11 18:19 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-11 18:19 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-11 18:19 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-11 18:19 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-11 18:19 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-11 18:19 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-11 18:19 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-11 18:19 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-11 18:19 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-11 18:19 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-11 18:19 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-11 18:19 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-11 18:19 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-11 18:19 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-11 18:19 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-11 18:19 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-11 18:19 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-11 18:19 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-11 18:19 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-11 18:19 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 18:19 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-11 18:19 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-11 18:19 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-11 18:19 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-11 18:19 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-11 18:19 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-11 18:19 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-11 18:19 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-11 18:19 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-11 18:19 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-11 18:19 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-11 18:19 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-11 18:19 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-11 18:19 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-11 18:19 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-11 18:19 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-11 18:19 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-11 18:19 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-11 18:19 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-11 18:19 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-11 18:19 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-11 18:19 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-11 18:19 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-11 18:19 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-11 18:19 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-11 18:19 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-11 18:19 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-11 18:19 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-11 18:19 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-11 18:19 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-11 18:19 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-11 18:19 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-11 18:19 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-11 18:19 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-11 18:19 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-11 18:19 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-11 18:19 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-11 18:19 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-11 18:19 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-11 18:18 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-11 18:18 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-11 18:18 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-11 18:18 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-11 18:18 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-11 18:18 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-11 18:18 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-11 18:18 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-11 18:18 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-11 18:18 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-11 18:18 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-11 18:18 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-11 18:18 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-11 18:18 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-11 18:18 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-11 18:18 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-11 18:18 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-11 18:18 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-11 18:18 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-11 18:18 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-11 18:18 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-11 18:18 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-11 18:18 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-11 18:18 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-11 18:18 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-11 18:18 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-11 18:18 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-11 18:18 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-11 18:18 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-11 18:18 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-11 18:18 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-11 18:18 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-11 18:18 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-11 18:18 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-11 18:18 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-11 18:18 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-11 18:18 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-11 18:18 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-11 18:18 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-11 18:18 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-11 18:18 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-11 18:18 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-11 18:18 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-11 18:18 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-11 18:18 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-11 18:18 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-11 18:18 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-11 18:18 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-11 18:18 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-11 18:18 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-11 18:18 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-11 18:18 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-11 18:18 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-11 18:18 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-11 18:18 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-11 18:18 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-11 18:18 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-11 18:18 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-11 18:18 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-11 18:18 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-11 18:18 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-11 18:18 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-11 18:18 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-11 18:18 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-11 18:18 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-11 18:18 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-11 18:18 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-11 18:18 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-11 18:18 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-11 18:18 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-11 18:17 - 2014-09-07 17:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-11 18:17 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-11 18:17 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 23:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-04 22:54 - 2014-04-19 09:33 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 22:54 - 2013-12-23 16:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-04 22:51 - 2013-12-23 17:10 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002UA.job
2014-12-04 22:26 - 2014-04-25 19:25 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Skype
2014-12-04 19:25 - 2014-01-07 22:34 - 01348430 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-04 18:54 - 2014-04-19 09:33 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 18:52 - 2013-12-23 17:10 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002Core.job
2014-12-04 18:45 - 2013-12-22 17:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-137688557-3577635493-2510575898-1002
2014-12-04 18:42 - 2013-08-22 09:46 - 00349965 _____ () C:\WINDOWS\setupact.log
2014-12-04 18:33 - 2014-10-19 11:46 - 00000000 ___RD () C:\Users\Benjamin\Google Drive
2014-12-04 18:33 - 2013-12-23 15:15 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\CrashDumps
2014-12-04 18:33 - 2013-12-23 15:14 - 00000000 ___RD () C:\Users\Benjamin\Dropbox
2014-12-04 18:33 - 2013-12-23 15:12 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Dropbox
2014-12-04 18:32 - 2014-04-09 16:48 - 00000000 __RDO () C:\Users\Benjamin\SkyDrive
2014-12-04 18:27 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-04 08:25 - 2013-12-23 12:36 - 13666594 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-03 21:20 - 2014-07-17 13:04 - 00003824 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405620264
2014-12-03 21:20 - 2014-07-17 13:04 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-03 21:20 - 2014-07-17 13:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-01 19:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-29 15:36 - 2013-12-23 15:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-28 09:42 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-25 22:54 - 2013-12-23 16:49 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-22 16:35 - 2014-10-30 17:33 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-20 07:59 - 2013-12-22 17:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-20 07:59 - 2013-11-14 02:20 - 00046736 _____ () C:\WINDOWS\PFRO.log
2014-11-20 07:59 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-20 07:59 - 2013-08-22 09:44 - 00362632 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-20 07:58 - 2014-10-23 15:21 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2014-11-20 07:58 - 2013-09-02 12:55 - 00012800 _____ () C:\WINDOWS\system32\VfService.trf
2014-11-20 07:58 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-17 20:54 - 2014-05-24 17:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-16 08:37 - 2013-12-23 15:13 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 17:54 - 2013-12-22 17:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-14 22:37 - 2013-12-23 16:59 - 00000000 ____D () C:\ProgramData\Skype
2014-11-14 22:36 - 2014-10-27 21:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-14 18:49 - 2014-04-19 09:33 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 18:49 - 2014-04-19 09:33 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 18:46 - 2013-12-23 17:10 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002UA
2014-11-14 18:46 - 2013-12-23 17:10 - 00003504 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002Core
2014-11-11 21:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-11 18:54 - 2013-12-22 17:10 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Mozilla
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-11 18:33 - 2013-12-23 13:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-11 18:25 - 2013-12-23 13:51 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Benjamin\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
C:\Users\Benjamin\AppData\Local\Temp\AutoRun.exe
C:\Users\Benjamin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Benjamin\AppData\Local\Temp\bridj.dll1400041389159444002.dll
C:\Users\Benjamin\AppData\Local\Temp\bridj.dll4930453768109546992.dll
C:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfex1th.dll
C:\Users\Benjamin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Benjamin\AppData\Local\Temp\sfareca00001.dll
C:\Users\Benjamin\AppData\Local\Temp\sfextra.dll
C:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-20 19:08

==================== End Of Log ============================

 

 

 

Additional.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Benjamin at 2014-12-04 23:25:53
Running from C:\Users\Benjamin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510nz_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.2.0 - AppEx Networks)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Commander Keen Complete Pack (HKLM-x32\...\Steam App 9180) (Version:  - id Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
Darkwood (HKLM-x32\...\Steam App 274520) (Version:  - Acid Wizard Studio)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gunpoint Demo (HKLM-x32\...\Steam App 240570) (Version:  - Suspicious Developments)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Incredipede (HKLM-x32\...\Steam App 230150) (Version:  - Colin Northway with art by Thomas Shahan)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Knights of Pen and Paper +1 (HKLM-x32\...\Steam App 231740) (Version:  - Behold Studios)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mountain (HKLM-x32\...\Steam App 313340) (Version:  - David OReilly)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OEM Application Profile (HKLM-x32\...\{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 26.0.1656.32 (HKLM-x32\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Proteus (HKLM-x32\...\Steam App 219680) (Version:  - Ed Key and David Kanaga)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.316 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.39042 - Realtek Semiconductor Corp.)
Salt Demo (HKLM-x32\...\Steam App 327870) (Version:  - Lavaboots Studios)
Samorost 2 (HKLM-x32\...\Steam App 40720) (Version:  - Amanita Design)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Settlers 2 GOLD (HKLM-x32\...\GOGPACKSETTLERS2GOLD_is1) (Version: 2.0.0.14 - GOG.com)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.45 - Stardock Software, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.35436 Beta - TeamViewer)
Ticket to Ride (HKLM-x32\...\Steam App 108200) (Version:  - Days of Wonder)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
VoipStunt (HKLM-x32\...\VoipStunt_is1) (Version: 4.13 build 737 - Finarea S.A. Switzerland)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windosill (HKLM-x32\...\Steam App 37600) (Version:  - Vectorpark, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

11-11-2014 23:21:43 Windows Update
19-11-2014 23:41:47 Windows Update
28-11-2014 14:39:55 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02B122C9-04EA-4F00-BD84-7415AB455D8B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-19] (Google Inc.)
Task: {0BDE4A03-815D-488E-B73E-E7750829D8B8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {3ED36C67-0E79-48A3-AFC7-86DCB45C7A6B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {478154C8-B2A3-4663-BB1F-9B2999696A46} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {4F7863EA-13F4-4114-B567-F7BC1DC1EEB9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {527B7015-FC44-4C6B-AC8E-11D3612B79C6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-11] (Microsoft Corporation)
Task: {7CC9BB62-A961-4081-BB5F-851313D3B5F4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-30] (AVAST Software)
Task: {899579DA-BF99-44D2-B0C9-45B55A5E184C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {BB33E3E0-E528-4B05-AE75-06DED800C090} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002UA => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {BBEA8DE9-F32F-484F-95B5-C27514D5EB8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-19] (Google Inc.)
Task: {E606A2FC-DD5D-4550-8297-B74E6C2F3ED9} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {F300C218-89BA-47AC-99C4-A499AAD09186} - System32\Tasks\Opera scheduled Autoupdate 1405620264 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-25] (Opera Software)
Task: {F3A9BD18-852E-41E0-95D9-58F735FD8939} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002Core => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002Core.job => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002UA.job => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-24 19:10 - 2013-04-24 19:10 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-02 12:55 - 2013-09-02 12:55 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-09-02 12:55 - 2013-09-02 12:55 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-01-24 02:24 - 2014-01-24 02:24 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-24 02:21 - 2014-01-24 02:21 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-24 02:27 - 2014-01-24 02:27 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-09-18 02:23 - 2014-09-18 02:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 13:51 - 2014-10-14 13:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 02:23 - 2014-09-18 02:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 13:51 - 2014-10-14 13:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-04-24 19:10 - 2013-04-24 19:10 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-19 19:56 - 2014-11-19 19:56 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111901\algo.dll
2014-12-04 18:32 - 2014-12-04 18:32 - 00098816 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32api.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00110080 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\pywintypes27.dll
2014-12-04 18:32 - 2014-12-04 18:32 - 00364544 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\pythoncom27.dll
2014-12-04 18:32 - 2014-12-04 18:32 - 00045568 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\_socket.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 01160704 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\_ssl.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00320512 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32com.shell.shell.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00713216 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\_hashlib.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 01175040 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\wx._core_.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00805888 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\wx._gdi_.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00811008 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\wx._windows_.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 01062400 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\wx._controls_.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00735232 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\wx._misc_.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00128512 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\_elementtree.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00127488 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\pyexpat.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00557056 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\pysqlite2._sqlite.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00087552 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\_ctypes.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00119808 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32file.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00108544 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32security.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00007168 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\hashobjs_ext.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00167936 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32gui.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00018432 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32event.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00038912 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32inet.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00011264 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32crypt.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00070656 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\wx._html2.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00027136 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\_multiprocessing.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00035840 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32process.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00686080 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\unicodedata.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00122368 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\wx._wizard.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00024064 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32pipe.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00025600 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32pdh.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00525640 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\windows._lib_cacheinvalidation.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00010240 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\select.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00017408 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32profile.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00022528 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\win32ts.pyd
2014-12-04 18:32 - 2014-12-04 18:32 - 00078336 _____ () C:\Users\Benjamin\AppData\Local\Temp\_MEI54322\wx._animate.pyd
2014-12-04 18:33 - 2014-12-04 18:33 - 00043008 _____ () c:\users\benjamin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfex1th.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-30 17:32 - 2014-10-30 17:32 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-22 17:10 - 2014-11-15 17:54 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Benjamin\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Benjamin\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-137688557-3577635493-2510575898-500 - Administrator - Disabled)
Benjamin (S-1-5-21-137688557-3577635493-2510575898-1002 - Administrator - Enabled) => C:\Users\Benjamin
Guest (S-1-5-21-137688557-3577635493-2510575898-501 - Limited - Enabled) => C:\Users\Guest

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2014 11:20:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a08

Start Time: 01d0104219aa5a1d

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 0ca5f0bb-7c36-11e4-bebb-208984f71463

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 10:31:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a94

Start Time: 01d0103b4a36081e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 3e36c01e-7c2f-11e4-bebb-208984f71463

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 10:05:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13c0

Start Time: 01d01037a5fa2f66

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 9a39a475-7c2b-11e4-bebb-208984f71463

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 09:35:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a8

Start Time: 01d0103375281d0d

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 69567b2b-7c27-11e4-bebb-208984f71463

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 08:52:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 790

Start Time: 01d0102d72a5869a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6672c228-7c21-11e4-bebb-208984f71463

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 08:33:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19e8

Start Time: 01d0102abd776dcf

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: b15f856d-7c1e-11e4-bebb-208984f71463

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 08:05:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b64

Start Time: 01d01026e2770f0a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: d5f35da8-7c1a-11e4-bebb-208984f71463

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 07:36:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 788

Start Time: 01d01022b16b8a9e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: a53f2cc1-7c16-11e4-bebb-208984f71463

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 06:58:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a64

Start Time: 01d0101d7a22f076

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6e17bc55-7c11-11e4-bebb-208984f71463

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 06:53:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 124c

Start Time: 01d0101c661e2054

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 5b5f7d3b-7c10-11e4-bebb-208984f71463

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (12/03/2014 11:29:52 PM) (Source: DCOM) (EventID: 10010) (User: G505S)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/03/2014 11:29:51 PM) (Source: DCOM) (EventID: 10010) (User: G505S)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/03/2014 11:29:51 PM) (Source: DCOM) (EventID: 10010) (User: G505S)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/03/2014 11:29:50 PM) (Source: DCOM) (EventID: 10010) (User: G505S)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/03/2014 11:29:50 PM) (Source: DCOM) (EventID: 10010) (User: G505S)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/03/2014 11:29:50 PM) (Source: DCOM) (EventID: 10010) (User: G505S)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/03/2014 11:29:49 PM) (Source: DCOM) (EventID: 10010) (User: G505S)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/03/2014 08:25:35 AM) (Source: DCOM) (EventID: 10010) (User: G505S)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (12/01/2014 10:35:02 PM) (Source: DCOM) (EventID: 10010) (User: G505S)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (11/28/2014 00:30:45 PM) (Source: DCOM) (EventID: 10010) (User: G505S)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca


Microsoft Office Sessions:
=========================
Error: (12/04/2014 11:20:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891a0801d0104219aa5a1d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe0ca5f0bb-7c36-11e4-bebb-208984f71463microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 10:31:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689a9401d0103b4a36081e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe3e36c01e-7c2f-11e4-bebb-208984f71463microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 10:05:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068913c001d01037a5fa2f664294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe9a39a475-7c2b-11e4-bebb-208984f71463microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 09:35:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891a801d0103375281d0d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe69567b2b-7c27-11e4-bebb-208984f71463microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 08:52:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068979001d0102d72a5869a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe6672c228-7c21-11e4-bebb-208984f71463microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 08:33:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068919e801d0102abd776dcf4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeb15f856d-7c1e-11e4-bebb-208984f71463microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 08:05:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689b6401d01026e2770f0a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed5f35da8-7c1a-11e4-bebb-208984f71463microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 07:36:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068978801d01022b16b8a9e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exea53f2cc1-7c16-11e4-bebb-208984f71463microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 06:58:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891a6401d0101d7a22f0764294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe6e17bc55-7c11-11e4-bebb-208984f71463microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/04/2014 06:53:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689124c01d0101c661e20544294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe5b5f7d3b-7c10-11e4-bebb-208984f71463microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


CodeIntegrity Errors:
===================================
  Date: 2014-10-29 21:41:22.172
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-29 21:40:27.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-29 21:40:27.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-29 21:40:27.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) a

Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Okay, I'm terribly sorry, I guess it's too late for me. While trying to get attachments enabled, the forum kind of froze on me, and then my post was posted already and I can't seem to find a way to edit my posts. So to not increase the length of this thread even more, I attached ALL THREE logs for my Win 8.1 laptop as attachments. I really feel like an idiot now.

Thanks for bearing with me, and good night for real now.

- Ben

FRST.txt

Addition.txt

TDSSKiller.3.0.0.41_04.12.2014_23.27.48_log.txt

Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Hi Adam,

That's correct, one PC with Win 7, one old Vista laptop (I did not turn that on since Tuesday night and I actually wanted to get rid of it) and one laptop win Win 8.1 that was going to replace my old laptop.

Then there's my Android phone where I had the popup too, but I don't know if it is affected by the redirects because I didn't test it for long enough.

 

As a side note, I think my modem might be dying of old age, it's over 5 years old. It usually worked like a charm, but every now and then, and twice since Wednesday, devices connected with cable couldn't establish an internet connection until one or two reboots of the modem. I did not use the WLAN function since the factory reset yesterday. Maybe it's not old age but related to my current issues though, I can't be certain and I don't have a spare modem to check (also, I'm not sure if replacing the modem would just transfer my whole issue).

 

I'll be home late after work tonight again. Thanks again,

Ben

Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Hi Adam,

I'm sorry for complicating everything with all my devices. I understand it's getting too confusing like that. I guess I'm feeling rather uneasy about this whole thing going on :( Attached here are the logs of my Vista laptop. Let's focus on the Win 7 PC from now on.

Thank you for your patience,

Ben

Addition.txt

FRST.txt

TDSSKiller.3.0.0.41_05.12.2014_19.46.28_log.txt

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Ben, 

 

The Vista machine is the worst of the three, so this is where we'll start. 

 

The following instructions must only be performed on the VISTA machine. 

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKLM\...\Run: [] => [X]HKU\S-1-5-21-846818328-320699065-2579942663-1000\...\MountPoints2: {d6c05e4f-15bf-11df-9101-001f16dfecd7} - F:\v1oy9a2u.exeHKU\S-1-5-21-846818328-320699065-2579942663-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No FileSearchScopes: HKLM -> DefaultScope {0974A2D1-7956-4285-9AF6-5B92DC5BFF35} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDFSearchScopes: HKLM -> {0974A2D1-7956-4285-9AF6-5B92DC5BFF35} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDFSearchScopes: HKLM -> {1C7EF80C-8BFF-42C4-93BD-601A7312DAC1} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahplSearchScopes: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> {0974A2D1-7956-4285-9AF6-5B92DC5BFF35} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> {1C7EF80C-8BFF-42C4-93BD-601A7312DAC1} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahplToolbar: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No FileToolbar: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No FileToolbar: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No FileFF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\f7gdsli0.default\searchplugins\11-suche.undefined.undefinedFF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\f7gdsli0.default\searchplugins\11-suche.xmlFF Extension: No Name - wrc@avast.com [Not Found]CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No PathS3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 StarOpen; No ImagePathC:\Users\Benjamin\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exeC:\Users\Benjamin\AppData\Local\Temp\2dcd1d63cb45e6613582211c3d5f4b23.exeC:\Users\Benjamin\AppData\Local\Temp\AskSLib.dllC:\Users\Benjamin\AppData\Local\Temp\DivXSetup.exeC:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8tkcu4.dllC:\Users\Benjamin\AppData\Local\Temp\iTunesPluginWinSetup_3.0.4.0.exeC:\Users\Benjamin\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exeC:\Users\Benjamin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exeC:\Users\Benjamin\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exeC:\Users\Benjamin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\Benjamin\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exeC:\Users\Benjamin\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exeC:\Users\Benjamin\AppData\Local\Temp\Last.fm-2.1.33.exeC:\Users\Benjamin\AppData\Local\Temp\msvcp110.dllC:\Users\Benjamin\AppData\Local\Temp\msvcr110.dllC:\Users\Benjamin\AppData\Local\Temp\pc-decrapifier.exeC:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exeC:\Users\Benjamin\AppData\Local\Temp\sqlite3.dllC:\Users\Benjamin\AppData\Local\Temp\stubhelper.dllC:\Users\Benjamin\AppData\Local\Temp\Uninstall.exeC:\Users\Benjamin\AppData\Local\Temp\UninstallEADM.dllC:\Users\Benjamin\AppData\Local\Temp\_is2857.exeC:\Users\Benjamin\AppData\Local\Temp\_is539B.exeC:\Users\Benjamin\AppData\Local\Temp\_is91A4.exeC:\Users\Benjamin\AppData\Local\Temp\_isD529.exeCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.5\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.23.9\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{76D0CB12-7604-4048-B83C-1005C7DDC503}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.15\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.165\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.115\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.22.5\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.111\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.7\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}\InprocServer32 -> No File PathHKU\S-1-5-21-846818328-320699065-2579942663-1000\Software\Classes\.exe:  =>  <===== ATTENTION!CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 3
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x32) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • ComboFix.txt
  • RKreport.txt
Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

I followed your steps on the VISTA laptop, please find the logs below.

On a side note, I didn't encounter the initial pop-up lately, only the browser redirects. I don't know if this means anything though.

Thanks!

 

 

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2014
Ran by Benjamin at 2014-12-06 10:44:18 Run:1
Running from C:\Users\Benjamin\desktop
Loaded Profile: Benjamin (Available profiles: Benjamin & Mcx1 & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-846818328-320699065-2579942663-1000\...\MountPoints2: {d6c05e4f-15bf-11df-9101-001f16dfecd7} - F:\v1oy9a2u.exe
HKU\S-1-5-21-846818328-320699065-2579942663-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
SearchScopes: HKLM -> DefaultScope {0974A2D1-7956-4285-9AF6-5B92DC5BFF35} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM -> {0974A2D1-7956-4285-9AF6-5B92DC5BFF35} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM -> {1C7EF80C-8BFF-42C4-93BD-601A7312DAC1} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> {0974A2D1-7956-4285-9AF6-5B92DC5BFF35} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> {1C7EF80C-8BFF-42C4-93BD-601A7312DAC1} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
Toolbar: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\f7gdsli0.default\searchplugins\11-suche.undefined.undefined
FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\f7gdsli0.default\searchplugins\11-suche.xml
FF Extension: No Name - wrc@avast.com [Not Found]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 StarOpen; No ImagePath
C:\Users\Benjamin\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\Benjamin\AppData\Local\Temp\2dcd1d63cb45e6613582211c3d5f4b23.exe
C:\Users\Benjamin\AppData\Local\Temp\AskSLib.dll
C:\Users\Benjamin\AppData\Local\Temp\DivXSetup.exe
C:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8tkcu4.dll
C:\Users\Benjamin\AppData\Local\Temp\iTunesPluginWinSetup_3.0.4.0.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\Last.fm-2.1.33.exe
C:\Users\Benjamin\AppData\Local\Temp\msvcp110.dll
C:\Users\Benjamin\AppData\Local\Temp\msvcr110.dll
C:\Users\Benjamin\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Benjamin\AppData\Local\Temp\sqlite3.dll
C:\Users\Benjamin\AppData\Local\Temp\stubhelper.dll
C:\Users\Benjamin\AppData\Local\Temp\Uninstall.exe
C:\Users\Benjamin\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Benjamin\AppData\Local\Temp\_is2857.exe
C:\Users\Benjamin\AppData\Local\Temp\_is539B.exe
C:\Users\Benjamin\AppData\Local\Temp\_is91A4.exe
C:\Users\Benjamin\AppData\Local\Temp\_isD529.exe
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{76D0CB12-7604-4048-B83C-1005C7DDC503}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}\InprocServer32 -> No File Path
HKU\S-1-5-21-846818328-320699065-2579942663-1000\Software\Classes\.exe:  =>  <===== ATTENTION!
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6c05e4f-15bf-11df-9101-001f16dfecd7}" => Key deleted successfully.
"HKCR\CLSID\{d6c05e4f-15bf-11df-9101-001f16dfecd7}" => Key not found.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
"HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0974A2D1-7956-4285-9AF6-5B92DC5BFF35}" => Key deleted successfully.
"HKCR\CLSID\{0974A2D1-7956-4285-9AF6-5B92DC5BFF35}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1C7EF80C-8BFF-42C4-93BD-601A7312DAC1}" => Key deleted successfully.
"HKCR\CLSID\{1C7EF80C-8BFF-42C4-93BD-601A7312DAC1}" => Key not found.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0974A2D1-7956-4285-9AF6-5B92DC5BFF35}" => Key deleted successfully.
"HKCR\CLSID\{0974A2D1-7956-4285-9AF6-5B92DC5BFF35}" => Key not found.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1C7EF80C-8BFF-42C4-93BD-601A7312DAC1}" => Key deleted successfully.
"HKCR\CLSID\{1C7EF80C-8BFF-42C4-93BD-601A7312DAC1}" => Key not found.
HKU\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
HKU\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
HKU\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\f7gdsli0.default\searchplugins\11-suche.undefined.undefined => Moved successfully.
C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\f7gdsli0.default\searchplugins\11-suche.xml => Moved successfully.
FF Extension: No Name - wrc@avast.com [Not Found] => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
StarOpen => Service deleted successfully.
C:\Users\Benjamin\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\2dcd1d63cb45e6613582211c3d5f4b23.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\DivXSetup.exe => Moved successfully.
"C:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8tkcu4.dll" => File/Directory not found.
C:\Users\Benjamin\AppData\Local\Temp\iTunesPluginWinSetup_3.0.4.0.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\Last.fm-2.1.33.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\msvcp110.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\msvcr110.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\pc-decrapifier.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\Uninstall.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\UninstallEADM.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\_is2857.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\_is539B.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\_is91A4.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\_isD529.exe => Moved successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{76D0CB12-7604-4048-B83C-1005C7DDC503}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{E3E478D6-A2F2-4791-89A3-21F5C78DC3EC}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}" => Key deleted successfully.
"HKU\S-1-5-21-846818328-320699065-2579942663-1000\Software\Classes\.exe" => Key deleted successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
A reboot is required to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Echo Request, OK!
A reboot is required to complete this action.


========= End of CMD: =========

EmptyTemp: => Removed 2.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

ComboFix

ComboFix 14-12-04.01 - Benjamin 06/12/2014  11:16:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.2814.1312 [GMT -5:00]
Running from: c:\users\Benjamin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\ntuser.pol
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-06 to 2014-12-06  )))))))))))))))))))))))))))))))
.
.
2014-12-06 16:36 . 2014-12-06 16:37    --------    d-----w-    c:\users\Benjamin\AppData\Local\temp
2014-12-06 16:36 . 2014-12-06 16:36    --------    d-----w-    c:\users\Mcx1\AppData\Local\temp
2014-12-06 16:36 . 2014-12-06 16:36    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2014-12-06 16:36 . 2014-12-06 16:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-12-06 00:38 . 2014-12-06 15:59    --------    d-----w-    C:\FRST
2014-12-05 23:56 . 2014-11-02 04:17    8941456    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C99986FC-2BAD-4617-B11D-DE350639458C}\mpengine.dll
2014-11-22 03:20 . 2014-10-24 01:03    499200    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-15 18:23 . 2014-10-10 01:00    146432    ----a-w-    c:\windows\system32\msaudite.dll
2014-11-15 18:23 . 2014-10-09 23:22    619520    ----a-w-    c:\windows\system32\adtschema.dll
2014-11-15 18:22 . 2014-10-10 01:01    449536    ----a-w-    c:\windows\system32\termsrv.dll
2014-11-15 18:22 . 2014-10-10 01:00    1259008    ----a-w-    c:\windows\system32\lsasrv.dll
2014-11-15 18:22 . 2014-08-27 00:55    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-11-15 18:22 . 2014-08-27 00:55    1249280    ----a-w-    c:\windows\system32\msxml3.dll
2014-11-15 18:21 . 2014-09-19 00:50    278528    ----a-w-    c:\windows\system32\schannel.dll
2014-11-15 18:20 . 2014-10-24 01:04    67072    ----a-w-    c:\windows\system32\packager.dll
2014-11-15 18:19 . 2014-08-12 02:25    729600    ----a-w-    c:\windows\system32\IMJP10K.DLL
2014-11-15 18:19 . 2014-10-03 01:17    396800    ----a-w-    c:\windows\system32\AudioEng.dll
2014-11-15 18:19 . 2014-10-03 01:17    316928    ----a-w-    c:\windows\system32\audiosrv.dll
2014-11-15 18:19 . 2014-10-03 01:18    274432    ----a-w-    c:\windows\system32\AUDIOKSE.dll
2014-11-15 18:19 . 2014-10-03 01:17    170496    ----a-w-    c:\windows\system32\EncDump.dll
2014-11-15 18:18 . 2014-10-18 01:08    564224    ----a-w-    c:\windows\system32\oleaut32.dll
2014-11-15 17:58 . 2014-10-12 23:34    2054656    ----a-w-    c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-03 01:19 . 2012-04-10 11:53    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-12-03 01:19 . 2011-05-17 11:48    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-24 19:04 . 2009-10-03 14:43    229000    ------w-    c:\windows\system32\MpSigStub.exe
2014-11-22 02:56 . 2013-05-20 22:17    787800    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-11-22 02:55 . 2013-05-20 22:17    423784    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-11-01 03:26 . 2013-05-20 22:17    70384    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2014-10-30 00:51 . 2014-08-02 17:08    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-10-30 00:51 . 2013-05-20 22:17    55240    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2014-10-30 00:51 . 2013-05-20 22:17    57928    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-10-30 00:51 . 2013-05-20 22:17    206248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-10-30 00:51 . 2013-05-20 22:17    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-10-30 00:51 . 2014-10-30 00:51    291352    ----a-w-    c:\windows\system32\aswBoot.exe
2014-10-30 00:51 . 2014-10-30 00:51    43152    ----a-w-    c:\windows\avastSS.scr
2014-10-30 00:36 . 2010-06-24 16:33    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-30 00:51    723976    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-01 5223016]
.
c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 01:19]
.
2014-12-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-09-13 14:32]
.
2014-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-05 01:27]
.
2014-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-05 01:27]
.
2014-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000Core.job
- c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 23:28]
.
2014-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000UA.job
- c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 23:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\f7gdsli0.default\
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MsgCenterExe - c:\program files\Real\RealPlayer\update\RealOneMessageCenter.exe
HKCU-Run-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-06 11:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-12-06  11:40:33
ComboFix-quarantined-files.txt  2014-12-06 16:40
.
Pre-Run: 96,183,640,064 bytes free
Post-Run: 95,960,723,456 bytes free
.
- - End Of File - - 851583064A0824C1EAE4BB282001AAD0
588AE8F0C685C02BA11F30D9CD7E61A0
 

 

 

RKreport_SCN_12062014_115724

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Benjamin [Administrator]
Mode : Scan -- Date : 12/06/2014  11:57:24

¤¤¤ Processes : 1 ¤¤¤
[PUP] (SVC) ICQ Service -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe[7] -> Stopped

¤¤¤ Registry : 26 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} -> Found
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Benjamin\AppData\Local\Temp\catchme.sys) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ICQ Service (C:\Program Files\ICQ6Toolbar\ICQ Service.exe) -> Found
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\ComboFix\mbr.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Benjamin\AppData\Local\Temp\catchme.sys) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ICQ Service (C:\Program Files\ICQ6Toolbar\ICQ Service.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ICQ Service (C:\Program Files\ICQ6Toolbar\ICQ Service.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ICQ Service (C:\Program Files\ICQ6Toolbar\ICQ Service.exe) -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Presario&pf=cnnb -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.icq.com/ -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHelp20 @ Unknown (\SystemRoot\system32\drivers\ulsata.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] f7gdsli0.default : user_pref("browser.startup.homepage", "http://www.facebook.com/home.php");-> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] 56a07edc412f22f3bcd4c34b6711461d
[bSP] efcad5e859ff049d1c4486b4aa52d819 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 227498 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 465917952 | Size: 10973 MB
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Ben, 
 
Please work your way through the following instructions on your Vista machine. 
 
STEP 1
b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 5
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================

STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did your browsers reset OK?
  • AdwCleaner[s0].txt
  • JRT.txt
  • MBAM log
  • ESET log
Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Hi Adam, just a quick question to make sure before I start with those steps: I'm resetting ALL browsers on the machine, right? I currently have IE, Firefox, Chrome and Opera installed.

Thanks for sacrificing parts of your weekend to assist me. Your help is greatly appreciated. I'll post back later once I ran all the checks.

Cheers, Ben

Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Hi Adam,
The browsers were all reset to standard successfully. I followed all the steps and pasted the logs below.

One question: Should I leave Malwarebytes installed and running for the remainder of the process? Or uninstall it again? So far it's still running and it blocked several malicious websites while ESET was downloading its definitions. No browser was open at that time. Those are the objects it blocked:

Malicious Website Protection, IP, 67.212.88.10, kickass.to, 0, Outbound

Malicious Website Protection, IP, 5.150.195.169, 0427d7.se, 0, Outbound

Malicious Website Protection, IP, 119.145.147.181, mama.cn, 0, Outbound

Malicious Website Protection, IP, 91.98.28.98, digikala.com, 0, Outbound

 

Whenever we're done with the Vista machine, can we switch to the Win8.1? Unless there's any indication the Win7 is more urgent of course. Thanks and have a good Sunday,
Ben

 

 

AdwCleaner[s0]

# AdwCleaner v4.104 - Report created 06/12/2014 at 17:10:50
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Benjamin - BLACKEMPEROR
# Running from : C:\Users\Benjamin\desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : ICQ Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Users\Benjamin\AppData\Local\Video downloader
File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5dgiowsj.default\searchplugins\icqplugin.gif
File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5dgiowsj.default\searchplugins\icqplugin.src

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Video downloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video downloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592


-\\ Mozilla Firefox v34.0 (x86 en-US)

[5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.engineVerified", true);
[5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.history", "test");
[5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
[5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.previousFFVersion", "3.5.7");
[5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
[5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.uniqueID", "126305795012630579491263057956387");
[5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1263057962);
[5dgiowsj.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.version", "1.1.5");
[5dgiowsj.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");

-\\ Google Chrome v

[C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
[C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://start.icq.com/

*************************

AdwCleaner[R0].txt - [4515 octets] - [06/12/2014 17:06:05]
AdwCleaner[s0].txt - [4601 octets] - [06/12/2014 17:10:50]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4661 octets] ##########
 

 

 

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows Vista Home Premium x86
Ran by Benjamin on 06/12/2014 at 17:18:06.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Benjamin\appdata\local\{85DAEE0C-2E9D-4653-A8B3-5C4B1E554DA5}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/12/2014 at 17:22:44.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/12/2014
Scan Time: 17:33:31
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.06.11
Rootkit Database: v2014.12.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Benjamin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 400540
Time Elapsed: 32 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Adware.ADON, C:\Users\Benjamin\Installer\agsetup183se.exe, Quarantined, [a9ceb2acdf9d5bdbd5ad5516ad58e818],
PUP.Optional.OpenCandy, C:\Users\Benjamin\Installer\winamp5581_full_emusic-7plus_en-us.exe, Quarantined, [3542f8663b412d09fddaa4e5ad582dd3],
PUP.Optional.OpenCandy, C:\Users\Benjamin\Installer\winamp5601_full_emusic-7plus_en-us.exe, Quarantined, [3344243a53293df9d106a6e335d0669a],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

ESET

C:\FRST\Quarantine\C\Users\Benjamin\AppData\Local\Temp\2dcd1d63cb45e6613582211c3d5f4b23.exe.xBAD    Win32/OpenCandy potentially unsafe application
C:\FRST\Quarantine\C\Users\Benjamin\AppData\Local\Temp\AskSLib.dll.xBAD    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\ICQ7.6\install_dll\OCSetupHlp.dll    Win32/OpenCandy potentially unsafe application
C:\Users\Benjamin\Installer\cdbxp_setup_4.3.7.2356.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Benjamin\Installer\PFCSetup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Benjamin\Installer\vso_image_resizer2_setup.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
 

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Ben, 
 
Please delete these files:

  • C:\Users\Benjamin\Installer\cdbxp_setup_4.3.7.2356.exe
  • C:\Users\Benjamin\Installer\PFCSetup.exe
  • C:\Users\Benjamin\Installer\vso_image_resizer2_setup.exe 
     

Using your Vista machine:

  • Please open Malwarebytes Anti-Malware
  • Click History, followed by Application Logs
  • Open the Protection Log that contains the recent blocks. 
  • Click Export File, select .txt file. Attach this file in your next reply.
     

Then rerun an FRST scan on the Vista machine. 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Hi Adam,

 

I manually deleted the three files you pointed out. Here are the latest FRST logs, and the MBAM protection log is attached.

Thanks,,

Ben

 

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by Benjamin (administrator) on BLACKEMPEROR on 07-12-2014 09:46:39
Running from C:\Users\Benjamin\desktop
Loaded Profile: Benjamin (Available profiles: Benjamin & Mcx1 & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Sony Corporation) C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Dropbox, Inc.) C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [updateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [updateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [updatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-31] (AVAST Software)
Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-846818328-320699065-2579942663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-846818328-320699065-2579942663-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-846818328-320699065-2579942663-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\xhefu3h3.default-1417903410248
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-846818328-320699065-2579942663-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-846818328-320699065-2579942663-1000: @talk.google.com/O1DPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-846818328-320699065-2579942663-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-846818328-320699065-2579942663-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-12-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-20]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll No File
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Google Update) - C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Quickrr World Clock) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnbnekhpkkfaobjalnhdoofajkghidp [2012-04-12]
CHR Extension: (Angry Birds) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-02-05]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-12]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-12]
CHR Extension: (AdBlock) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-04-12]
CHR Extension: (Avast Online Security) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-18]
CHR Extension: (Google Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-29] (AVAST Software)
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-10-31] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-10-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-10-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-10-29] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Benjamin\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 09:46 - 2014-12-07 09:47 - 00017875 _____ () C:\Users\Benjamin\desktop\FRST.txt
2014-12-07 09:46 - 2014-12-07 09:46 - 00000000 ____D () C:\Users\Benjamin\desktop\FRST-OlderVersion
2014-12-06 18:21 - 2014-12-06 18:21 - 02347384 _____ (ESET) C:\Users\Benjamin\desktop\esetsmartinstaller_enu.exe
2014-12-06 17:32 - 2014-12-07 09:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-06 17:32 - 2014-12-06 17:32 - 00000859 _____ () C:\Users\Public\desktop\Malwarebytes Anti-Malware.lnk
2014-12-06 17:32 - 2014-12-06 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 17:32 - 2014-12-06 17:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-06 17:32 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-06 17:32 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-06 17:32 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-06 17:30 - 2014-12-06 17:30 - 00000795 _____ () C:\Users\Benjamin\desktop\Malware Issue - Shortcut.lnk
2014-12-06 17:17 - 2014-12-06 17:17 - 00000000 ____D () C:\Windows\ERUNT
2014-12-06 17:16 - 2014-12-06 17:16 - 01707646 _____ (Thisisu) C:\Users\Benjamin\desktop\JRT.exe
2014-12-06 17:05 - 2014-12-06 17:10 - 00000000 ____D () C:\AdwCleaner
2014-12-06 17:05 - 2014-12-06 17:05 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-06 17:04 - 2014-12-06 17:04 - 02153472 _____ () C:\Users\Benjamin\desktop\AdwCleaner.exe
2014-12-06 17:03 - 2014-12-06 17:03 - 00000000 ____D () C:\Users\Benjamin\desktop\Old Firefox Data
2014-12-06 16:51 - 2014-12-06 16:51 - 00000000 ____D () C:\SuV5.6
2014-12-06 11:47 - 2014-12-06 11:47 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-06 11:47 - 2014-12-06 11:47 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-06 11:46 - 2014-12-06 11:46 - 15196248 _____ () C:\Users\Benjamin\desktop\RogueKiller.exe
2014-12-06 11:40 - 2014-12-06 11:40 - 00010347 _____ () C:\ComboFix.txt
2014-12-06 11:12 - 2014-12-06 11:40 - 00000000 ____D () C:\Qoobox
2014-12-06 11:12 - 2014-12-06 11:40 - 00000000 ____D () C:\ComboFix
2014-12-06 11:12 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-06 11:12 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-06 11:12 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-06 11:12 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-06 11:12 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-06 11:12 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-06 11:12 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-06 11:12 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-06 11:11 - 2014-12-06 11:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-06 11:08 - 2014-12-06 11:08 - 05600479 ____R (Swearware) C:\Users\Benjamin\desktop\ComboFix.exe
2014-12-06 10:42 - 2014-12-07 09:46 - 01111040 _____ (Farbar) C:\Users\Benjamin\desktop\FRST.exe
2014-12-05 19:38 - 2014-12-07 09:46 - 00000000 ____D () C:\FRST
2014-12-05 19:03 - 2014-12-05 19:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-21 22:20 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-15 13:23 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-15 13:23 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-15 13:22 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-15 13:22 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-15 13:22 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-15 13:22 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-15 13:21 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-15 13:20 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-15 13:19 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-15 13:19 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-15 13:19 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-15 13:19 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-15 13:19 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-15 13:18 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-15 12:58 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-15 12:34 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-15 12:34 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-15 12:34 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-15 12:34 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-15 12:34 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-15 12:34 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-15 12:34 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-15 12:34 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-15 12:34 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-15 12:34 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-15 12:34 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-15 12:34 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-15 12:34 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-15 12:34 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-15 12:34 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-15 12:34 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-15 12:34 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-15 12:34 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-15 12:34 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-15 12:34 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-15 12:34 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 09:39 - 2009-07-23 15:06 - 01297258 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 09:37 - 2009-08-15 22:19 - 00000000 ___RD () C:\Users\Benjamin\Documents\My Dropbox
2014-12-07 09:37 - 2009-08-15 22:07 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Dropbox
2014-12-07 09:31 - 2013-02-04 20:27 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-07 09:31 - 2010-09-12 19:40 - 00000318 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-12-07 09:31 - 2009-08-16 19:02 - 00179254 _____ () C:\ProgramData\nvModes.dat
2014-12-07 09:31 - 2009-08-16 19:02 - 00179254 _____ () C:\ProgramData\nvModes.001
2014-12-07 09:28 - 2008-01-20 21:47 - 00253410 _____ () C:\Windows\PFRO.log
2014-12-07 09:28 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 09:28 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-07 09:28 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-06 21:57 - 2006-11-02 08:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-06 21:19 - 2012-09-22 16:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-06 21:19 - 2012-04-12 18:28 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000UA.job
2014-12-06 18:19 - 2012-04-10 06:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-06 18:19 - 2011-05-17 06:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-06 17:32 - 2012-11-21 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-06 17:10 - 2009-08-16 16:38 - 00000000 ____D () C:\ProgramData\ICQ
2014-12-06 12:19 - 2012-04-12 18:28 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000Core.job
2014-12-06 11:40 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-12-06 11:40 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-12-06 11:37 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-12-06 10:31 - 2012-05-02 18:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-02 19:44 - 2009-08-15 22:08 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-02 19:44 - 2006-11-02 05:33 - 01496184 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 14:04 - 2009-10-03 09:43 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 22:42 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-11-21 21:56 - 2013-05-20 17:17 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 21:55 - 2013-05-20 17:17 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-21 21:49 - 2013-02-04 20:27 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 21:49 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-15 13:34 - 2006-11-02 07:47 - 01679168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 13:30 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-11-15 13:11 - 2013-08-13 21:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 13:00 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-15 12:19 - 2009-08-15 16:16 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Mozilla

Some content of TEMP:
====================
C:\Users\Benjamin\AppData\Local\temp\dllnt_dump.dll
C:\Users\Benjamin\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4cbxuy.dll
C:\Users\Benjamin\AppData\Local\temp\Quarantine.exe
C:\Users\Benjamin\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-07 09:35

==================== End Of Log ============================

 

 

 

Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2014 01
Ran by Benjamin at 2014-12-07 09:47:52
Running from C:\Users\Benjamin\desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510nz_Help_Web (Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510nz_web (Version: 000.0.439.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
Audiograbber MP3 Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2206 - AVAST Software)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco AnyConnect VPN Client (HKLM\...\{A96D580D-00C3-43BF-BFDD-F701E779E5CB}) (Version: 2.2.0136 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
Content Transfer (HKLM\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2029 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-846818328-320699065-2579942663-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Eraser 5.8.7 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.8.7 - The Eraser Project)
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Glary Utilities 2.28.0.1011 (HKLM\...\Glary Utilities_is1) (Version: 2.28.0.1011 - Glarysoft Ltd)
Google Chrome (HKU\S-1-5-21-846818328-320699065-2579942663-1000\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP Officejet 4500 G510n-z (HKLM\...\{F27CFD16-939A-4232-98CD-180898D14713}) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
ICQ7.6 (HKLM\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
Last.fm Scrobbler 2.1.33 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Magic Workstation 0.94f (HKLM\...\Magic Workstation_is1) (Version:  - Magic Technology)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 2.0 (HKLM\...\{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}) (Version: 2.0.11128.1 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTG GamePack for Magic Workstation (HKLM\...\MTG GamePack for Magic Workstation_is1) (Version:  - Magic Technology)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Network (Version: 130.0.550.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NWZ-E340 WALKMAN Guide (HKLM\...\{E33956B7-301C-429D-9E6C-2C12EACB8A62}) (Version: 2.0.00.07010 - Sony Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PFConfig 1.0.296 (HKLM\...\PFConfig) (Version: 1.0.296 - Portforward.com)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
Primo (Version: 1.00.0000 - Your Company Name) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.01.15030 - Sony Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
TmUnitedForever StarEdition (HKLM\...\TmUnitedForever_is1) (Version:  - Nadeo)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vista Icon Pack ST (HKLM\...\Vista Icon Pack ST_is1) (Version:  - )
VoipStunt (HKLM\...\VoipStunt_is1) (Version: 4.03 build 543 - Finarea S.A. Switzerland)
VSO Image Resizer 2.2.2.1 (HKLM\...\{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1) (Version: 2.2.2.1 - VSO-Software)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Application Detect (HKU\S-1-5-21-846818328-320699065-2579942663-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\ACTXPRXY.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-846818328-320699065-2579942663-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

19-09-2014 23:08:22 Windows Update
30-10-2014 00:41:09 Windows Update
30-10-2014 00:46:10 avast! antivirus system restore point
30-10-2014 00:54:31 Language Pack Removal
30-10-2014 01:33:04 Windows Update
31-10-2014 01:28:38 Language Pack Removal
01-11-2014 03:39:25 Language Pack Removal
02-11-2014 19:20:18 Language Pack Removal
05-11-2014 00:55:47 Windows Update
08-11-2014 22:35:01 Windows Update
08-11-2014 22:42:41 Language Pack Removal
15-11-2014 17:33:38 Windows Update
15-11-2014 17:58:25 Windows Update
22-11-2014 03:03:05 Language Pack Removal
22-11-2014 03:06:25 Windows Update
22-11-2014 03:19:38 Windows Update
03-12-2014 00:54:03 Windows Update
03-12-2014 01:02:26 Language Pack Removal
06-12-2014 15:48:47 Language Pack Removal
06-12-2014 16:26:29 Language Pack Removal
06-12-2014 21:59:32 Language Pack Removal
06-12-2014 22:47:19 Language Pack Removal
06-12-2014 23:33:10 Language Pack Removal
07-12-2014 14:45:11 Language Pack Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2014-12-06 11:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {007DDB33-75E1-48BC-ABD9-6C48CE476808} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-04] (Google Inc.)
Task: {116BFA48-1B7A-4B2E-ADFD-BC19AECB7BE7} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2010-09-09] (Glarysoft Ltd)
Task: {1E75D9FE-A4E9-407C-B6A6-6F396335E0C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-06] (Adobe Systems Incorporated)
Task: {2B5DE062-427A-44ED-B858-027424F2B991} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Benjamin => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {3345CAFA-7D43-4742-AE99-6CD4955B0394} - System32\Tasks\Timed Shutdown => shutdown
Task: {52598A0A-7919-414E-8551-CF0F23864448} - System32\Tasks\{A1A566E3-B9EF-4F20-BA43-AC61C0A608E8} => Firefox.exe http://ui.skype.com/ui/0/4.1.0.141/en/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12007&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {644B7431-7FB0-49A8-AE49-C0FE5708E737} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000Core => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
Task: {6520EF05-AA8F-4076-B901-9D286D2F0659} - System32\Tasks\{6D519E58-04AC-4F77-8457-A68DDEFF6EA7} => Firefox.exe http://ui.skype.com/ui/0/4.1.0.141/en/abandoninstall?source=lightinstaller&page=tsProblems&LastError=206&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {709227F4-350F-4EDA-A9EA-ACD02C572F48} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-846818328-320699065-2579942663-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {7A0EEDEB-5FFE-4B9F-9C9F-4BB6B6B691B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-04] (Google Inc.)
Task: {8E7BF267-DFCB-4DC4-A390-F0BAC356432E} - System32\Tasks\{148E9B18-33FD-418C-95B4-B8B60F7B70EF} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {ABB67554-9A56-46CE-B64B-A2D74AB039F4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-846818328-320699065-2579942663-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {B3B33D76-9350-4CE2-97AF-8951A76FB9CF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-29] (AVAST Software)
Task: {E008C75A-597C-4FFA-8ACA-369CE3B67A27} - System32\Tasks\{FF7F4FB1-E648-4149-8D5F-4519DF9D1E11} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.141&LastError=12029
Task: {E3DCEF1D-A1E0-4DA9-86CD-173FD8B4BBEC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000UA => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000Core.job => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-846818328-320699065-2579942663-1000UA.job => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-07 09:31 - 2014-12-07 09:31 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120700\algo.dll
2009-04-20 15:48 - 2008-10-06 11:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-20 15:48 - 2008-10-06 11:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2009-04-20 14:31 - 2008-09-15 09:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2013-10-25 20:06 - 2014-10-29 19:51 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-07 09:37 - 2014-12-07 09:37 - 00043008 _____ () c:\users\benjamin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4cbxuy.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\libcef.dll
2009-04-20 13:36 - 2008-04-11 11:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2014-12-05 19:04 - 2014-12-05 19:04 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-846818328-320699065-2579942663-500 - Administrator - Disabled)
Benjamin (S-1-5-21-846818328-320699065-2579942663-1000 - Administrator - Enabled) => C:\Users\Benjamin
Guest (S-1-5-21-846818328-320699065-2579942663-501 - Limited - Disabled) => C:\Users\Guest
Mcx1 (S-1-5-21-846818328-320699065-2579942663-1001 - Administrator - Enabled) => C:\Users\Mcx1

==================== Faulty Device Manager Devices =============

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2014 09:29:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2014 06:13:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2014 05:27:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/07/2014 09:46:08 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY)
Description: 0x800f0825fr-FR

Error: (12/07/2014 09:29:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/06/2014 06:36:54 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY)
Description: 0x800f0825fr-FR

Error: (12/06/2014 06:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/06/2014 05:50:13 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY)
Description: 0x800f0825fr-FR

Error: (12/06/2014 05:27:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (12/07/2014 09:29:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2014 06:13:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2014 05:27:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-12-07 09:47:41.310
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-07 09:47:40.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-07 09:47:39.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-07 09:47:38.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-07 09:30:41.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 20:50:48.719
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 18:15:50.669
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 17:43:29.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 17:43:28.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 17:43:27.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon Dual-Core QL-64
Percentage of memory in use: 51%
Total physical RAM: 2813.69 MB
Available physical RAM: 1374.71 MB
Total Pagefile: 5859.83 MB
Available Pagefile: 4343.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.17 GB) (Free:89.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.72 GB) (Free:1.81 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: A40BC8D5)
Partition 1: (Active) - (Size=222.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

MBAMProtectionLog.txt

Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Hi Adam, posting from my phone. The IDs were blocked starting at 18:23 on December 6th (see latest MBAM log in my previous post). At that moment, the only running programme was ESET, which had just started downloading virus definitions. No browser was open.

I exclusively used the Vista machine to follow your instructions and post here. I didn't encounter any pop-ups or redirecting but didn't browse except for downloading the tools you told me too.

My Win7 machine has been disconnected from the Internet for the last couple of days. I didn't use it.

My Win8.1 machine still gets redirects, but I didn't encounter pop-ups lately. I'm trying not to use it as much but still have to.

What would you suggest next? I will be traveling after December 15th and will need to bring my Win8.1 laptop with me for work. But I don't want to infect my family's networks and devices.

Thanks,

Ben

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Ben, 
 
Lets move on to your Windows 8.1 machine. 
 
Please work your way through the instructions below. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKLM-x32\...\Run: [] => [X]ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileSearchScopes: HKU\S-1-5-21-137688557-3577635493-2510575898-1002 -> DefaultScope {3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F} URL = SearchScopes: HKU\S-1-5-21-137688557-3577635493-2510575898-1002 -> {3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F} URL = Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No FileDPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} FF Extension: No Name - wrc@avast.com [Not Found]CHR HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No PathC:\Users\Benjamin\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exeC:\Users\Benjamin\AppData\Local\Temp\AutoRun.exeC:\Users\Benjamin\AppData\Local\Temp\AutoRunGUI.dllC:\Users\Benjamin\AppData\Local\Temp\bridj.dll1400041389159444002.dllC:\Users\Benjamin\AppData\Local\Temp\bridj.dll4930453768109546992.dllC:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfex1th.dllC:\Users\Benjamin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Benjamin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Benjamin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exeC:\Users\Benjamin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Benjamin\AppData\Local\Temp\sfamcc00001.dllC:\Users\Benjamin\AppData\Local\Temp\sfareca00001.dllC:\Users\Benjamin\AppData\Local\Temp\sfextra.dllC:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exeCustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No FileCMD: ipconfig /flushdnsCMD: netsh winsock reset allHosts:EmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 5
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

STEP 6
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 7
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • AdwCleaner[s0].txt
  • JRT.txt
  • MBAM log
  • RKreport.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Hi Adam, I followed all your steps on my Win 8.1 machine and posted the logs below.

 

Could you please quickly address these questions, unless it's it too early to make any assumptions:

Concerning the Vista machine, should I do some extensive browsing to see if the redirects still keep happening?

Do you consider it possible that my machines cross-infect each other once one has been "cleaned"? I'm still not sure how it could happen that all my machines started showing the same issues in short succession. Is there still the possibility that my router is somehow infected?

 

On with the Win 8.1 logs now. The forum considers my post too long, so I attached Addition.txt instead.

 

fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2014
Ran by Benjamin at 2014-12-08 18:30:02 Run:1
Running from C:\Users\Benjamin\Desktop
Loaded Profiles: Benjamin &  (Available profiles: Benjamin & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
SearchScopes: HKU\S-1-5-21-137688557-3577635493-2510575898-1002 -> DefaultScope {3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F} URL =
SearchScopes: HKU\S-1-5-21-137688557-3577635493-2510575898-1002 -> {3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
FF Extension: No Name - wrc@avast.com [Not Found]
CHR HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
C:\Users\Benjamin\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
C:\Users\Benjamin\AppData\Local\Temp\AutoRun.exe
C:\Users\Benjamin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Benjamin\AppData\Local\Temp\bridj.dll1400041389159444002.dll
C:\Users\Benjamin\AppData\Local\Temp\bridj.dll4930453768109546992.dll
C:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfex1th.dll
C:\Users\Benjamin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Benjamin\AppData\Local\Temp\sfareca00001.dll
C:\Users\Benjamin\AppData\Local\Temp\sfextra.dll
C:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exe
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
Hosts:
EmptyTemp:
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => Key deleted successfully.
"HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => Key deleted successfully.
"HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => Key deleted successfully.
"HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => Key deleted successfully.
"HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => Key deleted successfully.
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-137688557-3577635493-2510575898-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F}" => Key deleted successfully.
"HKCR\CLSID\{3D9E75E9-C27E-4E7E-B8B3-363C0A35CF5F}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => Key not found.
FF Extension: No Name - wrc@avast.com [Not Found] not found.
"HKU\S-1-5-21-137688557-3577635493-2510575898-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
C:\Users\Benjamin\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\AutoRun.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\bridj.dll1400041389159444002.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\bridj.dll4930453768109546992.dll => Moved successfully.
"C:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfex1th.dll" => File/Directory not found.
C:\Users\Benjamin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\sfamcc00001.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\sfareca00001.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\sfextra.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
"HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-137688557-3577635493-2510575898-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 6 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

AdwCleaner[s0]

# AdwCleaner v4.105 - Report created 08/12/2014 at 18:59:27
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Benjamin - G505S
# Running from : C:\Users\Benjamin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1.1 (x86 en-US)


-\\ Google Chrome v39.0.2171.71

[C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
[C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Opera v26.0.1656.32

[C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
[C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2342 octets] - [08/12/2014 18:55:17]
AdwCleaner[s0].txt - [2917 octets] - [08/12/2014 18:59:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2977 octets] ##########
 

 

 

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Benjamin on 08-Dec-14 at 19:04:29.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Benjamin\AppData\Roaming\mozilla\firefox\profiles\6a2wnf6n.default-1416363965997\extensions\toolbar@gmx.net



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08-Dec-14 at 19:17:14.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08-Dec-14
Scan Time: 19:47:10
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.09.01
Rootkit Database: v2014.12.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Benjamin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393082
Time Elapsed: 28 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

RKreport

RogueKiller V10.0.9.0 (x64) [Dec  8 2014] by Adlice Software
mail : http://lenovo13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 30 (Driver: Loaded) ¤¤¤
[iAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012d310|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e480|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e870|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e7e0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e800|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012eab0|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012db70|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012de10|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e960|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e9a0|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012ece0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e150|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012db40|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e1c0|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e1a0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012db80|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012eaa0|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e940|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e2f0|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e250|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e850|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012dbd0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012d430|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012d700|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012de10|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e590|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012d160|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012d970|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012e590|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[iAT:Inl] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7ffa39fe010a (jmp 0xffffffff8012dc50|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00LPVT-24G33T1 SATA Disk Device +++++
--- User ---
[MBR] 40f9eebd2ef9e0348dce1abd499a1ac4
[bSP] 7a384ea0e40be9768fdb600a45317de5 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2014
Ran by Benjamin (administrator) on G505S on 08-12-2014 20:36:36
Running from C:\Users\Benjamin\Desktop
Loaded Profile: Benjamin (Available profiles: Benjamin & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-

tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dropbox, Inc.) C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Benjamin\Desktop\RogueKillerX64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or

removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN

Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy

Management.exe [17097200 2013-09-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

[193008 2013-09-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13]

(Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent

\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368

2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer

\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

[91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update

\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static

\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600

2014-12-08] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

[134784 2014-01-24] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Run: [Google Update] => C:\Users\Benjamin

\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-23] (Google Inc.)
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Run: [GoogleDriveSync] => C:\Program Files

(x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Run: [AppEx Accelerator UI] => C:\Program

Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging

Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program

Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored

to default.)

HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer\Main,Start

Page = http://lenovo13.msn.com
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer

\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer

\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-137688557-3577635493-2510575898-1002\Software\Microsoft\Internet Explorer

\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files

\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST

Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files

\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program

Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files

\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program

Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common

Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default-

1416363965997
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin

\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin

\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight

\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash

\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin

\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java

\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight

\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll

(Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update

\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update

\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

(Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @talk.google.com/GoogleTalkPlugin ->

C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @talk.google.com/O1DPlugin -> C:

\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @tools.google.com/Google

Update;version=3 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll

(Google Inc.)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @tools.google.com/Google

Update;version=9 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll

(Google Inc.)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: @unity3d.com/UnityPlayer,version=1.0

-> C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies

ApS)
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: intel.com/AppUp -> C:\Program Files

(x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
FF Plugin HKU\S-1-5-21-137688557-3577635493-2510575898-1002: ubisoft.com/uplaypc -> C:\Program

Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins

\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npo1d.dll

(Google)
FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default-

1416363965997\searchplugins\leo-eng-deu-v20.xml
FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\6a2wnf6n.default-

1416363965997\searchplugins\minecraft-wiki-en.xml
FF Extension: Hilarious Webcomic Manager - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox

\Profiles\6a2wnf6n.default-1416363965997\Extensions\hilarious@axnjaxn.com.xpi [2014-11-18]
FF Extension: Minimize On Start and Close - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox

\Profiles\6a2wnf6n.default-1416363965997\Extensions\{480adee0-f020-4fef-917d-b05502b17aaf}.xpi

[2014-11-18]
FF Extension: Adblock Plus - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles

\6a2wnf6n.default-1416363965997\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-

18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast

\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-

30]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://start.icq.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default

\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-27]
CHR Extension: (Beautiful landscape) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data

\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-03-27]
CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default

\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default

\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Benjamin\AppData\Local\Google

\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-06]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default

\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23]
CHR Extension: (Adblock Plus) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default

\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-29]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default

\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23]
CHR Extension: (Avast Online Security) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data

\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default

\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default

\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23]
CHR HKU\S-1-5-21-137688557-3577635493-2510575898-1002\...\Chrome\Extension:

[lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST

Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file

will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984

2013-04-24] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-01-24]

(Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-08] (AVAST

Software)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18]

(Hewlett-Packard Co.) [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776

2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160

2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11

-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File

not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro

\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File

not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-18] (Stardock

Software, Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5405456 2014-11-12]

(TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013

-09-02] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft

Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft

Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

[323584 2014-01-24] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file

will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices,

Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014

-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks

Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced

Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft

Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK

provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK

provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes

Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-08] (Malwarebytes

Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes

Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor

Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file

could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 20:36 - 2014-12-08 20:37 - 00020899 _____ () C:\Users\Benjamin\Desktop\FRST.txt
2014-12-08 20:26 - 2014-12-08 20:26 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-08 20:26 - 2014-12-08 20:26 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-08 20:23 - 2014-12-08 20:24 - 18315864 _____ () C:\Users\Benjamin\Desktop

\RogueKillerX64.exe
2014-12-08 19:04 - 2014-12-08 19:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-08 19:03 - 2014-12-08 19:03 - 01707646 _____ (Thisisu) C:\Users\Benjamin\Desktop\JRT.exe
2014-12-08 18:55 - 2014-12-08 18:59 - 00000000 ____D () C:\AdwCleaner
2014-12-08 18:46 - 2014-12-08 18:45 - 00364512 _____ (AVAST Software) C:\WINDOWS

\system32\aswBoot.exe
2014-12-08 18:45 - 2014-12-08 18:45 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-08 18:44 - 2014-12-08 18:44 - 02166272 _____ () C:\Users\Benjamin\Desktop\AdwCleaner.exe
2014-12-08 18:27 - 2014-12-08 18:27 - 02119680 _____ (Farbar) C:\Users\Benjamin\Desktop

\FRST64.exe
2014-12-08 18:19 - 2014-12-08 18:19 - 00001434 _____ () C:\Users\Benjamin\Desktop\Malware Issue -

Shortcut.lnk
2014-12-04 23:22 - 2014-12-08 20:36 - 00000000 ____D () C:\FRST
2014-12-03 07:50 - 2014-12-08 19:47 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS

\system32\Drivers\MBAMSwissArmy.sys
2014-12-03 07:50 - 2014-12-03 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 07:50 - 2014-12-03 07:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes

Anti-Malware
2014-12-03 07:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS

\system32\Drivers\mbamchameleon.sys
2014-12-03 07:50 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS

\system32\Drivers\mwac.sys
2014-12-03 07:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS

\system32\Drivers\mbam.sys
2014-11-19 08:04 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS

\system32\kerberos.dll
2014-11-19 08:04 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\kerberos.dll
2014-11-19 08:04 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS

\system32\pku2u.dll
2014-11-19 08:04 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\pku2u.dll
2014-11-18 21:26 - 2014-11-18 21:26 - 00000000 ____D () C:\Users\Benjamin\Desktop\Old Firefox

Data
2014-11-17 20:54 - 2014-11-17 20:54 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\TeamViewer 10.lnk
2014-11-15 20:21 - 2014-11-15 20:21 - 00000000 __SHD () C:\found.000
2014-11-11 18:51 - 2014-11-20 15:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS

\SysWOW64\FlashPlayerApp.exe
2014-11-11 18:51 - 2014-11-20 15:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS

\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 18:21 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS

\system32\mshtml.dll
2014-11-11 18:21 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\mshtml.dll
2014-11-11 18:20 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS

\system32\ieframe.dll
2014-11-11 18:20 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\ieframe.dll
2014-11-11 18:19 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wextract.exe
2014-11-11 18:19 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS

\system32\mshta.exe
2014-11-11 18:19 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS

\system32\iexpress.exe
2014-11-11 18:19 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS

\system32\pngfilt.dll
2014-11-11 18:19 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS

\system32\msfeedssync.exe
2014-11-11 18:19 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS

\system32\vbscript.dll
2014-11-11 18:19 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS

\system32\url.dll
2014-11-11 18:19 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS

\system32\iesetup.dll
2014-11-11 18:19 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS

\system32\ieetwproxystub.dll
2014-11-11 18:19 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS

\system32\iertutil.dll
2014-11-11 18:19 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS

\system32\html.iec
2014-11-11 18:19 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS

\system32\MshtmlDac.dll
2014-11-11 18:19 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS

\system32\jsproxy.dll
2014-11-11 18:19 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS

\system32\iernonce.dll
2014-11-11 18:19 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS

\system32\IEAdvpack.dll
2014-11-11 18:19 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS

\system32\ieui.dll
2014-11-11 18:19 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS

\system32\hlink.dll
2014-11-11 18:19 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS

\system32\jscript.dll
2014-11-11 18:19 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS

\system32\ieUnatt.exe
2014-11-11 18:19 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS

\system32\ieetwcollector.exe
2014-11-11 18:19 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS

\system32\jscript9.dll
2014-11-11 18:19 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS

\system32\jscript9diag.dll
2014-11-11 18:19 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS

\system32\licmgr10.dll
2014-11-11 18:19 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS

\system32\dxtmsft.dll
2014-11-11 18:19 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS

\system32\JavaScriptCollectionAgent.dll
2014-11-11 18:19 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS

\system32\iesysprep.dll
2014-11-11 18:19 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS

\system32\tdc.ocx
2014-11-11 18:19 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS

\system32\inseng.dll
2014-11-11 18:19 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS

\system32\msrating.dll
2014-11-11 18:19 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS

\system32\mshtmled.dll
2014-11-11 18:19 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS

\system32\msfeedsbs.dll
2014-11-11 18:19 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS

\system32\iepeers.dll
2014-11-11 18:19 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS

\system32\dxtrans.dll
2014-11-11 18:19 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS

\system32\occache.dll
2014-11-11 18:19 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS

\system32\inetcomm.dll
2014-11-11 18:19 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS

\system32\webcheck.dll
2014-11-11 18:19 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS

\system32\iedkcs32.dll
2014-11-11 18:19 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS

\system32\msfeeds.dll
2014-11-11 18:19 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS

\system32\ie4uinit.exe
2014-11-11 18:19 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS

\system32\inetcpl.cpl
2014-11-11 18:19 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wininet.dll
2014-11-11 18:19 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS

\system32\actxprxy.dll
2014-11-11 18:19 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS

\system32\imgutil.dll
2014-11-11 18:19 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS

\system32\urlmon.dll
2014-11-11 18:19 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\wextract.exe
2014-11-11 18:19 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\mshta.exe
2014-11-11 18:19 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\iexpress.exe
2014-11-11 18:19 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\pngfilt.dll
2014-11-11 18:19 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\msfeedssync.exe
2014-11-11 18:19 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\vbscript.dll
2014-11-11 18:19 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\url.dll
2014-11-11 18:19 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\iesetup.dll
2014-11-11 18:19 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\html.iec
2014-11-11 18:19 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\ieetwproxystub.dll
2014-11-11 18:19 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\MshtmlDac.dll
2014-11-11 18:19 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS

\system32\ieapfltr.dll
2014-11-11 18:19 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\iertutil.dll
2014-11-11 18:19 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\jsproxy.dll
2014-11-11 18:19 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\iernonce.dll
2014-11-11 18:19 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\IEAdvpack.dll
2014-11-11 18:19 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\ieui.dll
2014-11-11 18:19 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\hlink.dll
2014-11-11 18:19 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\jscript.dll
2014-11-11 18:19 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\ieUnatt.exe
2014-11-11 18:19 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\jscript9diag.dll
2014-11-11 18:19 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\licmgr10.dll
2014-11-11 18:19 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\dxtmsft.dll
2014-11-11 18:19 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 18:19 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\inseng.dll
2014-11-11 18:19 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\iesysprep.dll
2014-11-11 18:19 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\tdc.ocx
2014-11-11 18:19 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\msrating.dll
2014-11-11 18:19 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\msfeedsbs.dll
2014-11-11 18:19 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\mshtmled.dll
2014-11-11 18:19 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\iepeers.dll
2014-11-11 18:19 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\dxtrans.dll
2014-11-11 18:19 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\occache.dll
2014-11-11 18:19 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\jscript9.dll
2014-11-11 18:19 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\inetcomm.dll
2014-11-11 18:19 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\webcheck.dll
2014-11-11 18:19 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\msfeeds.dll
2014-11-11 18:19 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\iedkcs32.dll
2014-11-11 18:19 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\inetcpl.cpl
2014-11-11 18:19 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\actxprxy.dll
2014-11-11 18:19 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\imgutil.dll
2014-11-11 18:19 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\wininet.dll
2014-11-11 18:19 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\urlmon.dll
2014-11-11 18:19 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\ieapfltr.dll
2014-11-11 18:19 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS

\system32\Drivers\ksecpkg.sys
2014-11-11 18:19 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS

\system32\Drivers\rdpvideominiport.sys
2014-11-11 18:19 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS

\system32\Drivers\cng.sys
2014-11-11 18:19 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS

\system32\adtschema.dll
2014-11-11 18:19 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS

\system32\msaudite.dll
2014-11-11 18:19 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS

\system32\rdpudd.dll
2014-11-11 18:19 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS

\system32\rfxvmt.dll
2014-11-11 18:19 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS

\system32\certcli.dll
2014-11-11 18:19 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\adtschema.dll
2014-11-11 18:19 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\msaudite.dll
2014-11-11 18:19 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\certcli.dll
2014-11-11 18:19 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS

\system32\lsasrv.dll
2014-11-11 18:19 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS

\system32\rdpcorets.dll
2014-11-11 18:19 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS

\system32\win32k.sys
2014-11-11 18:19 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS

\system32\ncryptsslp.dll
2014-11-11 18:19 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\ncryptsslp.dll
2014-11-11 18:19 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS

\system32\schannel.dll
2014-11-11 18:19 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS

\system32\dpapisrv.dll
2014-11-11 18:19 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\schannel.dll
2014-11-11 18:18 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS

\system32\packager.dll
2014-11-11 18:18 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\packager.dll
2014-11-11 18:18 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wuauclt.exe
2014-11-11 18:18 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wups.dll
2014-11-11 18:18 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wups2.dll
2014-11-11 18:18 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\wups.dll
2014-11-11 18:18 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wuaext.dll
2014-11-11 18:18 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wuaueng.dll
2014-11-11 18:18 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wuapp.exe
2014-11-11 18:18 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wuwebv.dll
2014-11-11 18:18 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS

\system32\WUSettingsProvider.dll
2014-11-11 18:18 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wudriver.dll
2014-11-11 18:18 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wuapi.dll
2014-11-11 18:18 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS

\system32\wucltux.dll
2014-11-11 18:18 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\wuwebv.dll
2014-11-11 18:18 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\wuapp.exe
2014-11-11 18:18 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\wudriver.dll
2014-11-11 18:18 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\wuapi.dll
2014-11-11 18:18 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS

\system32\oleaut32.dll
2014-11-11 18:18 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\oleaut32.dll
2014-11-11 18:18 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS

\system32\consent.exe
2014-11-11 18:18 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS

\system32\msi.dll
2014-11-11 18:18 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\msi.dll
2014-11-11 18:18 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS

\system32\appinfo.dll
2014-11-11 18:18 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS

\system32\msihnd.dll
2014-11-11 18:18 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\msihnd.dll
2014-11-11 18:18 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS

\system32\authui.dll
2014-11-11 18:18 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\authui.dll
2014-11-11 18:18 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS

\system32\AudioSes.dll
2014-11-11 18:18 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS

\system32\AudioEng.dll
2014-11-11 18:18 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS

\system32\AUDIOKSE.dll
2014-11-11 18:18 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS

\system32\audiodg.exe
2014-11-11 18:18 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS

\system32\EncDump.dll
2014-11-11 18:18 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\AudioSes.dll
2014-11-11 18:18 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\AUDIOKSE.dll
2014-11-11 18:18 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\AudioEng.dll
2014-11-11 18:18 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS

\system32\AudioEndpointBuilder.dll
2014-11-11 18:18 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS

\system32\audiosrv.dll
2014-11-11 18:18 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS

\system32\user32.dll
2014-11-11 18:18 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS

\system32\Drivers\WdFilter.sys
2014-11-11 18:18 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS

\system32\Drivers\WdNisDrv.sys
2014-11-11 18:18 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS

\system32\Drivers\WdBoot.sys
2014-11-11 18:18 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\user32.dll
2014-11-11 18:18 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS

\system32\Drivers\netio.sys
2014-11-11 18:18 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS

\system32\Drivers\tcpip.sys
2014-11-11 18:18 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS

\system32\Drivers\FWPKCLNT.SYS
2014-11-11 18:18 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS

\system32\win32spl.dll
2014-11-11 18:18 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS

\system32\localspl.dll
2014-11-11 18:18 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS

\system32\mfmp4srcsnk.dll
2014-11-11 18:18 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\mfmp4srcsnk.dll
2014-11-11 18:18 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS

\system32\puiobj.dll
2014-11-11 18:18 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\puiobj.dll
2014-11-11 18:18 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS

\system32\winshfhc.dll
2014-11-11 18:18 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\winshfhc.dll
2014-11-11 18:18 - 2014-08-30 19:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS

\system32\Drivers\USBSTOR.SYS
2014-11-11 18:18 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS

\system32\shell32.dll
2014-11-11 18:18 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\shell32.dll
2014-11-11 18:18 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS

\system32\FXSCOMEX.dll
2014-11-11 18:18 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS

\system32\MFMediaEngine.dll
2014-11-11 18:18 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\MFMediaEngine.dll
2014-11-11 18:18 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS

\system32\ntoskrnl.exe
2014-11-11 18:18 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS

\system32\WsmSvc.dll
2014-11-11 18:18 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\WsmSvc.dll
2014-11-11 18:18 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS

\system32\msxml3.dll
2014-11-11 18:18 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS

\system32\twinui.dll
2014-11-11 18:18 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\twinui.dll
2014-11-11 18:18 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\msxml3.dll
2014-11-11 18:18 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS

\system32\SettingsHandlers.dll
2014-11-11 18:18 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS

\system32\untfs.dll
2014-11-11 18:18 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\untfs.dll
2014-11-11 18:17 - 2014-09-07 17:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-11 18:17 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS

\system32\FXSAPI.dll
2014-11-11 18:17 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\FXSAPI.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 20:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-08 19:54 - 2014-04-19 09:33 - 00000918 _____ () C:\WINDOWS\Tasks

\GoogleUpdateTaskMachineUA.job
2014-12-08 19:54 - 2013-12-23 16:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player

Updater.job
2014-12-08 19:54 - 2013-08-22 09:46 - 00351604 _____ () C:\WINDOWS\setupact.log
2014-12-08 19:51 - 2013-12-23 17:10 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1

-5-21-137688557-3577635493-2510575898-1002UA.job
2014-12-08 19:45 - 2013-12-23 15:15 - 00000000 ____D () C:\Users\Benjamin\AppData\Local

\CrashDumps
2014-12-08 19:44 - 2014-10-19 11:46 - 00000000 ___RD () C:\Users\Benjamin\Google Drive
2014-12-08 19:44 - 2013-12-23 15:14 - 00000000 ___RD () C:\Users\Benjamin\Dropbox
2014-12-08 19:44 - 2013-12-23 15:12 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Dropbox
2014-12-08 19:43 - 2014-04-19 09:33 - 00000914 _____ () C:\WINDOWS\Tasks

\GoogleUpdateTaskMachineCore.job
2014-12-08 19:43 - 2014-04-09 16:48 - 00000000 __RDO () C:\Users\Benjamin\SkyDrive
2014-12-08 19:43 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-08 19:42 - 2014-10-23 15:21 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2014-12-08 19:42 - 2013-09-02 12:55 - 00012800 _____ () C:\WINDOWS\system32\VfService.trf
2014-12-08 19:41 - 2013-12-23 12:36 - 13815850 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-08 19:27 - 2014-01-07 22:34 - 01784618 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-08 19:00 - 2013-11-14 02:20 - 00048944 _____ () C:\WINDOWS\PFRO.log
2014-12-08 18:51 - 2013-12-23 17:10 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1

-5-21-137688557-3577635493-2510575898-1002Core.job
2014-12-08 18:47 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-08 18:46 - 2014-10-30 17:33 - 01050432 _____ (AVAST Software) C:\WINDOWS

\system32\Drivers\aswsnx.sys
2014-12-08 18:46 - 2013-12-23 12:55 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast!

Emergency Update
2014-12-08 18:45 - 2014-10-30 17:33 - 00436624 _____ (AVAST Software) C:\WINDOWS

\system32\Drivers\aswSP.sys
2014-12-08 18:45 - 2014-10-30 17:33 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-08 18:45 - 2014-10-30 17:33 - 00116728 _____ (AVAST Software) C:\WINDOWS

\system32\Drivers\aswStm.sys
2014-12-08 18:45 - 2014-10-30 17:33 - 00093568 _____ (AVAST Software) C:\WINDOWS

\system32\Drivers\aswRdr2.sys
2014-12-08 18:45 - 2014-10-30 17:33 - 00083280 _____ (AVAST Software) C:\WINDOWS

\system32\Drivers\aswmonflt.sys
2014-12-08 18:45 - 2014-10-30 17:33 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-08 18:45 - 2014-08-04 19:52 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-08 18:15 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-08 08:24 - 2014-04-25 19:25 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Skype
2014-12-06 12:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-04 18:45 - 2013-12-22 17:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start

Menu Cache Files-S-1-5-21-137688557-3577635493-2510575898-1002
2014-12-03 21:20 - 2014-07-17 13:04 - 00003824 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled

Autoupdate 1405620264
2014-12-03 21:20 - 2014-07-17 13:04 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\Opera.lnk
2014-12-03 21:20 - 2014-07-17 13:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-11-29 15:36 - 2013-12-23 15:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-28 09:42 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-25 22:54 - 2013-12-23 16:49 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash

Player Updater
2014-11-20 07:59 - 2013-12-22 17:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla

Maintenance Service
2014-11-20 07:59 - 2013-08-22 09:44 - 00362632 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-17 20:54 - 2014-05-24 17:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-16 08:37 - 2013-12-23 15:13 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 17:54 - 2013-12-22 17:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-14 22:37 - 2013-12-23 16:59 - 00000000 ____D () C:\ProgramData\Skype
2014-11-14 22:36 - 2014-10-27 21:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-14 18:49 - 2014-04-19 09:33 - 00003890 _____ () C:\WINDOWS\System32\Tasks

\GoogleUpdateTaskMachineUA
2014-11-14 18:49 - 2014-04-19 09:33 - 00003654 _____ () C:\WINDOWS\System32\Tasks

\GoogleUpdateTaskMachineCore
2014-11-14 18:46 - 2013-12-23 17:10 - 00003884 _____ () C:\WINDOWS\System32\Tasks

\GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002UA
2014-11-14 18:46 - 2013-12-23 17:10 - 00003504 _____ () C:\WINDOWS\System32\Tasks

\GoogleUpdateTaskUserS-1-5-21-137688557-3577635493-2510575898-1002Core
2014-11-11 21:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-11 18:54 - 2013-12-22 17:10 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Mozilla
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-11 18:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-11 18:33 - 2013-12-23 13:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-11 18:25 - 2013-12-23 13:51 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS

\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Benjamin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Benjamin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-

3e3e7ecf0d81}.tmppdman5.dll
C:\Users\Benjamin\AppData\Local\Temp\Quarantine.exe
C:\Users\Benjamin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-08 19:18

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Ben, 
 
Please attach FRST.txt in your next reply. The formatting for the log is a little off, and makes it much harder to read. 
 

Concerning the Vista machine, should I do some extensive browsing to see if the redirects still keep happening?

Yes please.
 

Do you consider it possible that my machines cross-infect each other once one has been "cleaned"? 

No. 
 

I'm still not sure how it could happen that all my machines started showing the same issues in short succession. Is there still the possibility that my router is somehow infected?

I'm going to ask you to power cycle and reset your router once more after we've gone through the three machines.

Link to post
Share on other sites
BalconyJedi

BalconyJedi

Posted
  • Author
Posted

Sorry for the messed up formatting, I attached the FRST log for the 8.1 here.

 

Thanks for your replies. I'll do some more browsing on the Vista machine tomorrow night. I used it a bit today and didn't notice any redirects or other issues, apart from general slowness, but I'm pretty sure it was like this before (due to running Vista on a 5 year old, cheap laptop).

 

And thanks a lot in general for your continued support. I really appreciate your help. :)

Good night,

Ben

FRST.txt

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.