Jump to content

Malware-bytes\Chameleon will not run or scan


Charmon

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015

Ran by Admin (administrator) on FABCEEBEATZ (21-12-2015 07:51:45)

Running from F:\

Loaded Profiles: Admin (Available Profiles: Admin)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) D:\Av\avgrsa.exe

(AVG Technologies CZ, s.r.o.) D:\Av\avgcsrva.exe

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(AVG Technologies CZ, s.r.o.) D:\Av\avgidsagent.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(AVG Technologies CZ, s.r.o.) D:\Framework\Common\avgsvca.exe

(© 2015 Microsoft Corporation) C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe

(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

(AVG Technologies CZ, s.r.o.) D:\Av\avgwdsvcx.exe

(AVG Technologies CZ, s.r.o.) D:\Framework\Common\avguix.exe

(AVG Technologies CZ, s.r.o.) D:\Av\avgui.exe

(Intel Corporation) C:\Program Files\Configuration Center\bin\DeviceControlService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(AVG Technologies CZ, s.r.o.) D:\Av\avgnsa.exe

(AVG Technologies CZ, s.r.o.) D:\Av\avgemca.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [AvgUi] => D:\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [AVG_UI] => D:\Av\avgui.exe [3855272 2015-12-09] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2814864 2015-12-21] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Run: [bingSvc] => C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Run: [Virus Effect Remover] => C:\Program Files (x86)\Virus Secure Lab\Virus Effect Remover\Virus Effect Remover.exe

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\system: [DisableChangePassword] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoFileUrl] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoNetHood] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoFileMenu] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoSetTaskBar] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [Nosecuritytab] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoUpdateCheck] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\MountPoints2: {020e7f30-d957-11e1-bc32-742f6835a9f3} - F:\iStudio.exe

HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\MountPoints2: {dea5d45b-8a7e-11e5-8b75-fc0b6198b311} - F:\VZW_Software_upgrade_assistant.exe

ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-19]

ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{4566142C-5E6F-4796-9DE4-A20294017A0B}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{5A9E5531-4559-4A29-BD7A-DC099E0EFB63}: [DhcpNameServer] 209.18.47.61 209.18.47.62

 

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 

SearchScopes: HKU\S-1-5-21-733214114-3496530890-3564253868-1000 -> DefaultScope {09D5889A-41DD-4395-9AC1-E87E73E6F53D} URL = hxxps://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-733214114-3496530890-3564253868-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5FDF&PC=SL5F&q={searchTerms}&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-733214114-3496530890-3564253868-1000 -> {09D5889A-41DD-4395-9AC1-E87E73E6F53D} URL = hxxps://www.google.com/search?q={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i24einc5.default

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Taplika

FF Homepage: hxxps://www.google.com/

FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-04-17]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-01-27] [not signed]

StartMenuInternet: FIREFOX.EXE - firefox.exe

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros) [File not signed]

S4 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [52896 2010-11-25] (Atheros Commnucations) [File not signed]

S3 AvgAMPS; D:\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; D:\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; D:\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)

R2 avgwd; D:\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.)

R2 DcsService; C:\Program Files\Configuration Center\bin\DeviceControlService.exe [1039872 2010-02-24] (Intel Corporation) [File not signed]

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-21] ()

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2009-08-26] () [File not signed]

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2009-08-26] () [File not signed]

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2009-09-16] () [File not signed]

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2009-09-16] () [File not signed]

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [49664 2011-01-13] (Fresco Logic)

R3 IPMLEBL; C:\Windows\System32\Drivers\ipmlebl.sys [24448 2009-10-20] (Intel Corporation)

S3 lmimirr; no ImagePath

S3 MAUSBFASTTRACKULTRA; C:\Windows\System32\DRIVERS\MAudioFastTrackUltra.sys [197424 2011-01-11] (Avid Technology, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)

R3 VKBD; C:\Windows\System32\DRIVERS\virkbd.sys [25088 2009-12-09] (Intel Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-12-21 07:43 - 2015-12-21 07:51 - 00000000 ___DC C:\FRST

2015-12-21 07:35 - 2015-12-21 07:35 - 00004142 _____ C:\Users\Admin\Desktop\JRT.txt

2015-12-21 06:20 - 2015-12-21 07:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-12-21 06:20 - 2015-12-21 06:20 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-12-21 06:20 - 2015-12-21 06:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-12-21 06:20 - 2015-12-21 06:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-12-21 06:20 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-12-21 06:20 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2015-12-21 06:00 - 2015-12-21 06:00 - 00214238 ____C C:\process.txt

2015-12-21 04:57 - 2015-12-21 04:57 - 00000000 ____D C:\Users\Admin\AppData\Local\AVG Web TuneUp

2015-12-21 04:57 - 2015-12-21 04:57 - 00000000 ____D C:\ProgramData\AVG Web TuneUp

2015-12-21 04:57 - 2015-12-21 04:57 - 00000000 ____D C:\ProgramData\AVG Secure Search

2015-12-21 04:57 - 2015-12-21 04:57 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search

2015-12-21 04:57 - 2015-12-21 04:57 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp

2015-12-21 04:54 - 2015-12-21 04:54 - 00000530 _____ C:\Users\Public\Desktop\AVG Protection.lnk

2015-12-21 04:54 - 2015-12-21 04:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TuneUp Software

2015-12-21 04:54 - 2015-12-21 04:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AVG

2015-12-21 04:54 - 2015-12-21 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2015-12-21 04:54 - 2015-12-21 04:54 - 00000000 ____D C:\Program Files\Common Files\AV

2015-12-21 04:53 - 2015-12-21 04:53 - 00000000 __HDC C:\$AVG

2015-12-21 04:48 - 2015-12-21 04:50 - 00202662 ____C C:\TDSSKiller.3.1.0.9_21.12.2015_04.48.59_log.txt

2015-12-21 04:48 - 2015-12-21 04:48 - 00000366 ____C C:\TDSSKiller.3.0.0.44_21.12.2015_04.48.44_log.txt

2015-12-21 04:46 - 2015-12-21 04:47 - 00000366 ____C C:\TDSSKiller.3.0.0.44_21.12.2015_04.46.59_log.txt

2015-12-21 04:35 - 2015-12-21 04:35 - 00001144 _____ C:\Users\Admin\Desktop\ASIO4ALL v2 Instruction Manual.lnk

2015-12-21 04:35 - 2015-12-21 04:35 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2

2015-12-20 16:21 - 2015-12-20 16:21 - 00003288 ____N C:\bootsqm.dat

2015-12-20 15:51 - 2015-12-20 15:51 - 00002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-12-20 15:50 - 2015-12-20 15:51 - 00000000 ____D C:\Program Files\Microsoft Security Client

2015-12-20 15:50 - 2015-12-20 15:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2015-12-20 15:09 - 2015-12-20 15:09 - 00272352 _____ C:\Windows\Minidump\122015-63710-01.dmp

2015-12-20 13:54 - 2015-12-20 13:54 - 00034148 ____C C:\TDSSKiller.3.1.0.9_20.12.2015_13.54.33_log.txt

2015-12-20 13:54 - 2015-12-20 13:54 - 00000366 ____C C:\TDSSKiller.3.0.0.44_20.12.2015_13.54.18_log.txt

2015-12-20 13:53 - 2015-12-21 04:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg

2015-12-20 13:53 - 2015-12-21 04:53 - 00000000 ____D C:\ProgramData\Avg

2015-12-20 13:53 - 2015-12-21 04:51 - 00000000 ____D C:\Users\Admin\AppData\Local\AvgSetupLog

2015-12-20 13:46 - 2015-12-20 15:51 - 00001945 _____ C:\Windows\epplauncher.mif

2015-12-19 20:58 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-12-19 20:58 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-12-19 20:58 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-12-19 20:58 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-12-19 20:58 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-12-19 20:58 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-12-19 20:58 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-12-19 20:58 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-12-19 20:58 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-12-19 20:58 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-12-19 20:58 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-12-19 20:58 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-12-19 20:58 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-12-19 20:58 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-12-19 20:58 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-12-19 20:58 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-12-19 20:58 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-12-19 20:58 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-12-19 20:58 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll

2015-12-19 20:58 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll

2015-12-19 20:58 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll

2015-12-19 20:58 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll

2015-12-19 20:58 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-12-19 20:58 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-12-19 20:58 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-12-19 20:58 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-12-19 20:58 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-12-19 20:58 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-12-19 20:58 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-12-19 20:58 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-12-19 20:58 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-12-19 20:58 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2015-12-19 20:58 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2015-12-19 20:58 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

2015-12-19 20:58 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-12-19 20:58 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-12-19 20:58 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-12-19 20:58 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-12-19 20:58 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-12-19 20:58 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-12-19 20:58 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-12-19 20:58 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-12-19 20:58 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-12-19 20:58 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-12-19 20:58 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-12-19 20:58 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-12-19 20:58 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-12-19 20:58 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-12-19 20:58 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-12-19 20:58 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-12-19 20:58 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-12-19 20:58 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2015-12-19 20:58 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2015-12-19 20:58 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-12-19 20:58 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-12-19 20:58 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-12-19 20:58 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-12-19 20:58 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-12-19 20:58 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-12-19 20:58 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-12-19 20:58 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-12-19 20:58 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-12-19 20:58 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-12-19 20:58 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-12-19 20:58 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-12-19 20:58 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-12-19 20:58 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-12-19 20:58 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-12-19 20:58 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-12-19 20:58 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-12-19 20:58 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-12-19 20:58 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-12-19 20:58 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-12-19 20:58 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-12-19 20:58 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-12-19 20:58 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-12-19 20:58 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-12-19 20:58 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-12-19 20:58 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-12-19 20:58 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-12-19 20:58 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2015-12-19 20:58 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-12-19 20:58 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-12-19 20:58 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-12-19 20:58 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-12-19 20:58 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-12-19 20:58 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-12-19 20:58 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-12-19 20:58 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-12-19 20:58 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-12-19 20:58 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll

2015-12-19 20:58 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll

2015-12-19 20:58 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-12-19 20:58 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-12-19 20:58 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys

2015-12-19 20:58 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2015-12-19 20:58 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2015-12-19 20:56 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll

2015-12-19 20:56 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll

2015-12-19 20:41 - 2015-12-19 20:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-12-21 07:50 - 2012-12-09 22:38 - 00000000 ___RD C:\Users\Admin\Dropbox

2015-12-21 07:50 - 2012-12-09 22:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox

2015-12-21 07:50 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-12-21 07:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows

2015-12-21 07:38 - 2012-01-13 03:57 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps

2015-12-21 07:35 - 2012-12-05 14:14 - 00000000 ____D C:\Users\Admin\AppData\Local\iLivid

2015-12-21 07:35 - 2009-07-14 00:13 - 00802402 _____ C:\Windows\system32\PerfStringBackup.INI

2015-12-21 07:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf

2015-12-21 07:27 - 2015-04-15 19:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-12-21 06:55 - 2015-02-06 19:34 - 00000000 ____D C:\ProgramData\MFAData

2015-12-21 06:25 - 2015-06-20 18:39 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-733214114-3496530890-3564253868-1000UA.job

2015-12-21 06:12 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-12-21 06:12 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-12-21 04:35 - 2011-12-30 13:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2

2015-12-21 04:34 - 2015-04-27 00:06 - 00000780 _____ C:\Users\Admin\Desktop\FL Studio 12 (64bit).lnk

2015-12-21 04:34 - 2015-04-27 00:06 - 00000768 _____ C:\Users\Admin\Desktop\FL Studio 12.lnk

2015-12-21 04:34 - 2011-12-30 13:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

2015-12-21 04:34 - 2011-12-30 13:15 - 00000000 ____D C:\Program Files (x86)\VstPlugins

2015-12-21 04:28 - 2012-12-05 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line

2015-12-20 15:40 - 2014-03-13 22:13 - 01814576 _____ C:\Windows\ntbtlog.txt

2015-12-20 15:09 - 2012-04-24 13:40 - 00000000 ____D C:\Windows\Minidump

2015-12-20 14:59 - 2015-01-23 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tone2 Firebird

2015-12-20 14:57 - 2014-07-30 22:11 - 00000000 ____D C:\ProgramData\Camel Audio

2015-12-20 14:57 - 2014-07-30 22:11 - 00000000 ____D C:\Program Files\Camel Audio

2015-12-20 14:57 - 2013-06-10 20:19 - 00000000 ____D C:\Program Files\VstPlugins

2015-12-20 14:50 - 2009-07-14 00:08 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-12-20 13:43 - 2012-01-07 01:40 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics

2015-12-20 13:02 - 2011-04-25 09:53 - 00000000 ____D C:\Program Files (x86)\GRETECH

2015-12-20 05:28 - 2009-07-13 23:45 - 00280760 _____ C:\Windows\system32\FNTCACHE.DAT

2015-12-20 05:23 - 2015-04-07 18:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-12-20 05:23 - 2015-04-07 18:23 - 00000000 ___SD C:\Windows\system32\GWX

2015-12-20 05:04 - 2014-04-20 04:01 - 00797512 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2015-12-20 01:25 - 2015-06-20 18:39 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-733214114-3496530890-3564253868-1000Core.job

2015-12-19 21:27 - 2015-04-15 19:06 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-12-19 21:27 - 2015-04-15 19:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-12-19 21:27 - 2012-05-01 10:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-12-19 20:37 - 2015-11-14 16:09 - 00000400 __RSH C:\ProgramData\ntuser.pol

2015-12-08 22:39 - 2010-11-20 22:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

 

==================== Files in the root of some directories =======

 

2012-01-11 03:02 - 2015-02-06 18:44 - 0007601 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg

2011-11-21 09:44 - 2011-11-21 09:44 - 0000094 _____ () C:\ProgramData\CameraRecorder.ini

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-11-10 23:40

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


TDSSKiller_Kaspersky.png Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

  • Right-click on TDSSKiller_Kaspersky.png
  • icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • Your machine may appear very slow and unusable after that - it's normal.
  • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
  • Click the Start Scan button and wait patiently.
  • If anything will be found follow this guidelines:
    • If a suspicious object is detected, the default action will be Skip, click on Continue.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      If Cure is not available, please choose Skip instead.

    • Do not choose Delete unless instructed!
    A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.
Link to post
Share on other sites

Okay, deep layer is clean, let's use FRST again:
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

warning.gif Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

  • avast Antivirus
  • Microsoft Security Essentials
Uninstallation procedure:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each uninstalled entry, right-click it and select Uninstall.
This should be done until any other steps will be taken.


FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.


mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
After that follow my next instructions to download & install the latest MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.