Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I had/have something please help.


  • Please log in to reply
21 replies to this topic

#1 safeluke

safeluke

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 22 January 2014 - 11:41 AM

Hello there, I've used malwarebytes/chameleon and hitman pro to get rid of anything and I'm wondering if there is anything else hiding in my system, so I used DDS, logged on here and attached, please help. 
 
Also I get a pop up from Malwarebytes saying that a potential threat was blocked from 222.186.19.20, type: incoming port: 45646, process: utorrent.exe
 
Any help is appreciated.
Kind regards
Luke.
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by SafeLuke at 16:24:10 on 2014-01-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4061.1687 [GMT 0:00]
.
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Users\SafeLuke\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe
C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\prevhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Reminder] C:\Program Files (x86)\TTG\Reminder\Reminder.exe
uRun: [DockBar] C:\Applications\Tools\DockBar\DockBar.exe
uRun: [Recovery Backup Wizard] C:\Program Files (x86)\TTG\Reminder\Reminder.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\SafeLuke\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [uTorrent] "C:\Users\SafeLuke\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [KNOWHOW™ APP CENTRE] "C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OSD.lnk - C:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{9F414750-7FB8-43D9-B2DD-C178F273B9D2} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9F414750-7FB8-43D9-B2DD-C178F273B9D2}\35166654 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9F414750-7FB8-43D9-B2DD-C178F273B9D2}\4514C4B44514C4B4D2345364449383 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --
 
verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-28 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-28 207904]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-11-28 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswndisflt.sys [2013-11-28 439648]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-28 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-11-28 422216]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-12-11 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-12-21 282648]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-28 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-15 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-15 113704]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 
 
185688]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-19 109352]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-24 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-17 701512]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-12-21 1444120]
R2 SoilIO;SoilIO;C:\Windows\System32\drivers\SoilIO.sys [2009-12-11 17912]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-15 79672]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2012-11-17 145408]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-17 25928]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
R3 soilkbc;soilkbc;C:\Windows\System32\drivers\Soilkbc.sys [2009-12-3 13816]
R3 SoilMC;SoilMC;C:\Windows\System32\drivers\SoilMC.sys [2009-12-3 13304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-5-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-1-24 14448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-17 111616]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-5-24 173656]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2011-5-24 131600]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-6-25 316248]
S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-12-21 397784]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-14 19456]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-5-25 1109096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-14 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-6 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-22 15:36:11 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{045C6DA2-9487-449A-9BEB-999AF0CF63A0}\offreg.dll
2014-01-21 19:31:15 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{045C6DA2-9487-449A-9BEB-
 
999AF0CF63A0}\mpengine.dll
2014-01-20 01:21:28 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-20 00:38:57 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2014-01-19 15:37:26 -------- d-----w- C:\Program Files\HitmanPro
2014-01-19 15:37:04 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-19 15:26:23 -------- d-----w- C:\Windows\ERUNT
2014-01-15 16:49:13 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-01-15 16:43:15 -------- d-----w- C:\AdwCleaner
2014-01-15 16:34:03 -------- d-----w- C:\Users\SafeLuke\.android
2014-01-15 16:33:56 -------- d-----w- C:\Users\SafeLuke\AppData\Local\cache
2014-01-15 16:24:33 -------- d-----w- C:\Users\SafeLuke\AppData\Roaming\DigitalSites
2014-01-15 16:10:45 -------- d-----w- C:\ProgramData\House Of Soft
2014-01-15 16:08:56 -------- d-----w- C:\Users\SafeLuke\AppData\Local\Packages
2014-01-15 16:08:41 -------- d-----w- C:\ProgramData\d397b44e17e23859
2014-01-15 16:08:40 -------- d-----w- C:\Users\SafeLuke\AppData\Local\Comodo
2014-01-15 16:07:33 -------- d-----w- C:\ProgramData\InstallMate
2014-01-15 15:40:53 -------- d-----w- C:\ProgramData\DriverGenius
2014-01-15 13:17:03 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-14 22:43:38 -------- d-----w- C:\Windows\Migration
2014-01-14 22:40:04 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-01-14 22:40:02 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-14 22:40:02 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-14 22:40:01 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-01-14 22:32:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-01-14 22:32:58 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-01-14 22:32:25 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-14 22:32:25 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-14 22:32:24 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-14 22:32:23 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-14 22:32:23 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-14 22:32:22 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-14 22:32:22 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-14 22:31:41 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-14 22:31:38 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-01-21 20:37:16 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-21 20:37:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 17:02:41 439648 ----a-w- C:\Windows\System32\drivers\aswndisflt.sys
2014-01-15 16:48:34 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-15 16:48:34 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-15 16:48:33 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-15 16:48:31 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-21 22:56:32 316248 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2013-12-18 06:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-28 16:38:07 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-11-28 16:38:07 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-11-28 16:37:58 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-21 16:21:59 30208 ----a-w- C:\Windows\System32\licmgr10.dll
2013-11-21 16:21:58 548352 ----a-w- C:\Windows\System32\vbscript.dll
2013-11-21 16:21:58 167424 ----a-w- C:\Windows\System32\iexpress.exe
2013-11-21 16:21:58 143872 ----a-w- C:\Windows\System32\wextract.exe
2013-11-21 16:21:57 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2013-11-21 16:21:57 48128 ----a-w- C:\Windows\System32\imgutil.dll
2013-11-21 16:21:57 13824 ----a-w- C:\Windows\System32\mshta.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 16:25:26.17 ===============


More to add, I also got these issues before when I got BSOD :(
 
downloaded Drive Genius to check my drivers up to date, apparently a few of the were not, then my browser started redirecting me... :(
 
Windows
Problem: Shut down unexpectedly
Files that help describe the problem:
121811-41574-01.dmp
sysdata.xml
 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.
 
   Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20131210-1707.dmp
sysdata.xml
WERInternalMetadata.xml
 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.
 
   Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20140104-0956.dmp
sysdata.xml
WERInternalMetadata.xml
 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.
 
   Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20140104-1219.dmp
sysdata.xml
WERInternalMetadata.xml
 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.
 
   Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20140104-1229.dmp
sysdata.xml
WERInternalMetadata.xml
 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.
 
   Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20140104-1230.dmp
sysdata.xml
WERInternalMetadata.xml
 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.
 
   Windows
Problem: Shut down unexpectedly
Files that help describe the problem:
011514-57626-01.dmp
sysdata.xml
WERInternalMetadata.xml
 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.


Edited by hamluis, 25 January 2014 - 12:35 PM.
Merged posts - Hamluis.


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:06 PM

Posted 26 January 2014 - 02:50 PM

Hello safeluke,

 

My name is Cody and I'll be helping you clean up your computer. :)

 

What's below is very important information. Please take the time to read it before we get started.

 

I will reply as soon as possible (typically within 24 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

 

I am in Orlando, Florida at GMT-5 Hours (Eastern Standard Time). As previously stated, I normally respond within 24 hours, but I am a university student currently working part time. If I do not respond within 48 hours, feel free to send me a private message.

 

Some points for you to keep in mind:

 

Do NOT run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Do not attach logs or use code boxes, just copy and paste the text.

I cannot see your computer.

Periodically update me on the condition of your computer, and provide detail in every post.

Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.

 

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

 

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Edited by TheShooter93, 26 January 2014 - 02:50 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:06 PM

Posted 26 January 2014 - 03:17 PM

Hi safeluke,

 

Please do not miss my initial introductory post - the following are additional instructions.

 

-----------------------------------------------------------------------------------------------------

 

Throughout your thread you've mentioned a variety of symptoms, but I'm having trouble discerning which happened before you ran MBAM and which are still occurring. In your next reply, include 2 lists: one which gives all initial symptoms you experienced before you ran MBAM, and one which lists all remaining symptoms.

 

In addition to the lists, please provide the following:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

-----------------------------------------------------------------------------------------------------

 

Lastly, are you familiar with a program named Reminder? I'm finding little information on this entry in your log: uRun: [Reminder] C:\Program Files (x86)\TTG\Reminder\Reminder.exe and would like to know if you're familiar with it.


Edited by TheShooter93, 26 January 2014 - 05:49 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#4 safeluke

safeluke
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 27 January 2014 - 08:55 AM

Cheers for the help Cody

 

 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014
Ran by SafeLuke (administrator) on SAFELUKE-PC on 27-01-2014 13:42:23
Running from C:\Users\SafeLuke\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [KNOWHOW™ APP CENTRE] - C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk [1337 2011-05-24] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Reminder] - C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKCU\...\Run: [DockBar] - C:\Applications\Tools\DockBar\DockBar.exe [2964480 2010-11-25] (DSG Retail Ltd)
HKCU\...\Run: [Recovery Backup Wizard] - C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKCU\...\Run: [Facebook Update] - C:\Users\SafeLuke\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-07] (Facebook Inc.)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
MountPoints2: {e4c01927-6a9c-11e3-950f-80ee731be618} - E:\Unlock.exe autoplay=true
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Users\SafeLuke\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\SafeLuke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (No Name) - C:\Users\SafeLuke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoplgjhhlcacejbfedgcgcljnngeecal [2014-01-15]
CHR Extension: (Google Wallet) - C:\Users\SafeLuke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-28]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-24] (AVAST Software)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2014-01-19] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-12-21] (Trusteer Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-11-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-24] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-24] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-15] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-12-11] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282648 2013-12-21] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316248 2013-12-21] (Trusteer Ltd.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397784 2013-12-21] (Trusteer Ltd.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2009-12-11] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
R3 SoilMC; C:\Windows\System32\Drivers\SoilMC.sys [13304 2009-12-03] (Systems Internals)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-27 13:42 - 2014-01-27 13:42 - 00014575 _____ C:\Users\SafeLuke\Downloads\FRST.txt
2014-01-27 13:42 - 2014-01-27 13:42 - 00000000 ____D C:\FRST
2014-01-27 13:39 - 2014-01-27 13:39 - 02078208 _____ (Farbar) C:\Users\SafeLuke\Downloads\FRST64.exe
2014-01-22 15:36 - 2014-01-22 15:36 - 00001140 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-01-22 14:32 - 2014-01-22 18:37 - 00000000 ____D C:\Users\SafeLuke\Documents\Malware tools
2014-01-20 01:21 - 2014-01-20 01:21 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-20 00:38 - 2014-01-20 00:38 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2014-01-19 15:37 - 2014-01-22 14:17 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-19 15:37 - 2014-01-19 15:37 - 00001904 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-19 15:37 - 2014-01-19 15:37 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-19 15:26 - 2014-01-19 15:26 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 18:05 - 2014-01-15 18:05 - 00000000 ____D C:\Program Files\7-Zip
2014-01-15 18:03 - 2014-01-15 18:03 - 01376768 _____ C:\Users\SafeLuke\Downloads\7z920-x64.msi
2014-01-15 16:49 - 2014-01-24 15:06 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-15 16:43 - 2014-01-22 20:13 - 00000000 ____D C:\AdwCleaner
2014-01-15 16:42 - 2014-01-15 16:42 - 01236282 _____ C:\Users\SafeLuke\Desktop\AdwCleaner.exe
2014-01-15 16:34 - 2014-01-15 16:34 - 00000000 ____D C:\Users\SafeLuke\.android
2014-01-15 16:33 - 2014-01-15 16:33 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\cache
2014-01-15 16:30 - 2014-01-21 19:54 - 00000005 _____ C:\Users\SafeLuke\AppData\Roaming\WBPU-TTL.DAT
2014-01-15 16:25 - 2014-01-21 19:54 - 00000105 _____ C:\Users\SafeLuke\AppData\Roaming\WB.CFG
2014-01-15 16:24 - 2014-01-26 20:30 - 00000304 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-15 16:24 - 2014-01-21 21:24 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\DigitalSites
2014-01-15 16:24 - 2014-01-15 16:30 - 00003256 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-15 16:10 - 2014-01-15 16:10 - 00000000 ____D C:\ProgramData\House Of Soft
2014-01-15 16:08 - 2014-01-22 19:38 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-15 16:08 - 2014-01-22 19:38 - 00000000 ____D C:\Users\Administrator
2014-01-15 16:08 - 2014-01-15 16:13 - 00000000 ____D C:\ProgramData\d397b44e17e23859
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Packages
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Comodo
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2014-01-15 16:07 - 2014-01-15 16:10 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-15 15:40 - 2014-01-15 19:14 - 00000000 ____D C:\ProgramData\DriverGenius
2014-01-15 13:17 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 13:17 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-15 13:17 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-15 13:17 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 13:16 - 2014-01-15 13:17 - 00005250 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 13:06 - 2014-01-20 00:38 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\SystemRequirementsLab
2014-01-14 22:40 - 2012-08-23 13:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-14 22:40 - 2012-08-23 13:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-14 22:40 - 2012-08-23 13:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-14 22:39 - 2012-08-23 14:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-14 22:39 - 2012-08-23 14:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-14 22:39 - 2012-08-23 14:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-14 22:39 - 2012-08-23 14:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-14 22:39 - 2012-08-23 13:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-14 22:39 - 2012-08-23 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-14 22:39 - 2012-08-23 13:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-14 22:39 - 2012-08-23 13:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-14 22:39 - 2012-08-23 13:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-14 22:39 - 2012-08-23 13:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-14 22:39 - 2012-08-23 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-14 22:39 - 2012-08-23 11:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-14 22:39 - 2012-08-23 11:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-14 22:39 - 2012-08-23 11:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-14 22:39 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-14 22:39 - 2012-08-23 10:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-14 22:39 - 2012-08-23 10:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-14 22:39 - 2012-08-23 10:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-14 22:39 - 2012-08-23 10:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-14 22:39 - 2012-08-23 09:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-14 22:39 - 2012-08-23 08:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-14 22:39 - 2012-08-23 08:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-14 22:32 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 22:32 - 2012-05-04 11:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-14 22:32 - 2012-05-04 09:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-14 22:31 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 22:31 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-12 15:52 - 2014-01-12 15:53 - 13079688 _____ (Microsoft Corporation) C:\Users\SafeLuke\Downloads\Silverlight_x64.exe
2013-12-28 20:20 - 2013-12-28 20:27 - 00000000 ____D C:\Users\SafeLuke\Downloads\Copies
 
==================== One Month Modified Files and Folders =======
 
2014-01-27 13:42 - 2014-01-27 13:42 - 00014575 _____ C:\Users\SafeLuke\Downloads\FRST.txt
2014-01-27 13:42 - 2014-01-27 13:42 - 00000000 ____D C:\FRST
2014-01-27 13:41 - 2009-07-14 04:45 - 00027744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-27 13:41 - 2009-07-14 04:45 - 00027744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-27 13:39 - 2014-01-27 13:39 - 02078208 _____ (Farbar) C:\Users\SafeLuke\Downloads\FRST64.exe
2014-01-27 13:36 - 2011-11-05 15:26 - 01175620 _____ C:\Windows\WindowsUpdate.log
2014-01-27 13:34 - 2011-11-05 15:39 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
2014-01-27 13:31 - 2011-05-24 14:36 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-27 13:31 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 13:31 - 2009-07-14 04:51 - 00131010 _____ C:\Windows\setupact.log
2014-01-26 20:30 - 2014-01-15 16:24 - 00000304 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-26 20:10 - 2011-05-24 14:36 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 20:04 - 2012-08-03 19:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 20:02 - 2012-08-01 23:51 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3085723608-3087811879-2840625475-1001UA.job
2014-01-26 14:02 - 2012-08-01 23:51 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3085723608-3087811879-2840625475-1001Core.job
2014-01-26 13:33 - 2013-11-28 16:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-25 14:56 - 2012-08-03 19:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-25 14:56 - 2012-08-03 19:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-25 14:56 - 2012-02-10 18:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-24 15:10 - 2013-11-28 17:29 - 00001979 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-24 15:10 - 2013-11-28 16:39 - 00002039 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-24 15:06 - 2014-01-15 16:49 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-24 15:06 - 2013-11-28 16:38 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-24 15:04 - 2013-11-28 16:37 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-23 19:33 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2014-01-22 20:13 - 2014-01-15 16:43 - 00000000 ____D C:\AdwCleaner
2014-01-22 20:02 - 2013-06-02 10:27 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\uTorrent
2014-01-22 19:38 - 2014-01-15 16:08 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-22 19:38 - 2014-01-15 16:08 - 00000000 ____D C:\Users\Administrator
2014-01-22 18:37 - 2014-01-22 14:32 - 00000000 ____D C:\Users\SafeLuke\Documents\Malware tools
2014-01-22 18:08 - 2011-11-11 19:25 - 00000000 ____D C:\Windows\Minidump
2014-01-22 15:36 - 2014-01-22 15:36 - 00001140 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-01-22 14:27 - 2012-02-05 20:30 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Windows Live
2014-01-22 14:17 - 2014-01-19 15:37 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-21 22:01 - 2010-11-21 03:47 - 00383258 _____ C:\Windows\PFRO.log
2014-01-21 21:24 - 2014-01-15 16:24 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\DigitalSites
2014-01-21 19:54 - 2014-01-15 16:30 - 00000005 _____ C:\Users\SafeLuke\AppData\Roaming\WBPU-TTL.DAT
2014-01-21 19:54 - 2014-01-15 16:25 - 00000105 _____ C:\Users\SafeLuke\AppData\Roaming\WB.CFG
2014-01-20 01:21 - 2014-01-20 01:21 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-20 00:38 - 2014-01-20 00:38 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2014-01-20 00:38 - 2014-01-15 13:06 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\SystemRequirementsLab
2014-01-20 00:13 - 2011-05-24 14:36 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 15:37 - 2014-01-19 15:37 - 00001904 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-19 15:37 - 2014-01-19 15:37 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-19 15:26 - 2014-01-19 15:26 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 14:47 - 2011-11-05 15:38 - 00000000 ____D C:\Users\SafeLuke
2014-01-15 19:45 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 19:41 - 2011-05-24 13:22 - 00015250 _____ C:\Windows\system32\results.xml
2014-01-15 19:21 - 2011-05-24 11:47 - 00000000 ____D C:\Program Files (x86)\Intel
2014-01-15 19:18 - 2011-05-24 11:47 - 00000000 ____D C:\Intel
2014-01-15 19:14 - 2014-01-15 15:40 - 00000000 ____D C:\ProgramData\DriverGenius
2014-01-15 18:05 - 2014-01-15 18:05 - 00000000 ____D C:\Program Files\7-Zip
2014-01-15 18:03 - 2014-01-15 18:03 - 01376768 _____ C:\Users\SafeLuke\Downloads\7z920-x64.msi
2014-01-15 17:27 - 2012-04-30 12:36 - 00000000 ____D C:\Users\SafeLuke\readmes
2014-01-15 17:27 - 2012-04-30 12:36 - 00000000 ____D C:\Users\SafeLuke\licenses
2014-01-15 16:48 - 2013-11-28 16:38 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-15 16:42 - 2014-01-15 16:42 - 01236282 _____ C:\Users\SafeLuke\Desktop\AdwCleaner.exe
2014-01-15 16:34 - 2014-01-15 16:34 - 00000000 ____D C:\Users\SafeLuke\.android
2014-01-15 16:33 - 2014-01-15 16:33 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\cache
2014-01-15 16:30 - 2014-01-15 16:24 - 00003256 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-15 16:28 - 2013-10-23 14:58 - 00000000 ____D C:\Program Files (x86)\Aimersoft
2014-01-15 16:13 - 2014-01-15 16:08 - 00000000 ____D C:\ProgramData\d397b44e17e23859
2014-01-15 16:10 - 2014-01-15 16:10 - 00000000 ____D C:\ProgramData\House Of Soft
2014-01-15 16:10 - 2014-01-15 16:07 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Packages
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Comodo
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2014-01-15 16:08 - 2013-06-01 19:19 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2014-01-15 16:08 - 2011-11-05 15:54 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Google
2014-01-15 13:18 - 2013-11-25 19:03 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 13:17 - 2014-01-15 13:16 - 00005250 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 13:17 - 2013-11-25 19:02 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 01:48 - 2009-07-14 04:45 - 00466264 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 01:46 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-14 22:54 - 2013-05-22 16:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-14 22:54 - 2009-07-14 02:34 - 00000478 _____ C:\Windows\win.ini
2014-01-14 22:48 - 2011-05-24 14:32 - 00766780 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-14 22:39 - 2013-08-18 15:30 - 00000000 ____D C:\Windows\system32\MRT
2014-01-14 22:36 - 2011-11-06 13:43 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-12 15:53 - 2014-01-12 15:52 - 13079688 _____ (Microsoft Corporation) C:\Users\SafeLuke\Downloads\Silverlight_x64.exe
2014-01-03 19:39 - 2013-12-22 01:03 - 00000000 ____D C:\Users\SafeLuke\Downloads\2 Guns
2013-12-28 20:27 - 2013-12-28 20:20 - 00000000 ____D C:\Users\SafeLuke\Downloads\Copies
 
Files to move or delete:
====================
C:\Users\SafeLuke\setup.exe
 
 
Some content of TEMP:
====================
C:\Users\SafeLuke\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\SafeLuke\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-19 18:53
 
==================== End Of Log ============================
 
 
 
 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Addition
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014
Ran by SafeLuke at 2014-01-27 13:44:05
Running from C:\Users\SafeLuke\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (x32 Version: 9.0.2013 - Avast Software)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32 Version:  - Microsoft)
Deus Ex Human Revolution Director's Cut (x32 Version:  - =×óâàê=)
Driver 1.3 (Version: 1.3 - OEM)
DSG OSD 1.01 (x32 Version: 1.01 - OEM)
Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
FileASSASSIN (x32 Version: 1.06 - Malwarebytes)
Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HitmanPro 3.7 (Version: 3.7.8.208 - SurfRight B.V.)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2869 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (x32 Version: 6.0.24.7 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (x32 Version: 1.0.53.5 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (x32 Version: 7.0.0 - )
KNOWHOW™ APP CENTRE (x32 Version: 22447 - KNOWHOW)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (x32 Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (x32 Version: 3.8 - Google, Inc.)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Rapport (x32 Version: 3.5.1304.32 - Trusteer) Hidden
REALTEK Wireless LAN Driver (x32 Version: 1.00.0178 - REALTEK Semiconductor Corp.)
Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony Mobile Update Service (x32 Version: 2.13.1.38 - Sony Mobile Communications AB)
Sony PC Companion 2.10.165 (x32 Version: 2.10.165 - Sony)
System Requirements Lab for Intel (x32 Version: 4.5.22.0 - Husdawg, LLC)
Trusteer Endpoint Protection (x32 Version: 3.5.1304.32 - Trusteer)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2850061) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition (x32 Version:  - Microsoft)
VLC media player 1.1.11 (x32 Version: 1.1.11 - VideoLAN)
VoiceOver Kit (x32 Version: 1.42.128.0 - Apple Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
15-01-2014 16:44:44 avast! antivirus system restore point
15-01-2014 16:51:10 Device Driver Package Install: Avast Network Service
15-01-2014 18:03:47 Installed 7-Zip 9.20 (x64 edition)
15-01-2014 19:15:01 Before installing new drivers - 15/01/2014 19:14:52
15-01-2014 19:34:35 Before installing new drivers - 15/01/2014 19:34:28
19-01-2014 14:44:54 Windows Update
24-01-2014 14:59:05 avast! antivirus system restore point
24-01-2014 15:01:37 Windows Update
24-01-2014 15:08:04 Device Driver Package Install: Avast Network Service
26-01-2014 19:24:49 Removed Microsoft Silverlight
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2014-01-20 01:21 - 00040001 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
 
There are 639 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {07121364-3303-4C8F-BE36-7ACF38753B56} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {0D2EB23C-5FD2-4A11-9445-A68264A2ED3C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3085723608-3087811879-2840625475-1001Core => C:\Users\SafeLuke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07] (Facebook Inc.)
Task: {24299525-EA8E-48D4-9E49-13F8D413C85B} - System32\Tasks\Digital Sites => C:\Users\SafeLuke\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4ABFDB8B-9779-4158-B386-0BEDE644D7D4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7F650009-361D-4D54-873E-8311E8A43F8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)
Task: {ADF3B834-C271-4CC8-A884-0677981BE26B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B5306D14-EF0A-4BD1-8FA8-0BB405F272FC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-24] (AVAST Software)
Task: {C8543273-BD82-4664-A162-6D6BFC097DED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-25] (Adobe Systems Incorporated)
Task: {D0626290-00C2-4C35-9FC1-BEF79A882EA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)
Task: {E866779A-9AA1-48CB-AC9F-A03B369C609E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3085723608-3087811879-2840625475-1001UA => C:\Users\SafeLuke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07] (Facebook Inc.)
Task: {E8858FC5-1F8F-429A-9472-1D47C83EFB9D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\SafeLuke\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3085723608-3087811879-2840625475-1001Core.job => C:\Users\SafeLuke\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3085723608-3087811879-2840625475-1001UA.job => C:\Users\SafeLuke\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-17 11:23 - 2013-10-17 11:23 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-06-25 17:34 - 2013-12-11 19:28 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-01-26 13:33 - 2014-01-26 10:54 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012600\algo.dll
2014-01-27 13:35 - 2014-01-26 19:21 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012601\algo.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2011-05-24 14:40 - 2010-12-01 14:26 - 02452992 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtCore4.dll
2011-05-24 14:40 - 2010-12-01 14:26 - 00375808 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtXml4.dll
2011-05-24 14:40 - 2010-12-01 14:26 - 00322048 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\log4cplus.dll
2011-05-24 14:40 - 2010-12-01 14:26 - 00013312 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\featureController.dll
2011-05-24 14:40 - 2010-12-01 14:26 - 01008640 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtNetwork4.dll
2011-05-24 14:40 - 2010-12-01 14:26 - 00195584 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\libgsoap.dll
2011-05-24 14:40 - 2010-12-01 14:26 - 00062464 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\zlib1.dll
2011-05-24 14:40 - 2010-12-01 14:26 - 00400384 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\sqlite3.dll
2011-05-24 14:40 - 2011-04-19 17:58 - 03622128 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\plugin\libbizlplugin.dll
2013-11-28 16:38 - 2013-11-28 16:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-11-17 16:21 - 2009-11-17 16:21 - 00092160 _____ () C:\Program Files (x86)\OEM\DSG OSD 1.01\SoilIO.dll
2010-03-16 16:14 - 2010-03-16 16:14 - 00413184 _____ () C:\Program Files (x86)\OEM\DSG OSD 1.01\Media_DSG.dll
2013-08-29 13:38 - 2013-08-29 13:38 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2011-05-24 11:49 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-10-17 11:23 - 2013-10-17 11:23 - 08866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-20 00:13 - 2014-01-11 10:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-20 00:13 - 2014-01-11 10:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-20 00:13 - 2014-01-11 10:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-20 00:13 - 2014-01-11 10:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-20 00:13 - 2014-01-11 10:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/27/2014 01:33:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/26/2014 07:12:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.76, time stamp: 0x52d0feb8
Faulting module name: coreclr.dll, version: 5.1.20913.0, time stamp: 0x5232c8ca
Exception code: 0xc0000005
Fault offset: 0x001aac2f
Faulting process id: 0xe40
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (01/26/2014 07:12:28 PM) (Source: .NET Runtime) (User: )
Description: Application: chrome.exe
CoreCLR Version: 5.1.20913.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 5E62AC2F (5E480000) with exit code 80131506.
 
Error: (01/26/2014 07:08:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/26/2014 01:33:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/25/2014 02:44:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/24/2014 06:28:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/24/2014 02:56:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/27/2014 01:33:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%1053
 
Error: (01/27/2014 01:33:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (01/27/2014 01:32:01 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (01/27/2014 01:32:01 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (01/27/2014 01:31:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/26/2014 07:06:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/26/2014 01:31:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/25/2014 02:42:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/24/2014 06:26:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/24/2014 02:54:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
 
Microsoft Office Sessions:
=========================
Error: (01/27/2014 01:33:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/26/2014 07:12:30 PM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.7652d0feb8coreclr.dll5.1.20913.05232c8cac0000005001aac2fe4001cf1aca7f8b2f90C:\Program Files (x86)\Google\Chrome\Application\chrome.exec:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\coreclr.dllccb43fe6-86bd-11e3-9486-80ee731be618
 
Error: (01/26/2014 07:12:28 PM) (Source: .NET Runtime)(User: )
Description: Application: chrome.exe
CoreCLR Version: 5.1.20913.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 5E62AC2F (5E480000) with exit code 80131506.
 
Error: (01/26/2014 07:08:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/26/2014 01:33:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/25/2014 02:44:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/24/2014 06:28:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/24/2014 02:56:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-07 01:06:19.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-07 01:06:19.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-07 01:06:19.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-07 01:06:19.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-07 01:06:19.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-07 01:06:19.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-01 20:50:00.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-01 20:50:00.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-01 20:50:00.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-01 20:50:00.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 4061.18 MB
Available physical RAM: 2075.23 MB
Total Pagefile: 8120.53 MB
Available Pagefile: 5588.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:290.75 GB) (Free:215.77 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E5068114)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=291 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Lastly I have never heard of that program.

 

Give me a shout about what to do next cheers. :) 



#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:06 PM

Posted 28 January 2014 - 01:57 PM

Hello safeluke,
 
Cheers for the help Cody
No problem.  :)

 

-------------------------------------------------------------------------------------------------------------------------------------------------

 
We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    [attachment=146474:fixlist.txt]
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

Edited by TheShooter93, 28 January 2014 - 02:05 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#6 safeluke

safeluke
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 29 January 2014 - 08:41 AM

Sweeeeeeet

 

 

==========================================================================================

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01
Ran by SafeLuke at 2014-01-29 13:40:02 Run:1
Running from C:\Users\SafeLuke\Documents\Malware tools\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\Run: [Reminder] - C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKCU\...\Run: [Recovery Backup Wizard] - C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
C:\Program Files (x86)\TTG\Reminder\
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Reminder => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Recovery Backup Wizard => Value deleted successfully.
C:\Program Files (x86)\TTG\Reminder\ => Moved successfully.
 
==== End of Fixlog ====


#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:06 PM

Posted 30 January 2014 - 01:46 PM

Hi safeluke,

 

Scan with ESET Online Scan

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

------------------------------------------------------------------------------------------------------------------------

 

Also if you can post a fresh FRST log after the ESET scan is complete.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#8 safeluke

safeluke
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 30 January 2014 - 10:04 PM

ESET

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir Win32/NextLive.A application
C:\Games\Deus Ex Human Revolution Director's Cut\steam_api.dll a variant of Win32/HackTool.Crack.BL application
C:\ProgramData\InstallMate\{87A44F31-49A0-4AD4-A83F-01825C476DC7}\Custom.dll Win32/InstalleRex.M application
C:\Users\All Users\InstallMate\{87A44F31-49A0-4AD4-A83F-01825C476DC7}\Custom.dll Win32/InstalleRex.M application
 
====================================================================================================
 
FRST
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by SafeLuke (administrator) on SAFELUKE-PC on 31-01-2014 02:59:27
Running from C:\Users\SafeLuke\Documents\Malware tools\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [KNOWHOW™ APP CENTRE] - C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk [1337 2011-05-24] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\e9b81274-671b-4594-9687-d140c92501b5.exe /check [181136 2014-01-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [DockBar] - C:\Applications\Tools\DockBar\DockBar.exe [2964480 2010-11-25] (DSG Retail Ltd)
HKCU\...\Run: [Facebook Update] - C:\Users\SafeLuke\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-07] (Facebook Inc.)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
MountPoints2: {e4c01927-6a9c-11e3-950f-80ee731be618} - E:\Unlock.exe autoplay=true
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Users\SafeLuke\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\SafeLuke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (No Name) - C:\Users\SafeLuke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoplgjhhlcacejbfedgcgcljnngeecal [2014-01-15]
CHR Extension: (Google Wallet) - C:\Users\SafeLuke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-28]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-24] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-01-30] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-12-21] (Trusteer Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-11-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-24] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-24] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-15] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-12-11] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282648 2013-12-21] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316248 2013-12-21] (Trusteer Ltd.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397784 2013-12-21] (Trusteer Ltd.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2009-12-11] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
R3 SoilMC; C:\Windows\System32\Drivers\SoilMC.sys [13304 2009-12-03] (Systems Internals)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-31 02:59 - 2014-01-31 02:59 - 00000440 _____ C:\Users\SafeLuke\Desktop\eset.txt
2014-01-30 19:33 - 2014-01-30 19:33 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-30 19:32 - 2014-01-30 19:33 - 02347384 _____ (ESET) C:\Users\SafeLuke\Downloads\esetsmartinstaller_enu.exe
2014-01-27 14:26 - 2014-01-27 14:26 - 00000547 _____ C:\Users\SafeLuke\Documents\activtyy.txt
2014-01-27 13:42 - 2014-01-31 02:59 - 00000000 ____D C:\FRST
2014-01-22 15:36 - 2014-01-22 15:36 - 00001140 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-01-22 14:32 - 2014-01-29 13:36 - 00000000 ____D C:\Users\SafeLuke\Documents\Malware tools
2014-01-20 01:21 - 2014-01-20 01:21 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-20 00:38 - 2014-01-20 00:38 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2014-01-19 15:37 - 2014-01-22 14:17 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-19 15:37 - 2014-01-19 15:37 - 00001904 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-19 15:37 - 2014-01-19 15:37 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-19 15:26 - 2014-01-19 15:26 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 18:05 - 2014-01-15 18:05 - 00000000 ____D C:\Program Files\7-Zip
2014-01-15 18:03 - 2014-01-15 18:03 - 01376768 _____ C:\Users\SafeLuke\Downloads\7z920-x64.msi
2014-01-15 16:49 - 2014-01-24 15:06 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-15 16:43 - 2014-01-22 20:13 - 00000000 ____D C:\AdwCleaner
2014-01-15 16:42 - 2014-01-15 16:42 - 01236282 _____ C:\Users\SafeLuke\Desktop\AdwCleaner.exe
2014-01-15 16:34 - 2014-01-15 16:34 - 00000000 ____D C:\Users\SafeLuke\.android
2014-01-15 16:33 - 2014-01-15 16:33 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\cache
2014-01-15 16:30 - 2014-01-21 19:54 - 00000005 _____ C:\Users\SafeLuke\AppData\Roaming\WBPU-TTL.DAT
2014-01-15 16:25 - 2014-01-21 19:54 - 00000105 _____ C:\Users\SafeLuke\AppData\Roaming\WB.CFG
2014-01-15 16:24 - 2014-01-31 02:54 - 00000304 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-15 16:24 - 2014-01-21 21:24 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\DigitalSites
2014-01-15 16:24 - 2014-01-15 16:30 - 00003256 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-15 16:10 - 2014-01-15 16:10 - 00000000 ____D C:\ProgramData\House Of Soft
2014-01-15 16:08 - 2014-01-22 19:38 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-15 16:08 - 2014-01-22 19:38 - 00000000 ____D C:\Users\Administrator
2014-01-15 16:08 - 2014-01-15 16:13 - 00000000 ____D C:\ProgramData\d397b44e17e23859
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Packages
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Comodo
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2014-01-15 16:07 - 2014-01-15 16:10 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-15 15:40 - 2014-01-15 19:14 - 00000000 ____D C:\ProgramData\DriverGenius
2014-01-15 13:17 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 13:17 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-15 13:17 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-15 13:17 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 13:16 - 2014-01-15 13:17 - 00005250 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 13:06 - 2014-01-20 00:38 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\SystemRequirementsLab
2014-01-14 22:40 - 2012-08-23 13:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-14 22:40 - 2012-08-23 13:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-14 22:40 - 2012-08-23 13:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-14 22:39 - 2012-08-23 14:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-14 22:39 - 2012-08-23 14:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-14 22:39 - 2012-08-23 14:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-14 22:39 - 2012-08-23 14:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-14 22:39 - 2012-08-23 13:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-14 22:39 - 2012-08-23 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-14 22:39 - 2012-08-23 13:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-14 22:39 - 2012-08-23 13:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-14 22:39 - 2012-08-23 13:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-14 22:39 - 2012-08-23 13:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-14 22:39 - 2012-08-23 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-14 22:39 - 2012-08-23 11:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-14 22:39 - 2012-08-23 11:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-14 22:39 - 2012-08-23 11:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-14 22:39 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-14 22:39 - 2012-08-23 10:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-14 22:39 - 2012-08-23 10:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-14 22:39 - 2012-08-23 10:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-14 22:39 - 2012-08-23 10:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-14 22:39 - 2012-08-23 09:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-14 22:39 - 2012-08-23 08:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-14 22:39 - 2012-08-23 08:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-14 22:32 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 22:32 - 2012-05-04 11:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-14 22:32 - 2012-05-04 09:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-14 22:31 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 22:31 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-12 15:52 - 2014-01-12 15:53 - 13079688 _____ (Microsoft Corporation) C:\Users\SafeLuke\Downloads\Silverlight_x64.exe
 
==================== One Month Modified Files and Folders =======
 
2014-01-31 02:59 - 2014-01-31 02:59 - 00000440 _____ C:\Users\SafeLuke\Desktop\eset.txt
2014-01-31 02:59 - 2014-01-27 13:42 - 00000000 ____D C:\FRST
2014-01-31 02:55 - 2012-08-03 19:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 02:55 - 2012-08-01 23:51 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3085723608-3087811879-2840625475-1001UA.job
2014-01-31 02:55 - 2011-11-05 15:26 - 01251169 _____ C:\Windows\WindowsUpdate.log
2014-01-31 02:55 - 2011-05-24 14:36 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 02:54 - 2014-01-15 16:24 - 00000304 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-30 19:35 - 2009-07-14 04:45 - 00027744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 19:35 - 2009-07-14 04:45 - 00027744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 19:33 - 2014-01-30 19:33 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-30 19:33 - 2014-01-30 19:32 - 02347384 _____ (ESET) C:\Users\SafeLuke\Downloads\esetsmartinstaller_enu.exe
2014-01-30 19:30 - 2011-11-05 15:39 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
2014-01-30 19:29 - 2011-05-24 14:36 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 19:27 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 19:27 - 2009-07-14 04:51 - 00131962 _____ C:\Windows\setupact.log
2014-01-29 23:42 - 2012-02-05 20:30 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Windows Live
2014-01-29 20:17 - 2011-05-24 14:36 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 14:02 - 2012-08-01 23:51 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3085723608-3087811879-2840625475-1001Core.job
2014-01-29 13:40 - 2011-02-24 09:52 - 00000000 ____D C:\Program Files (x86)\TTG
2014-01-29 13:36 - 2014-01-22 14:32 - 00000000 ____D C:\Users\SafeLuke\Documents\Malware tools
2014-01-27 14:26 - 2014-01-27 14:26 - 00000547 _____ C:\Users\SafeLuke\Documents\activtyy.txt
2014-01-26 13:33 - 2013-11-28 16:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-25 14:56 - 2012-08-03 19:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-25 14:56 - 2012-08-03 19:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-25 14:56 - 2012-02-10 18:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-24 15:10 - 2013-11-28 17:29 - 00001979 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-24 15:10 - 2013-11-28 16:39 - 00002039 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-24 15:06 - 2014-01-15 16:49 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-24 15:06 - 2013-11-28 16:38 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-24 15:04 - 2013-11-28 16:37 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-23 19:33 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2014-01-22 20:13 - 2014-01-15 16:43 - 00000000 ____D C:\AdwCleaner
2014-01-22 20:02 - 2013-06-02 10:27 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\uTorrent
2014-01-22 19:38 - 2014-01-15 16:08 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-22 19:38 - 2014-01-15 16:08 - 00000000 ____D C:\Users\Administrator
2014-01-22 18:08 - 2011-11-11 19:25 - 00000000 ____D C:\Windows\Minidump
2014-01-22 15:36 - 2014-01-22 15:36 - 00001140 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-01-22 14:17 - 2014-01-19 15:37 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-21 22:01 - 2010-11-21 03:47 - 00383258 _____ C:\Windows\PFRO.log
2014-01-21 21:24 - 2014-01-15 16:24 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\DigitalSites
2014-01-21 19:54 - 2014-01-15 16:30 - 00000005 _____ C:\Users\SafeLuke\AppData\Roaming\WBPU-TTL.DAT
2014-01-21 19:54 - 2014-01-15 16:25 - 00000105 _____ C:\Users\SafeLuke\AppData\Roaming\WB.CFG
2014-01-20 01:21 - 2014-01-20 01:21 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-20 00:38 - 2014-01-20 00:38 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2014-01-20 00:38 - 2014-01-15 13:06 - 00000000 ____D C:\Users\SafeLuke\AppData\Roaming\SystemRequirementsLab
2014-01-19 15:37 - 2014-01-19 15:37 - 00001904 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-19 15:37 - 2014-01-19 15:37 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-19 15:26 - 2014-01-19 15:26 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 14:47 - 2011-11-05 15:38 - 00000000 ____D C:\Users\SafeLuke
2014-01-15 19:45 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 19:41 - 2011-05-24 13:22 - 00015250 _____ C:\Windows\system32\results.xml
2014-01-15 19:21 - 2011-05-24 11:47 - 00000000 ____D C:\Program Files (x86)\Intel
2014-01-15 19:18 - 2011-05-24 11:47 - 00000000 ____D C:\Intel
2014-01-15 19:14 - 2014-01-15 15:40 - 00000000 ____D C:\ProgramData\DriverGenius
2014-01-15 18:05 - 2014-01-15 18:05 - 00000000 ____D C:\Program Files\7-Zip
2014-01-15 18:03 - 2014-01-15 18:03 - 01376768 _____ C:\Users\SafeLuke\Downloads\7z920-x64.msi
2014-01-15 17:27 - 2012-04-30 12:36 - 00000000 ____D C:\Users\SafeLuke\readmes
2014-01-15 17:27 - 2012-04-30 12:36 - 00000000 ____D C:\Users\SafeLuke\licenses
2014-01-15 16:48 - 2013-11-28 16:38 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-15 16:42 - 2014-01-15 16:42 - 01236282 _____ C:\Users\SafeLuke\Desktop\AdwCleaner.exe
2014-01-15 16:34 - 2014-01-15 16:34 - 00000000 ____D C:\Users\SafeLuke\.android
2014-01-15 16:33 - 2014-01-15 16:33 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\cache
2014-01-15 16:30 - 2014-01-15 16:24 - 00003256 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-15 16:28 - 2013-10-23 14:58 - 00000000 ____D C:\Program Files (x86)\Aimersoft
2014-01-15 16:13 - 2014-01-15 16:08 - 00000000 ____D C:\ProgramData\d397b44e17e23859
2014-01-15 16:10 - 2014-01-15 16:10 - 00000000 ____D C:\ProgramData\House Of Soft
2014-01-15 16:10 - 2014-01-15 16:07 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Packages
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Comodo
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2014-01-15 16:08 - 2013-06-01 19:19 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2014-01-15 16:08 - 2011-11-05 15:54 - 00000000 ____D C:\Users\SafeLuke\AppData\Local\Google
2014-01-15 13:18 - 2013-11-25 19:03 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 13:17 - 2014-01-15 13:16 - 00005250 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 13:17 - 2013-11-25 19:02 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 01:48 - 2009-07-14 04:45 - 00466264 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 01:46 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-14 22:54 - 2013-05-22 16:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-14 22:54 - 2009-07-14 02:34 - 00000478 _____ C:\Windows\win.ini
2014-01-14 22:48 - 2011-05-24 14:32 - 00766780 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-14 22:39 - 2013-08-18 15:30 - 00000000 ____D C:\Windows\system32\MRT
2014-01-14 22:36 - 2011-11-06 13:43 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-12 15:53 - 2014-01-12 15:52 - 13079688 _____ (Microsoft Corporation) C:\Users\SafeLuke\Downloads\Silverlight_x64.exe
2014-01-03 19:39 - 2013-12-22 01:03 - 00000000 ____D C:\Users\SafeLuke\Downloads\2 Guns
 
Files to move or delete:
====================
C:\Users\SafeLuke\setup.exe
 
 
Some content of TEMP:
====================
C:\Users\SafeLuke\AppData\Local\Temp\HitmanPro.exe
C:\Users\SafeLuke\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\SafeLuke\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-19 18:53
 
==================== End Of Log ============================


#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:06 PM

Posted 05 February 2014 - 10:24 PM

Hello safeluke,

 

I wanted to give you a heads up to let you know I am still with you. I am currently discussing with my instructor on the best course of action.

 

I apologize for the delay and will respond as soon as possible.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:06 PM

Posted 06 February 2014 - 01:48 AM

Hi safeluke,

 

Again, I apologize for the delay. Please see our next steps below.  :)
 
We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
  • Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    [attachment=146781:fixlist.txt]
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

Lastly, please post a fresh FRST scan in your next reply. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#11 safeluke

safeluke
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 06 February 2014 - 09:12 AM

No need to apologise :) 

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2014
Ran by SafeLuke at 2014-02-06 14:05:13 Run:2
Running from C:\Users\SafeLuke\Documents\Malware tools\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Games\Deus Ex Human Revolution Director's Cut
C:\Users\All Users\InstallMate\{87A44F31-49A0-4AD4-A83F-01825C476DC7}
*****************
 
C:\Games\Deus Ex Human Revolution Director's Cut => Moved successfully.
C:\Users\All Users\InstallMate\{87A44F31-49A0-4AD4-A83F-01825C476DC7} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
 
==== End of Fixlog ====
 
================================================================================================================================
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by SafeLuke (administrator) on SAFELUKE-PC on 06-02-2014 14:08:08
Running from C:\Users\SafeLuke\Documents\Malware tools\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [KNOWHOW™ APP CENTRE] - C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk [1337 2011-05-24] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3085723608-3087811879-2840625475-1001\...\Run: [DockBar] - C:\Applications\Tools\DockBar\DockBar.exe [2964480 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3085723608-3087811879-2840625475-1001\...\Run: [Facebook Update] - C:\Users\SafeLuke\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-07] (Facebook Inc.)
HKU\S-1-5-21-3085723608-3087811879-2840625475-1001\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\S-1-5-21-3085723608-3087811879-2840625475-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3085723608-3087811879-2840625475-1001\...\MountPoints2: {e4c01927-6a9c-11e3-950f-80ee731be618} - E:\Unlock.exe autoplay=true
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Users\SafeLuke\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\SafeLuke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (Media Hint) - C:\Users\SafeLuke\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2014-02-03]
CHR Extension: (Media Hint) - C:\Users\SafeLuke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoplgjhhlcacejbfedgcgcljnngeecal [2014-01-15]
CHR Extension: (Google Wallet) - C:\Users\SafeLuke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-28]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-24] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-01-30] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-01-22] (Trusteer Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-11-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-24] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-24] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-15] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-12-11] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-01-22] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-01-22] (Trusteer Ltd.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-01-22] (Trusteer Ltd.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2009-12-11] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
R3 SoilMC; C:\Windows\System32\Drivers\SoilMC.sys [13304 2009-12-03] (Systems Internals)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-03 20:25 - 2014-02-03 20:25 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-03 20:24 - 2014-02-03 20:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-03 20:24 - 2014-02-03 20:25 - 00000000 ____D () C:\Program Files\iTunes
2014-02-03 20:24 - 2014-02-03 20:24 - 00000000 ____D () C:\Program Files\iPod
2014-01-31 02:59 - 2014-01-31 02:59 - 00000440 _____ () C:\Users\SafeLuke\Desktop\eset.txt
2014-01-30 19:33 - 2014-01-30 19:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-30 19:32 - 2014-01-30 19:33 - 02347384 _____ (ESET) C:\Users\SafeLuke\Downloads\esetsmartinstaller_enu.exe
2014-01-27 14:26 - 2014-01-27 14:26 - 00000547 _____ () C:\Users\SafeLuke\Documents\activtyy.txt
2014-01-27 13:42 - 2014-02-06 14:08 - 00000000 ____D () C:\FRST
2014-01-22 15:36 - 2014-01-22 15:36 - 00001140 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-01-22 14:32 - 2014-02-06 14:04 - 00000000 ____D () C:\Users\SafeLuke\Documents\Malware tools
2014-01-20 01:21 - 2014-01-20 01:21 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-20 00:38 - 2014-01-20 00:38 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-01-19 15:37 - 2014-01-22 14:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-19 15:37 - 2014-01-19 15:37 - 00001904 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-19 15:37 - 2014-01-19 15:37 - 00000000 ____D () C:\Program Files\HitmanPro
2014-01-19 15:26 - 2014-01-19 15:26 - 00000000 ____D () C:\Windows\ERUNT
2014-01-15 18:05 - 2014-01-15 18:05 - 00000000 ____D () C:\Program Files\7-Zip
2014-01-15 18:03 - 2014-01-15 18:03 - 01376768 _____ () C:\Users\SafeLuke\Downloads\7z920-x64.msi
2014-01-15 16:49 - 2014-01-24 15:06 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-15 16:43 - 2014-01-22 20:13 - 00000000 ____D () C:\AdwCleaner
2014-01-15 16:42 - 2014-01-15 16:42 - 01236282 _____ () C:\Users\SafeLuke\Desktop\AdwCleaner.exe
2014-01-15 16:34 - 2014-01-15 16:34 - 00000000 ____D () C:\Users\SafeLuke\.android
2014-01-15 16:33 - 2014-01-15 16:33 - 00000000 ____D () C:\Users\SafeLuke\AppData\Local\cache
2014-01-15 16:30 - 2014-01-21 19:54 - 00000005 _____ () C:\Users\SafeLuke\AppData\Roaming\WBPU-TTL.DAT
2014-01-15 16:25 - 2014-01-21 19:54 - 00000105 _____ () C:\Users\SafeLuke\AppData\Roaming\WB.CFG
2014-01-15 16:24 - 2014-02-05 19:30 - 00000304 _____ () C:\Windows\Tasks\Digital Sites.job
2014-01-15 16:24 - 2014-01-21 21:24 - 00000000 ____D () C:\Users\SafeLuke\AppData\Roaming\DigitalSites
2014-01-15 16:24 - 2014-01-15 16:30 - 00003256 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-01-15 16:10 - 2014-01-15 16:10 - 00000000 ____D () C:\ProgramData\House Of Soft
2014-01-15 16:08 - 2014-01-22 19:38 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-01-15 16:08 - 2014-01-22 19:38 - 00000000 ____D () C:\Users\Administrator
2014-01-15 16:08 - 2014-01-15 16:13 - 00000000 ____D () C:\ProgramData\d397b44e17e23859
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D () C:\Users\SafeLuke\AppData\Local\Packages
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D () C:\Users\SafeLuke\AppData\Local\Comodo
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-01-15 16:07 - 2014-02-06 14:05 - 00000000 ____D () C:\ProgramData\InstallMate
2014-01-15 15:40 - 2014-01-15 19:14 - 00000000 ____D () C:\ProgramData\DriverGenius
2014-01-15 13:17 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 13:17 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-15 13:17 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-15 13:17 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 13:16 - 2014-01-15 13:17 - 00005250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 13:06 - 2014-01-20 00:38 - 00000000 ____D () C:\Users\SafeLuke\AppData\Roaming\SystemRequirementsLab
2014-01-14 22:40 - 2012-08-23 13:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-14 22:40 - 2012-08-23 13:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-14 22:40 - 2012-08-23 13:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-14 22:39 - 2012-08-23 14:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-14 22:39 - 2012-08-23 14:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-14 22:39 - 2012-08-23 14:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-14 22:39 - 2012-08-23 14:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-14 22:39 - 2012-08-23 13:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-14 22:39 - 2012-08-23 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-14 22:39 - 2012-08-23 13:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-14 22:39 - 2012-08-23 13:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-14 22:39 - 2012-08-23 13:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-14 22:39 - 2012-08-23 13:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-14 22:39 - 2012-08-23 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-14 22:39 - 2012-08-23 11:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-14 22:39 - 2012-08-23 11:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-14 22:39 - 2012-08-23 11:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-14 22:39 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-14 22:39 - 2012-08-23 10:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-14 22:39 - 2012-08-23 10:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-14 22:39 - 2012-08-23 10:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-14 22:39 - 2012-08-23 10:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-14 22:39 - 2012-08-23 09:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-14 22:39 - 2012-08-23 08:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-14 22:39 - 2012-08-23 08:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-14 22:32 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 22:32 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 22:32 - 2012-05-04 11:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-14 22:32 - 2012-05-04 09:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-14 22:31 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 22:31 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-12 15:52 - 2014-01-12 15:53 - 13079688 _____ (Microsoft Corporation) C:\Users\SafeLuke\Downloads\Silverlight_x64.exe
 
==================== One Month Modified Files and Folders =======
 
2014-02-06 14:08 - 2014-01-27 13:42 - 00000000 ____D () C:\FRST
2014-02-06 14:06 - 2009-07-14 04:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 14:06 - 2009-07-14 04:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 14:05 - 2014-01-15 16:07 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-06 14:05 - 2013-10-29 17:54 - 00000000 ____D () C:\Games
2014-02-06 14:04 - 2014-01-22 14:32 - 00000000 ____D () C:\Users\SafeLuke\Documents\Malware tools
2014-02-06 14:04 - 2012-08-03 19:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-06 14:02 - 2012-08-01 23:51 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3085723608-3087811879-2840625475-1001UA.job
2014-02-06 14:02 - 2012-08-01 23:51 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3085723608-3087811879-2840625475-1001Core.job
2014-02-06 14:01 - 2011-11-05 15:39 - 00000000 ____D () C:\Users\SafeLuke\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
2014-02-06 13:59 - 2011-05-24 14:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 13:58 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 13:57 - 2009-07-14 04:51 - 00132354 _____ () C:\Windows\setupact.log
2014-02-05 19:44 - 2011-11-05 15:26 - 01357697 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 19:30 - 2014-01-15 16:24 - 00000304 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-05 19:10 - 2011-05-24 14:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 18:04 - 2012-08-03 19:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 18:04 - 2012-08-03 19:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 18:04 - 2012-02-10 18:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 17:16 - 2011-05-24 14:36 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-05 16:31 - 2012-02-05 20:30 - 00000000 ____D () C:\Users\SafeLuke\AppData\Local\Windows Live
2014-02-03 20:25 - 2014-02-03 20:25 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-03 20:25 - 2014-02-03 20:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-03 20:25 - 2014-02-03 20:24 - 00000000 ____D () C:\Program Files\iTunes
2014-02-03 20:25 - 2012-09-17 09:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-03 20:24 - 2014-02-03 20:24 - 00000000 ____D () C:\Program Files\iPod
2014-02-03 20:17 - 2011-11-05 17:34 - 00000000 ____D () C:\ProgramData\Apple
2014-02-03 19:53 - 2013-11-28 16:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-31 02:59 - 2014-01-31 02:59 - 00000440 _____ () C:\Users\SafeLuke\Desktop\eset.txt
2014-01-30 19:33 - 2014-01-30 19:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-30 19:33 - 2014-01-30 19:32 - 02347384 _____ (ESET) C:\Users\SafeLuke\Downloads\esetsmartinstaller_enu.exe
2014-01-29 13:40 - 2011-02-24 09:52 - 00000000 ____D () C:\Program Files (x86)\TTG
2014-01-27 14:26 - 2014-01-27 14:26 - 00000547 _____ () C:\Users\SafeLuke\Documents\activtyy.txt
2014-01-24 15:10 - 2013-11-28 17:29 - 00001979 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-24 15:10 - 2013-11-28 16:39 - 00002039 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-24 15:06 - 2014-01-15 16:49 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-24 15:06 - 2013-11-28 16:38 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-24 15:06 - 2013-11-28 16:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-24 15:04 - 2013-11-28 16:37 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-23 19:33 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-01-22 20:37 - 2013-06-25 17:34 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-01-22 20:13 - 2014-01-15 16:43 - 00000000 ____D () C:\AdwCleaner
2014-01-22 20:02 - 2013-06-02 10:27 - 00000000 ____D () C:\Users\SafeLuke\AppData\Roaming\uTorrent
2014-01-22 19:38 - 2014-01-15 16:08 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-01-22 19:38 - 2014-01-15 16:08 - 00000000 ____D () C:\Users\Administrator
2014-01-22 18:08 - 2011-11-11 19:25 - 00000000 ____D () C:\Windows\Minidump
2014-01-22 15:36 - 2014-01-22 15:36 - 00001140 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-01-22 14:17 - 2014-01-19 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-21 22:01 - 2010-11-21 03:47 - 00383258 _____ () C:\Windows\PFRO.log
2014-01-21 21:24 - 2014-01-15 16:24 - 00000000 ____D () C:\Users\SafeLuke\AppData\Roaming\DigitalSites
2014-01-21 19:54 - 2014-01-15 16:30 - 00000005 _____ () C:\Users\SafeLuke\AppData\Roaming\WBPU-TTL.DAT
2014-01-21 19:54 - 2014-01-15 16:25 - 00000105 _____ () C:\Users\SafeLuke\AppData\Roaming\WB.CFG
2014-01-20 01:21 - 2014-01-20 01:21 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-20 00:38 - 2014-01-20 00:38 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-01-20 00:38 - 2014-01-15 13:06 - 00000000 ____D () C:\Users\SafeLuke\AppData\Roaming\SystemRequirementsLab
2014-01-19 15:37 - 2014-01-19 15:37 - 00001904 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-19 15:37 - 2014-01-19 15:37 - 00000000 ____D () C:\Program Files\HitmanPro
2014-01-19 15:26 - 2014-01-19 15:26 - 00000000 ____D () C:\Windows\ERUNT
2014-01-19 14:47 - 2011-11-05 15:38 - 00000000 ____D () C:\Users\SafeLuke
2014-01-15 19:45 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-15 19:41 - 2011-05-24 13:22 - 00015250 _____ () C:\Windows\system32\results.xml
2014-01-15 19:21 - 2011-05-24 11:47 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-01-15 19:18 - 2011-05-24 11:47 - 00000000 ____D () C:\Intel
2014-01-15 19:14 - 2014-01-15 15:40 - 00000000 ____D () C:\ProgramData\DriverGenius
2014-01-15 18:05 - 2014-01-15 18:05 - 00000000 ____D () C:\Program Files\7-Zip
2014-01-15 18:03 - 2014-01-15 18:03 - 01376768 _____ () C:\Users\SafeLuke\Downloads\7z920-x64.msi
2014-01-15 17:27 - 2012-04-30 12:36 - 00000000 ____D () C:\Users\SafeLuke\readmes
2014-01-15 17:27 - 2012-04-30 12:36 - 00000000 ____D () C:\Users\SafeLuke\licenses
2014-01-15 16:48 - 2013-11-28 16:38 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-15 16:42 - 2014-01-15 16:42 - 01236282 _____ () C:\Users\SafeLuke\Desktop\AdwCleaner.exe
2014-01-15 16:34 - 2014-01-15 16:34 - 00000000 ____D () C:\Users\SafeLuke\.android
2014-01-15 16:33 - 2014-01-15 16:33 - 00000000 ____D () C:\Users\SafeLuke\AppData\Local\cache
2014-01-15 16:30 - 2014-01-15 16:24 - 00003256 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-01-15 16:28 - 2013-10-23 14:58 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-01-15 16:13 - 2014-01-15 16:08 - 00000000 ____D () C:\ProgramData\d397b44e17e23859
2014-01-15 16:10 - 2014-01-15 16:10 - 00000000 ____D () C:\ProgramData\House Of Soft
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D () C:\Users\SafeLuke\AppData\Local\Packages
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D () C:\Users\SafeLuke\AppData\Local\Comodo
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-01-15 16:08 - 2014-01-15 16:08 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-01-15 16:08 - 2013-06-01 19:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-01-15 16:08 - 2011-11-05 15:54 - 00000000 ____D () C:\Users\SafeLuke\AppData\Local\Google
2014-01-15 13:18 - 2013-11-25 19:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-15 13:17 - 2014-01-15 13:16 - 00005250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 13:17 - 2013-11-25 19:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-15 01:48 - 2009-07-14 04:45 - 00466264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 01:46 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-14 22:54 - 2013-05-22 16:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-14 22:54 - 2009-07-14 02:34 - 00000478 _____ () C:\Windows\win.ini
2014-01-14 22:48 - 2011-05-24 14:32 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-14 22:39 - 2013-08-18 15:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-14 22:36 - 2011-11-06 13:43 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-12 15:54 - 2014-01-12 15:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-12 15:53 - 2014-01-12 15:52 - 13079688 _____ (Microsoft Corporation) C:\Users\SafeLuke\Downloads\Silverlight_x64.exe
 
Files to move or delete:
====================
C:\Users\SafeLuke\setup.exe
 
 
Some content of TEMP:
====================
C:\Users\SafeLuke\AppData\Local\Temp\HitmanPro.exe
C:\Users\SafeLuke\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\SafeLuke\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-19 18:53
 
==================== End Of Log ============================
 
Again cheers for your help :) 


#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:06 PM

Posted 06 February 2014 - 05:26 PM

Hi safeluke,

 

Again cheers for your help  :)

 

You're welcome. :)

 

How is your computer behaving now?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:06 PM

Posted 09 February 2014 - 05:42 PM

Hello safeluke,

 

This is the third day since my last post. Are you still there?

 

If you need more time, just let me know.

 

If you do not post within 48 hours, this thread will be closed due to inactivity.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:06 AM

Posted 11 February 2014 - 02:46 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:06 AM

Posted 12 February 2014 - 10:58 AM

This topic has been re-opened at the request of the person who originally posted.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users