Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with IRP Hook and others????


  • This topic is locked This topic is locked
30 replies to this topic

#1 IowaLoneWolf

IowaLoneWolf

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 13 February 2014 - 11:45 AM

This is a laptop that was passed to me from people at work and is experiecing the following issues:

1) I believe it is all virus related: AVG shows an IRP Hook and a Trojan Horse Downloader

2) Window's explorer is in a never ending loop of "Windows Explorere has stopped working" and "Windows Explorer is restarting"

3) Random pop-up windows keep coming up

 

Thank you in advance for any help!

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:52 PM

Posted 13 February 2014 - 04:04 PM

Hello IowaLoneWolf,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 IowaLoneWolf

IowaLoneWolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 13 February 2014 - 06:56 PM

Thank you for your help on this issue! I have run the scan and had the following results:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Stanley (administrator) on STANLEY-LT on 13-02-2014 16:01:56
Running from C:\Users\Stanley\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-01] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2013-12-25] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4008844041-2714684003-2717108086-1000\...\MountPoints2: {9221f7e2-8e7d-11e3-8412-14dae90efdbe} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4008844041-2714684003-2717108086-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Stanley\AppData\Local\Temp\siompec\scfsrnn\wow.dll ATTENTION! ====> ZeroAccess?

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFDAF9285-0A14-41D1-9EA7-FC7D141BE0D3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFDAF9285-0A14-41D1-9EA7-FC7D141BE0D3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 97.64.168.12 97.64.183.165

FireFox:
========
FF ProfilePath: C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\8h1qcbmp.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: ArcadeParlor - C:\Users\Stanley\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-01-29]
FF Extension: Value Apps - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\8h1qcbmp.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-02-10]
FF Extension: ArcadeParlor - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\8h1qcbmp.default\Extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-01-29]
FF HKCU\...\Firefox\Extensions: [{75623d5d-4683-402a-b610-ac4bab767c86}] - C:\Users\Stanley\AppData\Local\SurfCanyon\Firefox
FF Extension: Fast Search by Surf Canyon - C:\Users\Stanley\AppData\Local\SurfCanyon\Firefox [2014-01-29]

Chrome:
=======
CHR Extension: (Surf Canyon) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem [2014-01-29]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-12]
CHR Extension: (Google Search) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-12]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-12]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R1 MpKsl6c9bae6a; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{974B00B5-94CB-4A44-84B1-BA8B68E3E37D}\MpKsl6c9bae6a.sys [46768 2014-02-13] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-13 16:01 - 2014-02-13 16:02 - 00014604 _____ () C:\Users\Stanley\Desktop\FRST.txt
2014-02-13 16:01 - 2014-02-13 16:01 - 02152960 _____ (Farbar) C:\Users\Stanley\Desktop\FRST64.exe
2014-02-13 16:01 - 2014-02-13 16:01 - 00000000 ____D () C:\FRST
2014-02-13 15:48 - 2014-02-13 16:00 - 01141248 _____ (Farbar) C:\Users\Stanley\Desktop\FRST.exe
2014-02-13 10:47 - 2014-02-13 10:48 - 00000000 ____D () C:\Users\Stanley\Desktop\Virus
2014-02-12 16:27 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:27 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 16:26 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 16:26 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 16:26 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 16:26 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 16:26 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 16:26 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 16:26 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 16:26 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 16:26 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:26 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 16:26 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 16:26 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 16:26 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 16:26 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 16:26 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 16:26 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 16:26 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 16:26 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 16:26 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 16:26 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 16:26 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 16:26 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 16:26 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 16:26 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 16:26 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 16:26 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 16:26 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 16:26 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 16:26 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 16:26 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 16:26 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 16:26 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 16:26 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 16:26 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 16:26 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 16:26 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 16:26 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 16:26 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 16:26 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 15:00 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 15:00 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:16 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:16 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 12:16 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 12:16 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 12:16 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 12:16 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 12:16 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 12:16 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 12:16 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 12:16 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 12:16 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 12:16 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 12:16 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 12:16 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 12:16 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 12:16 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 12:16 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 12:16 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 12:16 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 12:16 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:16 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 12:16 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 12:15 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 12:15 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 12:15 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 12:15 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-04 21:07 - 2014-02-13 13:26 - 00000386 _____ () C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job
2014-02-04 21:07 - 2014-02-13 13:26 - 00000358 _____ () C:\Windows\Tasks\AVG_SYS_TASK.job
2014-02-04 21:07 - 2014-02-04 21:07 - 00002890 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_DELETE
2014-02-04 21:07 - 2014-02-04 21:07 - 00002652 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK
2014-02-04 21:07 - 2014-02-04 21:07 - 00000000 ____D () C:\ProgramData\AVG 0214c Campaign
2014-02-03 16:31 - 2014-02-03 16:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 21:00 - 2014-01-30 09:43 - 00000384 _____ () C:\Windows\Tasks\gVl9zwFmF0l10BHDcpaCunoRET4Ork.job
2014-01-29 21:00 - 2014-01-29 21:01 - 00000000 ____D () C:\Program Files (x86)\Surf Canyon
2014-01-29 21:00 - 2014-01-29 21:00 - 00002792 _____ () C:\Windows\System32\Tasks\gVl9zwFmF0l10BHDcpaCunoRET4Ork
2014-01-29 21:00 - 2014-01-29 21:00 - 00000147 _____ () C:\out.txt
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Users\Stanley\AppData\Local\SurfCanyon
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Users\Stanley\AppData\Local\Surf_Canyon
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Program Files (x86)\Winferno
2014-01-29 21:00 - 2010-10-26 11:07 - 00499785 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINUTIL8.DLL
2014-01-29 21:00 - 2010-09-01 15:59 - 00835656 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINCTL5.OCX
2014-01-29 21:00 - 2010-01-14 10:31 - 00425984 _____ () C:\Windows\SysWOW64\WinCMR.dll
2014-01-29 21:00 - 2009-06-05 11:04 - 00393216 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINLCTL6.DLL
2014-01-23 10:40 - 2014-01-23 10:40 - 00000000 ____D () C:\Users\Stanley\AppData\Roaming\Oracle
2014-01-23 10:35 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-23 10:35 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-23 10:35 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-23 10:35 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-23 10:34 - 2014-01-23 10:35 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 14:17 - 2014-01-16 14:17 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-01-14 13:31 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 13:31 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 13:31 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 13:31 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 13:31 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 13:31 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 13:31 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 13:31 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 13:31 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-13 16:02 - 2014-02-13 16:01 - 00014604 _____ () C:\Users\Stanley\Desktop\FRST.txt
2014-02-13 16:01 - 2014-02-13 16:01 - 02152960 _____ (Farbar) C:\Users\Stanley\Desktop\FRST64.exe
2014-02-13 16:01 - 2014-02-13 16:01 - 00000000 ____D () C:\FRST
2014-02-13 16:00 - 2014-02-13 15:48 - 01141248 _____ (Farbar) C:\Users\Stanley\Desktop\FRST.exe
2014-02-13 15:41 - 2012-09-12 16:24 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 15:39 - 2012-05-28 18:22 - 01739391 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 15:23 - 2012-09-12 16:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 13:28 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 13:28 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 13:26 - 2014-02-04 21:07 - 00000386 _____ () C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job
2014-02-13 13:26 - 2014-02-04 21:07 - 00000358 _____ () C:\Windows\Tasks\AVG_SYS_TASK.job
2014-02-13 13:26 - 2012-09-12 16:24 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 13:20 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 13:20 - 2009-07-13 22:51 - 00099454 _____ () C:\Windows\setupact.log
2014-02-13 11:28 - 2014-01-06 19:49 - 00000000 ____D () C:\Users\Stanley\AppData\Local\CrashDumps
2014-02-13 10:48 - 2014-02-13 10:47 - 00000000 ____D () C:\Users\Stanley\Desktop\Virus
2014-02-13 09:40 - 2014-01-13 13:00 - 00000000 ____D () C:\Users\Stanley\Desktop\Erickson
2014-02-13 09:26 - 2014-01-04 14:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-13 09:20 - 2012-05-28 18:35 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-02-12 19:01 - 2011-04-01 22:17 - 00442782 _____ () C:\Windows\PFRO.log
2014-02-12 16:40 - 2012-08-20 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 16:39 - 2009-07-13 23:13 - 00757148 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 16:28 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-06 06:16 - 2014-02-12 16:26 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-12 16:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-12 16:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-12 16:26 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-12 16:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-12 16:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 16:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-12 16:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-12 16:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-12 16:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-12 16:26 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-12 16:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-12 16:26 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-12 16:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-12 16:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-12 16:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-12 16:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-12 16:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-12 16:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 16:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-12 16:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-12 16:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 16:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-12 16:26 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-12 16:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-12 16:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-12 16:26 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-12 16:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-12 16:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-12 16:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-12 16:26 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-12 16:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 16:26 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 16:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-12 16:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-12 16:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-12 16:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-12 16:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-12 16:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 11:26 - 2012-09-12 16:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 11:25 - 2012-11-20 10:21 - 03544968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-05 11:25 - 2012-09-12 16:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 11:25 - 2012-09-12 16:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 21:07 - 2014-02-04 21:07 - 00002890 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_DELETE
2014-02-04 21:07 - 2014-02-04 21:07 - 00002652 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK
2014-02-04 21:07 - 2014-02-04 21:07 - 00000000 ____D () C:\ProgramData\AVG 0214c Campaign
2014-02-04 11:44 - 2013-08-20 14:23 - 00000000 ____D () C:\Users\Stanley\Desktop\LifeWorks
2014-02-03 17:59 - 2014-01-04 14:31 - 00000000 ____D () C:\Users\Stanley\AppData\Local\genienext
2014-02-03 17:59 - 2014-01-04 14:30 - 00000000 ____D () C:\Users\Stanley\AppData\Local\Conduit
2014-02-03 17:59 - 2014-01-04 14:30 - 00000000 ____D () C:\Program Files\Conduit
2014-02-03 17:59 - 2014-01-04 14:30 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-02-03 16:31 - 2014-02-03 16:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 09:43 - 2014-01-29 21:00 - 00000384 _____ () C:\Windows\Tasks\gVl9zwFmF0l10BHDcpaCunoRET4Ork.job
2014-01-29 21:01 - 2014-01-29 21:00 - 00000000 ____D () C:\Program Files (x86)\Surf Canyon
2014-01-29 21:01 - 2014-01-04 14:36 - 00000000 ____D () C:\ProgramData\AVG2014
2014-01-29 21:00 - 2014-01-29 21:00 - 00002792 _____ () C:\Windows\System32\Tasks\gVl9zwFmF0l10BHDcpaCunoRET4Ork
2014-01-29 21:00 - 2014-01-29 21:00 - 00000147 _____ () C:\out.txt
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Users\Stanley\AppData\Local\SurfCanyon
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Users\Stanley\AppData\Local\Surf_Canyon
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Program Files (x86)\Winferno
2014-01-23 10:40 - 2014-01-23 10:40 - 00000000 ____D () C:\Users\Stanley\AppData\Roaming\Oracle
2014-01-23 10:35 - 2014-01-23 10:34 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 10:35 - 2014-01-03 13:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 10:35 - 2014-01-03 13:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-19 01:33 - 2012-09-12 15:50 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 10:20 - 2012-09-12 16:21 - 00000000 ____D () C:\Users\Stanley\AppData\Local\Adobe
2014-01-16 15:36 - 2012-09-12 15:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-16 15:36 - 2012-09-12 15:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-01-16 14:17 - 2014-01-16 14:17 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-01-15 10:46 - 2009-07-13 22:45 - 00417416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 09:45 - 2013-08-15 07:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 09:43 - 2012-05-29 13:52 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Stanley\AppData\Local\Temp\arcparlupd.exe
C:\Users\Stanley\AppData\Local\Temp\BackupSetup.exe
C:\Users\Stanley\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Stanley\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!


LastRegBack: 2014-02-01 13:09

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by Stanley at 2014-02-13 16:03:03
Running from C:\Users\Stanley\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (x32 Version: 1.0.13 - ASUS)
ASUS FancyStart (x32 Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (x32 Version: 3.0.21 - ASUS)
ASUS Live Update (x32 Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (Version: 1.1.43 - ASUS)
ASUS SmartLogon (x32 Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031 - ASUS)
ASUS Virtual Camera (x32 Version: 1.0.21 - asus)
ASUS WebStorage (x32 Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG_Basic (x32 Version: 1.0.0001 - ASUS)
AsusVibe2.0 (x32 Version: 2.0.4.617 - ASUSTEK)
ATK Package (x32 Version: 1.0.0008 - ASUS)
AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.3697 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4335 - AVG Technologies)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
DMUninstaller (x32 Version:  - ) <==== ATTENTION
ETDWare PS/2-X64 8.0.5.0_WHQL (Version: 8.0.5.0 - ELAN Microelectronic Corp.)
Fast Boot (Version: 1.0.8 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2291 - Intel Corporation)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nuance PDF Reader (x32 Version: 6.00.0041 - Nuance Communications, Inc.)
Ralink RT2860 Wireless LAN Card (x32 Version: 1.5.9.0 - Ralink)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6324 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (x32 Version: 5.5.746.11492 - syncables)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.200 - Nuance Communications Inc.)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (x32 Version: 2.31.1 - ASUS)
Wireless Console 3 (x32 Version: 3.0.19 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

23-01-2014 16:33:23 Installed Java 7 Update 51
23-01-2014 19:53:14 Windows Update
28-01-2014 17:50:52 Windows Update
01-02-2014 18:15:41 Windows Update
05-02-2014 16:07:53 Windows Update
09-02-2014 03:23:45 Windows Update
12-02-2014 14:09:37 Windows Update
12-02-2014 14:40:14 Installed AVG 2014
12-02-2014 22:26:23 Windows Update
13-02-2014 15:24:05 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2012-09-13 03:51 - 00444285 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0F177E58-3E63-490D-9F66-E28AB9BA2E4F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {13739E40-C478-42BA-AAA8-9D884BC540A1} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {2DAA31F6-22E4-484D-B37C-1D518EF3B6D1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {331EE344-F1A0-4E7E-A1BE-AE081D499CB5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {39A954F2-E0CE-4C99-A75C-A5269CFB4F00} - System32\Tasks\AVG_SYS_TASK_DELETE => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2014-01-28] ()
Task: {4483D7D2-9DB3-4062-A444-B2F512D64D1F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {4FEC10FB-8197-42FD-8F96-B3EC4EEDABC0} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {54F4A92E-5FB9-46C5-B35E-77E4AA385A21} - System32\Tasks\gVl9zwFmF0l10BHDcpaCunoRET4Ork => C:\Users\Stanley\AppData\Local\Temp\qs_23b41b60\866 [2014-01-29] () <==== ATTENTION
Task: {5C65B8B6-677D-4D03-94C9-0B6911CC3B69} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {6449C857-6FE9-4CB6-AB61-9A9B2F497685} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {736B775C-372E-4EF2-B2A2-90C787009024} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [2014-01-28] ()
Task: {862EBCE7-6749-4FA7-B4FF-3289E69E60E3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {A7AA38A0-CCE3-4D61-9093-F0C13F304AC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {AB9D791D-4F13-40D8-8251-996AD54C970D} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {CCFC28B9-2346-4C20-815B-15B7479F29CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)
Task: {F21CF04F-8A07-48B7-B506-687021FB5E13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK.job => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\gVl9zwFmF0l10BHDcpaCunoRET4Ork.job => c:\program files (x86)\mozilla firefox\firefox.exe

==================== Loaded Modules (whitelisted) =============

2012-05-28 18:34 - 2007-11-30 12:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-04-02 18:21 - 2008-09-30 22:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-04-20 02:18 - 2011-01-26 18:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-04 14:31 - 2013-12-25 20:19 - 00761536 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
2014-02-04 21:07 - 2014-01-28 13:07 - 02548248 _____ () C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-12-10 12:08 - 2013-12-10 12:08 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-05 11:25 - 2014-02-05 11:25 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
2011-01-18 12:21 - 2011-01-18 12:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk.disabled => C:\Windows\pss\AsusVibeLauncher.lnk.disabled.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk.disabled => C:\Windows\pss\FancyStart daemon.lnk.disabled.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2014 03:57:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe06d7363
Fault offset: 0x000000000000940d
Faulting process id: 0x13e0
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (02/13/2014 03:50:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe06d7363
Fault offset: 0x000000000000940d
Faulting process id: 0x1620
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (02/13/2014 03:41:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe06d7363
Fault offset: 0x000000000000940d
Faulting process id: 0x1550
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (02/13/2014 03:32:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe06d7363
Fault offset: 0x000000000000940d
Faulting process id: 0x135c
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (02/13/2014 03:24:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe06d7363
Fault offset: 0x000000000000940d
Faulting process id: 0x11bc
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (02/13/2014 02:34:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe06d7363
Fault offset: 0x000000000000940d
Faulting process id: 0x17b8
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (02/13/2014 02:25:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe06d7363
Fault offset: 0x000000000000940d
Faulting process id: 0x14fc
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (02/13/2014 02:18:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe06d7363
Fault offset: 0x000000000000940d
Faulting process id: 0x1510
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (02/13/2014 02:10:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe06d7363
Fault offset: 0x000000000000940d
Faulting process id: 0xc98
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (02/13/2014 02:03:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000001f80
Faulting process id: 0x1508
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3


System errors:
=============
Error: (02/13/2014 03:57:38 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 15 time(s).

Error: (02/13/2014 03:50:07 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 14 time(s).

Error: (02/13/2014 03:41:42 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 13 time(s).

Error: (02/13/2014 03:32:58 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 12 time(s).

Error: (02/13/2014 03:32:58 PM) (Source: Service Control Manager) (User: )
Description: The Cryptographic Services service terminated unexpectedly.  It has done this 5 time(s).

Error: (02/13/2014 03:24:29 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 11 time(s).

Error: (02/13/2014 03:24:29 PM) (Source: Service Control Manager) (User: )
Description: The Cryptographic Services service terminated unexpectedly.  It has done this 4 time(s).

Error: (02/13/2014 02:34:18 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 10 time(s).

Error: (02/13/2014 02:34:18 PM) (Source: Service Control Manager) (User: )
Description: The Cryptographic Services service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/13/2014 02:25:47 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 9 time(s).


Microsoft Office Sessions:
=========================
Error: (02/13/2014 03:57:37 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.1822951fb1677e06d7363000000000000940d13e001cf29058f8f01a9C:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dlld97e05c6-94f9-11e3-abd3-14dae90efdbe

Error: (02/13/2014 03:50:05 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.1822951fb1677e06d7363000000000000940d162001cf290473d7051cC:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dllcc12ac6e-94f8-11e3-abd3-14dae90efdbe

Error: (02/13/2014 03:41:41 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.1822951fb1677e06d7363000000000000940d155001cf290333c489d7C:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dll9fae00af-94f7-11e3-abd3-14dae90efdbe

Error: (02/13/2014 03:32:56 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.1822951fb1677e06d7363000000000000940d135c01cf2901fb6fbba3C:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dll66bd44dc-94f6-11e3-abd3-14dae90efdbe

Error: (02/13/2014 03:24:28 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.1822951fb1677e06d7363000000000000940d11bc01cf28faf825a460C:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dll37f05921-94f5-11e3-abd3-14dae90efdbe

Error: (02/13/2014 02:34:16 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.1822951fb1677e06d7363000000000000940d17b801cf28f9c8280882C:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dll34a8a33e-94ee-11e3-abd3-14dae90efdbe

Error: (02/13/2014 02:25:46 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.1822951fb1677e06d7363000000000000940d14fc01cf28f8b98e5e1bC:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dll04ad68c0-94ed-11e3-abd3-14dae90efdbe

Error: (02/13/2014 02:18:12 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.1822951fb1677e06d7363000000000000940d151001cf28f7a890521fC:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dllf612ef0f-94eb-11e3-abd3-14dae90efdbe

Error: (02/13/2014 02:10:32 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.1822951fb1677e06d7363000000000000940dc9801cf28f6a4b1b044C:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dlle3e7f76b-94ea-11e3-abd3-14dae90efdbe

Error: (02/13/2014 02:03:18 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18247521eaf24c00000050000000000001f80150801cf28f61472fc42C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlle1352fc3-94e9-11e3-abd3-14dae90efdbe


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 6056.23 MB
Available physical RAM: 3532.88 MB
Total Pagefile: 12110.65 MB
Available Pagefile: 9540.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:250.05 GB) (Free:192.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:321.1 GB) (Free:321 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 343771F7)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=321 GB) - (Type=OF Extended)

==================== End Of Log ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:52 PM

Posted 13 February 2014 - 09:11 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   2.19KB   3 downloads


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 IowaLoneWolf

IowaLoneWolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 13 February 2014 - 09:43 PM

Here are my results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by Stanley at 2014-02-13 20:41:55 Run:1
Running from C:\Users\Stanley\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4008844041-2714684003-2717108086-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Stanley\AppData\Local\Temp\siompec\scfsrnn\wow.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFDAF9285-0A14-41D1-9EA7-FC7D141BE0D3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFDAF9285-0A14-41D1-9EA7-FC7D141BE0D3&q={searchTerms}&SSPV=
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Extension: ArcadeParlor - C:\Users\Stanley\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-01-29]
FF Extension: Value Apps - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\8h1qcbmp.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-02-10]
FF Extension: ArcadeParlor - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\8h1qcbmp.default\Extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-01-29]
FF HKCU\...\Firefox\Extensions: [{75623d5d-4683-402a-b610-ac4bab767c86}] - C:\Users\Stanley\AppData\Local\SurfCanyon\Firefox
FF Extension: Fast Search by Surf Canyon - C:\Users\Stanley\AppData\Local\SurfCanyon\Firefox [2014-01-29]
CHR Extension: (Surf Canyon) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem [2014-01-29]
C:\Users\Stanley\AppData\Local\Temp\arcparlupd.exe
C:\Users\Stanley\AppData\Local\Temp\BackupSetup.exe
C:\Users\Stanley\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Stanley\AppData\Local\Temp\vcredist_x64.exe
TDL4: custom:26000022 <===== ATTENTION!
Task: {54F4A92E-5FB9-46C5-B35E-77E4AA385A21} - System32\Tasks\gVl9zwFmF0l10BHDcpaCunoRET4Ork => C:\Users\Stanley\AppData\Local\Temp\qs_23b41b60\866 [2014-01-29] () <==== ATTENTION
Task: C:\Windows\Tasks\gVl9zwFmF0l10BHDcpaCunoRET4Ork.job => c:\program files (x86)\mozilla firefox\firefox.exe
*****************

HKU\S-1-5-21-4008844041-2714684003-2717108086-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Stanley\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} => Moved successfully.
C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\8h1qcbmp.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} => Moved successfully.
C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\8h1qcbmp.default\Extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{75623d5d-4683-402a-b610-ac4bab767c86} => Value deleted successfully.
C:\Users\Stanley\AppData\Local\SurfCanyon\Firefox => Moved successfully.
C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem => Moved successfully.
C:\Users\Stanley\AppData\Local\Temp\arcparlupd.exe => Moved successfully.
C:\Users\Stanley\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Stanley\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Stanley\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.

The operation completed successfully.
The operation completed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54F4A92E-5FB9-46C5-B35E-77E4AA385A21} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54F4A92E-5FB9-46C5-B35E-77E4AA385A21} => Key deleted successfully.
C:\Windows\System32\Tasks\gVl9zwFmF0l10BHDcpaCunoRET4Ork => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gVl9zwFmF0l10BHDcpaCunoRET4Ork => Key deleted successfully.
C:\Windows\Tasks\gVl9zwFmF0l10BHDcpaCunoRET4Ork.job => Moved successfully.

==== End of Fixlog ====



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:52 PM

Posted 14 February 2014 - 01:25 AM

How the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 IowaLoneWolf

IowaLoneWolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 14 February 2014 - 10:19 AM

The computer seems to be running faster, but the "Windows Explorer has stopped working" and "Windows Explorer is restarting" cycle continues to be an issue.

When that happens the entire bar on the bottom of the computer screen seems to "restart."

Additionally, when the computer lid is closed, it shuts down the whole computer and it starts up with error messages saying that it was shut down incorrectly



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:52 PM

Posted 14 February 2014 - 10:55 AM

1.

Hello, your log looks much better now.

Please check for any Windows updates.
Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

 

 

 

2.

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

 

 

3.

Please run FRST as you did the first time you ran it and post the log. along with how the machine is running.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 IowaLoneWolf

IowaLoneWolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 14 February 2014 - 07:15 PM

Update: I have completed all of the above steps and noticed a few things.

1) The computer appears to be running a little faster.

2) The Window Explorer "loop" has seemed to stop

3) With the windows updates, the computer downloaded several "Bing" applications including a desktop bar that consumes much of the desk top

4) Everything has been enlarged and magnified throughout the computer

 

Here is the log from the FRST64:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Stanley (administrator) on STANLEY-LT on 14-02-2014 18:06:39
Running from C:\Users\Stanley\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(ASUS) C:\Windows\AsScrPro.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-01] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2013-12-25] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4008844041-2714684003-2717108086-1000\...\MountPoints2: {9221f7e2-8e7d-11e3-8412-14dae90efdbe} - F:\VerizonSWUpgradeAssistantLauncher.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - 02E90A61781D45BDB80AF8121351413F URL = http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFDAF9285-0A14-41D1-9EA7-FC7D141BE0D3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\8h1qcbmp.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF HKCU\...\Firefox\Extensions: [{75623d5d-4683-402a-b610-ac4bab767c86}] - C:\Users\Stanley\AppData\Local\SurfCanyon\Firefox

Chrome:
=======
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-12]
CHR Extension: (Google Search) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-12]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-12]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 16:57 - 2014-02-14 17:51 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-14 16:12 - 2014-02-14 16:12 - 00003288 ____N () C:\bootsqm.dat
2014-02-14 16:03 - 2014-02-14 16:03 - 00002165 _____ () C:\Users\Stanley\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-14 16:02 - 2014-02-14 16:02 - 05190136 _____ () C:\Users\Stanley\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-02-14 16:02 - 2014-02-14 16:02 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-14 11:09 - 2013-11-26 17:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-14 11:09 - 2013-11-26 16:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-14 10:59 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-14 10:59 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-14 10:59 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-14 10:59 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-14 10:59 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-14 10:59 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-14 10:59 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-14 10:59 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-14 10:59 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-14 10:59 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-14 10:59 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-14 10:59 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-14 10:59 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-14 10:59 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-14 10:59 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-14 10:59 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-14 10:57 - 2014-02-14 10:57 - 00362029 _____ () C:\Windows\SysWOW64\sqlite3.dll
2014-02-14 10:17 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-02-14 10:17 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-02-14 10:17 - 2012-08-23 08:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-02-14 10:17 - 2012-08-23 07:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-02-14 10:17 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-02-14 10:17 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-02-14 10:17 - 2012-08-23 03:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-02-14 10:14 - 2013-09-24 20:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-14 10:14 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-14 09:40 - 2014-02-14 09:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 16:03 - 2014-02-13 16:03 - 00033585 _____ () C:\Users\Stanley\Desktop\Addition.txt
2014-02-13 16:01 - 2014-02-14 18:06 - 00013957 _____ () C:\Users\Stanley\Desktop\FRST.txt
2014-02-13 16:01 - 2014-02-14 18:06 - 00000000 ____D () C:\FRST
2014-02-13 16:01 - 2014-02-13 16:01 - 02152960 _____ (Farbar) C:\Users\Stanley\Desktop\FRST64.exe
2014-02-13 15:48 - 2014-02-13 16:00 - 01141248 _____ (Farbar) C:\Users\Stanley\Desktop\FRST.exe
2014-02-13 10:47 - 2014-02-13 10:48 - 00000000 ____D () C:\Users\Stanley\Desktop\Virus
2014-02-12 16:27 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:27 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 16:26 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 16:26 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 16:26 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 16:26 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 16:26 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 16:26 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 16:26 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 16:26 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 16:26 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 16:26 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 16:26 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 16:26 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 16:26 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 16:26 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 16:26 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 16:26 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 16:26 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 16:26 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 16:26 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 16:26 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 16:26 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 16:26 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 16:26 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 16:26 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 16:26 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 16:26 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 16:26 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 16:26 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 16:26 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 16:26 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 16:26 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 16:26 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 16:26 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 16:26 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 16:26 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 16:26 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 16:26 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 16:26 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 16:26 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 15:00 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 15:00 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:16 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:16 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 12:16 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 12:16 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 12:16 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 12:16 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 12:16 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 12:16 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 12:16 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 12:16 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 12:16 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 12:16 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 12:16 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 12:16 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 12:16 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 12:16 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 12:16 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 12:16 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 12:16 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 12:16 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:16 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 12:16 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 12:15 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 12:15 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 12:15 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 12:15 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-04 21:07 - 2014-02-14 18:05 - 00000386 _____ () C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job
2014-02-04 21:07 - 2014-02-14 18:05 - 00000358 _____ () C:\Windows\Tasks\AVG_SYS_TASK.job
2014-02-04 21:07 - 2014-02-04 21:07 - 00002890 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_DELETE
2014-02-04 21:07 - 2014-02-04 21:07 - 00002652 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK
2014-02-04 21:07 - 2014-02-04 21:07 - 00000000 ____D () C:\ProgramData\AVG 0214c Campaign
2014-02-03 16:31 - 2014-02-03 16:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 23:02 - 2014-01-29 23:02 - 13031424 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 12617216 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 10812928 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 05904856 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 05363200 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-01-29 23:02 - 2014-01-29 23:02 - 03511296 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 03121152 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 01040384 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00963452 _____ () C:\Windows\SysWOW64\igcodeckrng600.bin
2014-01-29 23:02 - 2014-01-29 23:02 - 00963452 _____ () C:\Windows\system32\igcodeckrng600.bin
2014-01-29 23:02 - 2014-01-29 23:02 - 00931840 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00575488 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00542720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00515544 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00442880 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00442328 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00431104 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00410624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00399832 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00384512 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00330752 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00279000 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00272928 _____ () C:\Windows\SysWOW64\igvpkrng600.bin
2014-01-29 23:02 - 2014-01-29 23:02 - 00272928 _____ () C:\Windows\system32\igvpkrng600.bin
2014-01-29 23:02 - 2014-01-29 23:02 - 00254936 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00223664 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00216064 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00210106 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00194245 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00185816 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00180224 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00175104 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00171992 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00166170 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00163421 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00159008 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00149682 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00148042 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147393 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147288 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00146004 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00145491 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144645 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144260 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144020 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00143932 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142882 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142877 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142717 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00142289 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142008 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141838 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141049 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137889 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137784 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137141 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00132623 _____ () C:\Windows\system32\Gfxres.en-US.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-01-29 23:02 - 2014-01-29 23:02 - 00126300 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00124650 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00116224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3347.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00098304 _____ () C:\Windows\system32\igdde64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00077312 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00028672 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00017058 _____ () C:\Windows\system32\iglhxs64.vp
2014-01-29 23:02 - 2014-01-29 23:02 - 00009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2014-01-29 21:00 - 2014-02-13 20:41 - 00000000 ____D () C:\Users\Stanley\AppData\Local\SurfCanyon
2014-01-29 21:00 - 2014-01-29 21:01 - 00000000 ____D () C:\Program Files (x86)\Surf Canyon
2014-01-29 21:00 - 2014-01-29 21:00 - 00000147 _____ () C:\out.txt
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Users\Stanley\AppData\Local\Surf_Canyon
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Program Files (x86)\Winferno
2014-01-29 21:00 - 2010-10-26 11:07 - 00499785 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINUTIL8.DLL
2014-01-29 21:00 - 2010-09-01 15:59 - 00835656 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINCTL5.OCX
2014-01-29 21:00 - 2010-01-14 10:31 - 00425984 _____ () C:\Windows\SysWOW64\WinCMR.dll
2014-01-29 21:00 - 2009-06-05 11:04 - 00393216 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINLCTL6.DLL
2014-01-23 10:40 - 2014-01-23 10:40 - 00000000 ____D () C:\Users\Stanley\AppData\Roaming\Oracle
2014-01-23 10:35 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-23 10:35 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-23 10:35 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-23 10:35 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-23 10:34 - 2014-01-23 10:35 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 14:17 - 2014-01-16 14:17 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect

==================== One Month Modified Files and Folders =======

2014-02-14 18:07 - 2014-02-13 16:01 - 00013957 _____ () C:\Users\Stanley\Desktop\FRST.txt
2014-02-14 18:06 - 2014-02-13 16:01 - 00000000 ____D () C:\FRST
2014-02-14 18:05 - 2014-02-04 21:07 - 00000386 _____ () C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job
2014-02-14 18:05 - 2014-02-04 21:07 - 00000358 _____ () C:\Windows\Tasks\AVG_SYS_TASK.job
2014-02-14 18:05 - 2012-09-12 16:24 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 18:05 - 2012-05-28 18:35 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-02-14 18:04 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 18:04 - 2009-07-13 22:51 - 00100070 _____ () C:\Windows\setupact.log
2014-02-14 18:03 - 2012-05-28 18:22 - 02073820 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 18:03 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 18:03 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 18:02 - 2009-07-13 23:13 - 00798844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 17:59 - 2009-07-13 22:45 - 00417416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-14 17:57 - 2009-07-14 01:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-14 17:56 - 2011-04-01 22:17 - 00556880 _____ () C:\Windows\PFRO.log
2014-02-14 17:51 - 2014-02-14 16:57 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-14 17:41 - 2012-09-12 16:24 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 17:41 - 2009-07-13 20:34 - 00000514 _____ () C:\Windows\win.ini
2014-02-14 17:21 - 2012-09-12 16:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-14 17:17 - 2012-05-29 13:05 - 00798844 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 16:12 - 2014-02-14 16:12 - 00003288 ____N () C:\bootsqm.dat
2014-02-14 16:03 - 2014-02-14 16:03 - 00002165 _____ () C:\Users\Stanley\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-14 16:02 - 2014-02-14 16:02 - 05190136 _____ () C:\Users\Stanley\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-02-14 16:02 - 2014-02-14 16:02 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-14 11:16 - 2014-01-06 19:49 - 00000000 ____D () C:\Users\Stanley\AppData\Local\CrashDumps
2014-02-14 11:03 - 2013-08-19 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 10:57 - 2014-02-14 10:57 - 00362029 _____ () C:\Windows\SysWOW64\sqlite3.dll
2014-02-14 10:27 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-14 10:19 - 2012-05-28 18:26 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-02-14 10:16 - 2012-05-28 18:33 - 00008396 _____ () C:\Windows\system32\RaCoInst.log
2014-02-14 10:06 - 2013-08-15 07:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 10:03 - 2012-05-29 13:52 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 09:40 - 2014-02-14 09:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 09:17 - 2014-01-04 14:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-13 20:41 - 2014-01-29 21:00 - 00000000 ____D () C:\Users\Stanley\AppData\Local\SurfCanyon
2014-02-13 16:03 - 2014-02-13 16:03 - 00033585 _____ () C:\Users\Stanley\Desktop\Addition.txt
2014-02-13 16:01 - 2014-02-13 16:01 - 02152960 _____ (Farbar) C:\Users\Stanley\Desktop\FRST64.exe
2014-02-13 16:00 - 2014-02-13 15:48 - 01141248 _____ (Farbar) C:\Users\Stanley\Desktop\FRST.exe
2014-02-13 10:48 - 2014-02-13 10:47 - 00000000 ____D () C:\Users\Stanley\Desktop\Virus
2014-02-13 09:40 - 2014-01-13 13:00 - 00000000 ____D () C:\Users\Stanley\Desktop\Erickson
2014-02-12 16:40 - 2012-08-20 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-06 06:16 - 2014-02-12 16:26 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-12 16:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-12 16:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-12 16:26 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-12 16:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-12 16:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 16:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-12 16:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-12 16:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-12 16:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-12 16:26 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-12 16:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-12 16:26 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-12 16:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-12 16:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-12 16:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-12 16:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-12 16:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-12 16:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 16:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-12 16:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-12 16:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 16:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-12 16:26 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-12 16:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-12 16:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-12 16:26 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-12 16:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-12 16:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-12 16:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-12 16:26 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-12 16:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 16:26 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 16:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-12 16:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-12 16:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-12 16:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-12 16:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-12 16:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 11:26 - 2012-09-12 16:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 11:25 - 2012-11-20 10:21 - 03544968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-05 11:25 - 2012-09-12 16:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 11:25 - 2012-09-12 16:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 21:07 - 2014-02-04 21:07 - 00002890 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_DELETE
2014-02-04 21:07 - 2014-02-04 21:07 - 00002652 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK
2014-02-04 21:07 - 2014-02-04 21:07 - 00000000 ____D () C:\ProgramData\AVG 0214c Campaign
2014-02-04 11:44 - 2013-08-20 14:23 - 00000000 ____D () C:\Users\Stanley\Desktop\LifeWorks
2014-02-03 17:59 - 2014-01-04 14:31 - 00000000 ____D () C:\Users\Stanley\AppData\Local\genienext
2014-02-03 17:59 - 2014-01-04 14:30 - 00000000 ____D () C:\Users\Stanley\AppData\Local\Conduit
2014-02-03 17:59 - 2014-01-04 14:30 - 00000000 ____D () C:\Program Files\Conduit
2014-02-03 17:59 - 2014-01-04 14:30 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-02-03 16:31 - 2014-02-03 16:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 23:02 - 2014-01-29 23:02 - 13031424 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 12617216 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 10812928 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 05904856 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 05363200 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-01-29 23:02 - 2014-01-29 23:02 - 03511296 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 03121152 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 01040384 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00963452 _____ () C:\Windows\SysWOW64\igcodeckrng600.bin
2014-01-29 23:02 - 2014-01-29 23:02 - 00963452 _____ () C:\Windows\system32\igcodeckrng600.bin
2014-01-29 23:02 - 2014-01-29 23:02 - 00931840 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00575488 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00542720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00515544 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00442880 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00442328 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00431104 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00410624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00399832 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00384512 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00330752 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00279000 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00272928 _____ () C:\Windows\SysWOW64\igvpkrng600.bin
2014-01-29 23:02 - 2014-01-29 23:02 - 00272928 _____ () C:\Windows\system32\igvpkrng600.bin
2014-01-29 23:02 - 2014-01-29 23:02 - 00254936 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00223664 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00216064 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00210106 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00194245 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00185816 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00180224 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00175104 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00171992 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00166170 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00163421 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00159008 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00149682 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00148042 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147393 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147288 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00146004 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00145491 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144645 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144260 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144020 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00143932 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142882 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142877 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142717 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00142289 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142008 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141838 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141049 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137889 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137784 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137141 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00132623 _____ () C:\Windows\system32\Gfxres.en-US.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-01-29 23:02 - 2014-01-29 23:02 - 00126300 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00124650 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00116224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3347.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00098304 _____ () C:\Windows\system32\igdde64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00077312 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00028672 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00017058 _____ () C:\Windows\system32\iglhxs64.vp
2014-01-29 23:02 - 2014-01-29 23:02 - 00009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2014-01-29 23:02 - 2012-03-19 22:26 - 11049472 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2014-01-29 23:02 - 2012-03-19 22:11 - 11176448 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2014-01-29 23:02 - 2011-04-20 02:18 - 12859392 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2014-01-29 23:02 - 2011-04-20 02:18 - 09007616 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2014-01-29 23:02 - 2011-04-20 02:18 - 00110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2014-01-29 23:02 - 2011-04-20 02:18 - 00064000 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2014-01-29 21:01 - 2014-01-29 21:00 - 00000000 ____D () C:\Program Files (x86)\Surf Canyon
2014-01-29 21:01 - 2014-01-04 14:36 - 00000000 ____D () C:\ProgramData\AVG2014
2014-01-29 21:00 - 2014-01-29 21:00 - 00000147 _____ () C:\out.txt
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Users\Stanley\AppData\Local\Surf_Canyon
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Program Files (x86)\Winferno
2014-01-23 10:40 - 2014-01-23 10:40 - 00000000 ____D () C:\Users\Stanley\AppData\Roaming\Oracle
2014-01-23 10:35 - 2014-01-23 10:34 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 10:35 - 2014-01-03 13:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 10:35 - 2014-01-03 13:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-19 01:33 - 2012-09-12 15:50 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 10:20 - 2012-09-12 16:21 - 00000000 ____D () C:\Users\Stanley\AppData\Local\Adobe
2014-01-16 15:36 - 2012-09-12 15:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-16 15:36 - 2012-09-12 15:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-01-16 14:17 - 2014-01-16 14:17 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!


LastRegBack: 2014-02-14 12:04

==================== End Of Log ============================

 

I really do appreciate all of your help!



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:52 PM

Posted 15 February 2014 - 11:00 PM

1.
You can remove Bingbar by going into add/remove programs and uninstalling it
Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

(Insert Programs for Removal)

Additional instructions can be found here if needed.


2.
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached File  fixlist.txt   776bytes   3 downloads

Let me know how the machine is doing after this run of FRST.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 IowaLoneWolf

IowaLoneWolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 16 February 2014 - 12:06 AM

1) I followed the instructions and removed both Bing Bar and Bing Desktop.

2) The Log from FRST64 is below

3) The computer still has very large icons and is magnified throughout everything. When the laptop is closed and left to sit, it restarts to a black error screen.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by Stanley at 2014-02-15 22:54:00 Run:2
Running from C:\Users\Stanley\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - 02E90A61781D45BDB80AF8121351413F URL = http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFDAF9285-0A14-41D1-9EA7-FC7D141BE0D3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll No File
014-01-29 21:00 - 2014-01-29 21:01 - 00000000 ____D () C:\Program Files (x86)\Surf Canyon
2014-01-29 21:00 - 2014-01-29 21:00 - 00000000 ____D () C:\Users\Stanley\AppData\Local\Surf_Canyon
FF HKCU\...\Firefox\Extensions: [{75623d5d-4683-402a-b610-ac4bab767c86}] - C:\Users\Stanley\AppData\Local\SurfCanyon\Firefox
TDL4: custom:26000022 <===== ATTENTION!
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\02E90A61781D45BDB80AF8121351413F => Key deleted successfully.
HKCR\CLSID\02E90A61781D45BDB80AF8121351413F => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346} => Key deleted successfully.
HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} => Key deleted successfully.
C:\Users\Stanley\AppData\Local\Surf_Canyon => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{75623d5d-4683-402a-b610-ac4bab767c86} => Value deleted successfully.

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:52 PM

Posted 16 February 2014 - 12:32 AM

 

3) The computer still has very large icons and is magnified throughout everything. When the laptop is closed and left to sit, it restarts to a black error screen.

whats the error?

 

 

The computer still has very large icons and is magnified throughout everything.

You will need to go in and change your resolution.

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.

  • Once its done scanning click Clean to clean the machine of anything it finds.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 IowaLoneWolf

IowaLoneWolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 16 February 2014 - 04:47 PM

  1.  I will note the error with the black restart screen next time it happens, I have had it consistently plugged in and in use the past 24 hours.
  2. What resolution settings do I need to change? Everything that I do makes things even bigger!!! This started after all of the updates on 2-14-14
  3. The logs for AdwCleaner and RogueKiller are below

# AdwCleaner v3.018 - Report created 16/02/2014 at 15:22:12
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Stanley - STANLEY-LT
# Running from : C:\Users\Stanley\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Surf Canyon
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Stanley\AppData\Local\Conduit
Folder Deleted : C:\Users\Stanley\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\Stanley\Documents\optimizer pro
Folder Deleted : C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\8h1qcbmp.default\ValueApps

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\8h1qcbmp.default\prefs.js ]

Line Deleted : user_pref("valueApps.CT0000000./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:", "6E6D6870707470766E73");
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E76767A767C7479242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E31;CJHFHKM;HPDORP=HJU-XMP.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E31;CJI5E K@C.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G>D", "3E6A3B726F3F756E7A45707247204C7D4C7C25215052502A53232555285A5A5D592F2D5D");
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Deleted : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT0000000./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B5BA==9CJAG", "39676B6B6A4341457A77734746784B77797B792251");
Line Deleted : user_pref("valueApps.CT0000000./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P", "6E6D6870707470757775777375");
Line Deleted : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT0000000./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ", "6D70706E7674737976782A7978727A79752120");
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT0000000./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT0000000.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.CT0000000.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.SF_USER_ID", "6369645F31303232303134373432353239383239383230");
Line Deleted : user_pref("valueApps.CT0000000.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000._key_cl_active", "31393339323738342D323663352D346433342D396562622D383237623835653966646663");
Line Deleted : user_pref("valueApps.CT0000000._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.cb_experience_000", "37");
Line Deleted : user_pref("valueApps.CT0000000.cb_experience_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.cb_user_id_000", "43423232303134313435373031315F313339323330353036313136365F46697265666F78");
Line Deleted : user_pref("valueApps.CT0000000.cb_user_id_000.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.cbfirsttime", "4D6F6E2046656220313020323031342030373A33353A303520474D542D30363030202843656E7472616C205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT0000000.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.impression_session_counter", "3232");
Line Deleted : user_pref("valueApps.CT0000000.impression_session_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.impression_session_id", "2261663363383639302D323433312D343339322D386435632D62633433326565623864643322");
Line Deleted : user_pref("valueApps.CT0000000.impression_session_id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.impression_session_last_active", "31333932333132303831333635");
Line Deleted : user_pref("valueApps.CT0000000.impression_session_last_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime", "31333932333435353731343636");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime", "31333932333435353733303530");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_settings1.13.0.17.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_stamp", "313034335F30");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userBornDate", "3230313430323130");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userId", "66613233343534352D336438662D343761332D393637342D326237326331653733383766");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted", "");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.rematchGround-country-code", "22555322");
Line Deleted : user_pref("valueApps.CT0000000.rematchGround-country-code.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354303030303030307E62313[...]
Line Deleted : user_pref("valueApps.CT0000000.rematchGround.upstairs.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-is-test-user", "66616C7365");
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-is-test-user.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-matkot-user-id", "22313338383836373435373437363737323334353622");
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-matkot-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339323334353537343633342C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-user-id", "2265386234376162622D326431332D346533362D623463632D32373865306631616265626122");
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.response_cache.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000.url_history0001.storedInFile", true);

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14606 octets] - [16/02/2014 15:13:59]
AdwCleaner[S0].txt - [14641 octets] - [16/02/2014 15:22:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14702 octets] ##########

 

RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Stanley [Admin rights]
Mode : Scan -- Date : 02/16/2014 15:31:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] AVG-Secure-Search-Update-0214c.exe -- C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 :  (\\?\globalroot\Device\HarddiskVolume2\Users\Stanley\AppData\Local\Temp\siompec\scfsrnn\wow.dll [x]) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] AVG_SYS_TASK.job : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe -  --TASK_START_SYS --CMPID=0214c [7] -> FOUND
[V1][SUSP PATH] AVG_SYS_TASK_DELETE.job : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[V2][SUSP PATH] AVG_SYS_TASK : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - --TASK_START_SYS --CMPID=0214c [7] -> FOUND
[V2][SUSP PATH] AVG_SYS_TASK_DELETE : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400BPVT-80HXZT1 +++++
--- User ---
[MBR] d92cc5db72c89ab66ca43ae1abf0252c
[BSP] 177507aede73c8eab31fee7866ebab1f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 256054 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 576829440 | Size: 328824 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] a9f455daea493f625d48e26d1010082d
[BSP] e2a4698cf83685beb0f65c8aa8a105a4 : MaxSS MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 256054 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 576829440 | Size: 328824 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] a9f455daea493f625d48e26d1010082d
[BSP] e2a4698cf83685beb0f65c8aa8a105a4 : MaxSS MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 256054 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 576829440 | Size: 328824 Mo

Finished : << RKreport[0]_S_02162014_153102.txt >>





 



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:52 PM

Posted 17 February 2014 - 01:28 PM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click FixHosts 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

How to change your screen resolution

 

 

Let me know how the machine is running after this.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 IowaLoneWolf

IowaLoneWolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 17 February 2014 - 02:03 PM

1) I am not able to restore the resolution any smaller than it already is, this is not a critical thing, I can live with the  magnification, but it is still a little odd to me that it happened.

2) I have not gotten the black screen so perhaps that issue resolved itself as well.

3) The computer seems to be running better.

4) I have attached the logs from RogueKiller below

 

RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Stanley [Admin rights]
Mode : Remove -- Date : 02/17/2014 12:58:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] AVG-Secure-Search-Update-0214c.exe -- C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 :  (\\?\globalroot\Device\HarddiskVolume2\Users\Stanley\AppData\Local\Temp\siompec\scfsrnn\wow.dll [x]) -> REPLACED (C:\Windows\system32\shell32.dll)
[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : netprofm () -> [0x8] Not enough storage is available to process this command.

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] AVG_SYS_TASK.job : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe -  --TASK_START_SYS --CMPID=0214c [7] -> DELETED
[V1][SUSP PATH] AVG_SYS_TASK_DELETE.job : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED
[V2][SUSP PATH] AVG_SYS_TASK : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - --TASK_START_SYS --CMPID=0214c [7] -> DELETED
[V2][SUSP PATH] AVG_SYS_TASK_DELETE : C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400BPVT-80HXZT1 +++++
--- User ---
[MBR] d92cc5db72c89ab66ca43ae1abf0252c
[BSP] 177507aede73c8eab31fee7866ebab1f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 256054 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 576829440 | Size: 328824 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] a9f455daea493f625d48e26d1010082d
[BSP] e2a4698cf83685beb0f65c8aa8a105a4 : MaxSS MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 256054 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 576829440 | Size: 328824 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] a9f455daea493f625d48e26d1010082d
[BSP] e2a4698cf83685beb0f65c8aa8a105a4 : MaxSS MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 256054 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 576829440 | Size: 328824 Mo

Finished : << RKreport[0]_D_02172014_125800.txt >>
RKreport[0]_S_02162014_153102.txt;RKreport[0]_S_02172014_125749.txt



RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Stanley [Admin rights]
Mode : HOSTSFix -- Date : 02/17/2014 12:58:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] AVG-Secure-Search-Update-0214c.exe -- C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
[...]


¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1    localhost


Finished : << RKreport[0]_H_02172014_125853.txt >>
RKreport[0]_D_02172014_125800.txt;RKreport[0]_S_02162014_153102.txt;RKreport[0]_S_02172014_125749.txt



 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users