Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential Worm


  • This topic is locked This topic is locked
49 replies to this topic

#1 Castle Robin

Castle Robin

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 28 February 2014 - 07:17 PM

Upon using Adw Cleaner, I found out on Tuesday that they have an additional option to install "Hosts Anti-Pup/Adware" as extra protection.  Adw Cleaner (French download) appeared to not be infected, as no virus warning appeared when I scanned and cleaned before and after restarting my computer, but when I tried to install Hosts Anti-Pup/Adware, the following appeared:

 

! AVG Detection

 

Worm/Autoit AZCI Infected

Worm/Autoit AZCH Infected

 

Remove All

 

Additional Information:

 

HOSTS-Anti-Adware-main.exe

HOSTS Anti-Adware.exe

 

At the same time, I spotted in my add-on bar that an extra icon had suddenly appeared.  When I clicked on it, six listings of the following details were listed with all downloads stating webm, mp4, flv and 3gp video files, which relate to the Firefox add-on Flash and Video Download:

 

Flash Files to Download

Watch-as3.swf

Videos to Download

DomaIQ: Fake Flash / Java - You Tube

 

I assume that as "Fake Flash" was listed among the details, I was wise to not click on any of those files, which would probably have infected my computer further.

 

I then clicked on "Remove All" and the AVG report changed to "Secured" next to both files, which I had assumed meant my computer was now clean and I deleted the Desktop shortcut to the worm program.

 

In between, this appeared and the http://www.malekal.com/2012/01/10/hosts-anti-pupsadware link appeared (the Firefox add-on Trust My Web gives this site a Green (safe) rating):

 

Erreur

Un probleme est survenu durant l'installation du programme

 

I later replaced the French download with the Bleepingcomputer download of AdwCleaner, but after what happened before, I chose to not try to install the Anti-PUP program, in case it triggered off another malware warning.

 

The same AVG warning reappeared twice during the course of the evening, so I clicked on "Remove All" each time, which resulted in AVG changing the status to "Secured", but if the AVG diagnosis were accurate, it didn't remove any parasites.

 

Checking Youtube since, "Videos to Download" appeared again, but this time with genuine details.

 

Later that evening, upon returning to my computer, upon clicking on my browser, it opened up wit hthe usual Search Engine page, but for the first time ever, it Automatically opened "Restore Session", which is normally only accessible by clicking on it manually.  Very likely an infection caused the automatic opening, as this is the only time this has ever happened.

 

For a second opinion, in case AVG had given false positives, I then installed and ran a scan with Panda Cloud Cleaner, which gave the same results as below and then I uninstalled the program, as I couldn't be sure if AVG and Panda were giving false positives, but was very concerned about the scan results and the "DomaIQ" and "Fake Flash" videos in the add-on bar.

 

On Friday, two new signs that gave me the impression something may be wrong on my computer were:

 

When I switched on my computer for the first time in the day, my keyboard was frozen.  I restarted my computer and the keyboard has remained fine ever since;

 

On Friday evening the sound unexpectedly stopped. I then restarted my computer and the sound was restored successfully and also has remained fine ever since.

 

Still very concerned that there might be malware remaining in my computer, due to the scans' results in conjunction with bogus videos temporarily appearing in the Firefox add-on bar for Flash and Video Download, I reinstalled then ran a new scan with Panda Cloud Cleaner, which gave the same results as on Tuesday evening.  This time, there was no sign of the temporary "DomaIQ" and "Fake Flash" malware when clicking on the add-on bar with Youtube open, which is normally unaffected.

 

Due to the Panda results, I then updated Malwarebytes' Anti-Malware, followed by a complete scan to see if this program would detect anything, but no malware was found. 

 

Although the Panda information lists differently to that of the first scan (with AVG), originally details of a Worm were detected previously. 

 

NB: To avoid risking damage to my computer, I didn't act upon Panda's recommendation to delete certain registry keys and instead just noted its results and didn't proceed any further.

 

If AdwCleaner is required as part of the cleaning process, please let me know at the time if you wish me to use the existing Bleepingcomputer download I installed earlier this week or if you'd prefer me to uninstall it and re-download a fresh install of Adw from BC.

 

 

Here are the results of the Panda scan, which I made prior to running DDS for their two logs:

 

Panda Cloud Cleaner - v1.0.97

 

Malware and

 

Malware: System Hijack are stated

 

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

Attached Files


Edited by Castle Robin, 01 March 2014 - 04:40 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:00 PM

Posted 01 March 2014 - 02:26 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please run tha AdwCleaner and if prompter to update please do.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 01 March 2014 - 03:32 PM

Hi Nasdaq

 

Thanks for your assistance and your invaluable suggestion to print out the instructions, which has come in very handy. :)

 

Here are the results of the first survey, starting off with Rogue Killer:

 

 

RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 03/01/2014 20:28:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM 003-1CH162 SATA Disk Device +++++
--- User ---
[MBR] 8bf77be93cc8de74117a137ebf5ccc16
[BSP] 9b4d6ae3d040634b804186cda203c5bc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03012014_202852.txt >>
RKreport[0]_S_03012014_202820.txt

 

 

RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 03/01/2014 20:28:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM 003-1CH162 SATA Disk Device +++++
--- User ---
[MBR] 8bf77be93cc8de74117a137ebf5ccc16
[BSP] 9b4d6ae3d040634b804186cda203c5bc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03012014_202820.txt >>


Edited by Castle Robin, 01 March 2014 - 03:41 PM.


#4 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 01 March 2014 - 03:58 PM

As I wasn't sure about the "open programs" in question, I initially disabled everything in real-time and closed the browser, but then it dawned on me that probably everything but the Firewall is required to be disabled for each program, which I've done since, just prior to installing a new update of AdwCleaner, but I downloaded each program then disabled the above prior to running the programs so I had optimum protection enabled.

 

If I need to re-do the scan with Rogue Killer, this time with the firewall enabled, please let me know, as I'm not used to the procedures but for now, I'll carry on with the steps in the order you've listed them, which I'm crossing off as I complete them on my notes, this time to step 2's AdwCleaner Report results. 

 

When I previously scanned (but last timed clicked on "Clean" a few days ago) in AdwCleaner, I deleted these two lines, which then reappeared.  As far as I know, they're not a virus, but I'll let you update me if you believe it is a virus.

 

From previous advice on the forum, it is safe to delete these two entries, so I shall do a clean in just a moment.

 

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\prefs.js ]

Line Found : user_pref("extensions.trustmyweb.addons.firefox@hotmail.com.install-event-fired", true);

 

Thanks for your patience. 

 

 

Here is the AdwCleaner report:

 

# AdwCleaner v3.020 - Report created 01/03/2014 at 20:47:05
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\prefs.js ]

Line Found : user_pref("extensions.trustmyweb.addons.firefox@hotmail.com.install-event-fired", true);

*************************

AdwCleaner[R10].txt - [874 octets] - [26/02/2014 16:51:33]
AdwCleaner[R11].txt - [934 octets] - [26/02/2014 17:21:26]
AdwCleaner[R12].txt - [854 octets] - [01/03/2014 20:47:05]
AdwCleaner[S4].txt - [995 octets] - [26/02/2014 17:22:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R12].txt - [973 octets] ##########

 

 

Here is the post-Clean AdwCleaner report:

 

# AdwCleaner v3.020 - Report created 01/03/2014 at 21:06:46
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\prefs.js ]

Line Deleted : user_pref("extensions.trustmyweb.addons.firefox@hotmail.com.install-event-fired", true);

*************************

AdwCleaner[R10].txt - [874 octets] - [26/02/2014 16:51:33]
AdwCleaner[R11].txt - [934 octets] - [26/02/2014 17:21:26]
AdwCleaner[R12].txt - [1053 octets] - [01/03/2014 20:47:05]
AdwCleaner[S4].txt - [995 octets] - [26/02/2014 17:22:39]
AdwCleaner[S5].txt - [977 octets] - [01/03/2014 21:06:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1036 octets] ##########


Edited by Castle Robin, 01 March 2014 - 04:10 PM.


#5 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 01 March 2014 - 04:23 PM

As my security suite includes a firewall, hoping I did the right thing, I turned this off just prior to running Junkware Removal Tool, but switched off my connection from the Internet to safeguard my computer due to the disabled firewall.

 

Here is the JRT log.  As I discovered I'd installed this earlier this week when I tried to move JRT from Downloads to the Desktop, I overwrote the original file which I ran and report as follows:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 01/03/2014 at 21:16:24.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/03/2014 at 21:20:20.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by Castle Robin, 01 March 2014 - 05:19 PM.


#6 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 01 March 2014 - 04:31 PM

As the requests for turning off security or all programs are listed for just the preceding steps, this time I ran Farbar but with all security running and the browser closed, hoping this is correct.  My security suite is in real-time, whereas I have the free versions of Superantispyware and Malwarebytes.

 

Please bear with me if I have had too many programs disabled or too few in any steps.  If I have, please let me know and I'll re-do all the steps from start to finish, as I've carefully read all your instructions, but wasn't too sure in all cases.

 

 

Here are the two Farbar logs:

 

 

Firstly, FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-03-2014
Ran by User (administrator) on USER-PC on 01-03-2014 21:27:49
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEPSON Connect\mep.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(8pecxstudios) C:\Program Files\Cyberfox\Cyberfox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-21-3150451339-2684868656-1425241885-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3150451339-2684868656-1425241885-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=U218DHP&pc=U218
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203
FF DefaultSearchEngine: Ixquick HTTPS - UK
FF SelectedSearchEngine: Ixquick HTTPS - UK
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\searchplugins\ixquick-https---uk.xml
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-02-19]
FF Extension: Flash and Video Download - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-02-19]
FF Extension: Disconnect - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\2.0@disconnect.me.xpi [2014-02-19]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\firefox@ghostery.com.xpi [2014-02-19]
FF Extension: YouTube ALL HTML5 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2014-02-19]
FF Extension: Safe Preview - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\safepreview@everhelper.me.xpi [2014-02-24]
FF Extension: Trust My Web - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\trustmyweb.addons.firefox@hotmail.com.xpi [2014-02-24]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2014-02-24]
FF Extension: YouTube High Definition - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-02-19]
FF Extension: BetterPrivacy - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-02-19]
FF Extension: Adblock Edge - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-19]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 MyEPSON Connect Service; C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe [703616 2012-10-01] (SEIKO EPSON CORPORATION)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-03-01] ()
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-01 21:27 - 2014-03-01 21:28 - 00011022 _____ () C:\Users\User\Desktop\FRST.txt
2014-03-01 21:27 - 2014-03-01 21:27 - 00000000 ____D () C:\FRST
2014-03-01 21:24 - 2014-03-01 21:24 - 02155520 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-03-01 21:20 - 2014-03-01 21:20 - 00000624 _____ () C:\Users\User\Desktop\JRT.txt
2014-03-01 21:11 - 2014-03-01 21:11 - 01037734 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-03-01 20:36 - 2014-03-01 20:37 - 01244192 _____ () C:\Users\User\Desktop\adwcleaner.exe
2014-03-01 20:28 - 2014-03-01 20:28 - 00001754 _____ () C:\Users\User\Desktop\RKreport[0]_D_03012014_202852.txt
2014-03-01 20:28 - 2014-03-01 20:28 - 00001701 _____ () C:\Users\User\Desktop\RKreport[0]_S_03012014_202820.txt
2014-03-01 20:26 - 2014-03-01 20:33 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine
2014-03-01 20:21 - 2014-03-01 20:21 - 04413952 _____ () C:\Users\User\Desktop\RogueKillerX64.exe
2014-02-28 23:44 - 2014-02-28 23:44 - 00014756 _____ () C:\Users\User\Desktop\dds.txt
2014-02-28 23:44 - 2014-02-28 23:44 - 00007483 _____ () C:\Users\User\Desktop\attach.txt
2014-02-28 23:41 - 2014-02-28 23:41 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2014-02-28 18:02 - 2014-02-28 18:02 - 00001293 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-02-28 18:02 - 2014-02-28 18:02 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-02-28 18:02 - 2013-06-12 13:10 - 00033512 _____ () C:\Windows\system32\Drivers\DasPtct.SYS
2014-02-28 17:52 - 2014-02-28 17:53 - 28656912 _____ (Panda Security ) C:\Users\User\Downloads\PandaCloudCleaner.exe
2014-02-27 17:28 - 2014-02-27 17:28 - 00115696 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-27 17:25 - 2014-02-27 17:25 - 00000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2014-02-27 17:24 - 2014-02-27 17:24 - 02406064 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HousecallLauncher64.exe
2014-02-26 19:36 - 2014-02-26 19:36 - 00000834 _____ () C:\Windows\PFRO.log
2014-02-26 17:37 - 2014-02-26 17:37 - 00000000 ____D () C:\Windows\ERUNT
2014-02-26 16:50 - 2014-03-01 21:06 - 00000000 ____D () C:\AdwCleaner
2014-02-26 16:38 - 2014-02-26 16:38 - 00000000 ____D () C:\Users\User\Downloads\tdsskiller
2014-02-26 16:37 - 2014-02-26 16:37 - 04102163 _____ () C:\Users\User\Desktop\tdsskiller.zip
2014-02-26 16:11 - 2014-02-26 16:11 - 00982016 _____ (Farbar) C:\Users\User\Desktop\MiniToolBox.exe
2014-02-26 11:38 - 2014-03-01 21:08 - 00000504 _____ () C:\Windows\setupact.log
2014-02-26 11:38 - 2014-02-26 11:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-26 11:37 - 2014-02-26 11:38 - 00439928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-26 11:36 - 2014-03-01 21:21 - 00084613 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 23:40 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-02-25 12:26 - 2014-02-25 12:26 - 00013553 _____ () C:\Users\User\Desktop\CCleaner64.lnk
2014-02-24 18:14 - 2014-02-24 18:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-24 18:14 - 2014-02-24 18:14 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-24 18:14 - 2014-02-24 18:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2014-02-24 18:14 - 2014-02-24 18:14 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-24 18:13 - 2014-02-24 18:13 - 18004456 _____ (SUPERAntiSpyware) C:\Users\User\Downloads\SUPERAntiSpyware.exe
2014-02-24 18:05 - 2014-02-24 18:05 - 00101832 _____ (SUPERAntiSpyware.com) C:\Users\User\Downloads\SASUNINST.EXE
2014-02-23 11:49 - 2014-02-23 11:49 - 00347816 _____ (Microsoft Corporation) C:\Users\User\Downloads\MicrosoftFixit.IEPerformance.RNP.6331658331836686.2.1.Run.exe
2014-02-21 17:53 - 2014-02-22 00:31 - 00000000 ____D () C:\Users\User\Downloads\attachments(1)
2014-02-21 17:52 - 2014-02-21 17:52 - 01180270 _____ () C:\Users\User\Downloads\attachments(1).zip
2014-02-19 14:54 - 2014-02-22 13:25 - 00000976 _____ () C:\Users\Public\Desktop\Cyberfox.lnk
2014-02-19 14:54 - 2014-02-19 14:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
2014-02-19 14:54 - 2014-02-19 14:54 - 00000000 ____D () C:\Program Files\Cyberfox
2014-02-19 14:48 - 2014-02-19 14:50 - 32932168 _____ (8pecxstudios ) C:\Users\User\Downloads\LatestVersionAMD.exe
2014-02-18 14:19 - 2014-02-18 14:19 - 00000000 ____D () C:\Users\User\Downloads\ccsetup410
2014-02-18 14:17 - 2014-02-18 14:18 - 04891520 _____ () C:\Users\User\Downloads\ccsetup410.zip
2014-02-17 23:01 - 2014-02-17 23:01 - 17890696 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\install_flash_player.exe
2014-02-17 14:54 - 2014-02-17 14:54 - 00001993 _____ () C:\Users\Public\Desktop\SeaMonkey.lnk
2014-02-17 14:54 - 2014-02-17 14:54 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
2014-02-17 14:47 - 2014-02-17 14:47 - 25463092 _____ () C:\Users\User\Downloads\SeaMonkey Setup 2.24.exe
2014-02-12 19:36 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 19:36 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 19:36 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 19:36 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 19:36 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 19:36 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 19:36 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 19:36 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 19:36 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 19:36 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 19:36 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 19:36 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 19:36 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 19:36 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 19:36 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 19:36 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 19:36 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 19:36 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 19:36 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 19:36 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 19:36 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 19:36 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 19:36 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 19:36 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 19:36 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 19:36 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 19:36 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 19:36 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 19:36 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 19:36 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 19:36 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 19:36 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 19:36 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 19:36 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 19:36 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 19:36 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 19:36 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 19:36 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 19:36 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 19:36 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 19:36 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 13:26 - 2013-12-31 23:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 13:26 - 2013-12-31 23:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 13:26 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 13:26 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 13:26 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 13:26 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 13:26 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 13:26 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 13:26 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 13:26 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 13:26 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 13:26 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 13:26 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 13:26 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 13:26 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 13:26 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 13:26 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 13:26 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 13:26 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 13:26 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 13:26 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 13:26 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 13:26 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 13:26 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 13:26 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 13:26 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 13:26 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 13:26 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 00:40 - 2014-02-12 00:40 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2014-02-11 22:15 - 2014-02-12 00:44 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-02-11 22:13 - 2014-02-11 22:13 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-02-11 22:13 - 2014-02-11 22:13 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-02-11 22:13 - 2014-02-11 22:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-02-11 20:46 - 2014-02-11 20:46 - 00000000 ____D () C:\Users\User\AppData\Local\8pecxstudios
2014-02-11 20:09 - 2014-02-11 20:13 - 377110032 _____ () C:\Users\User\Downloads\25th december 1980 on Vimeo.mp4
2014-02-11 17:46 - 2014-02-21 14:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-11 17:46 - 2014-02-21 14:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 12:05 - 2014-02-07 12:05 - 00000803 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-02-07 12:05 - 2014-02-07 12:05 - 00000000 ____D () C:\Program Files\Speccy
2014-02-07 12:03 - 2014-02-07 12:03 - 03780920 _____ (Piriform Ltd) C:\Users\User\Downloads\spsetup125_slim.exe
2014-02-03 09:48 - 2014-02-18 17:28 - 00000000 ____D () C:\Users\User\dwhelper
2014-01-31 17:40 - 2014-01-31 17:42 - 00000000 ____D () C:\Users\User\Documents\Television

==================== One Month Modified Files and Folders =======

2014-03-01 21:28 - 2014-03-01 21:27 - 00011022 _____ () C:\Users\User\Desktop\FRST.txt
2014-03-01 21:27 - 2014-03-01 21:27 - 00000000 ____D () C:\FRST
2014-03-01 21:24 - 2014-03-01 21:24 - 02155520 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-03-01 21:21 - 2014-02-26 11:36 - 00084613 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 21:20 - 2014-03-01 21:20 - 00000624 _____ () C:\Users\User\Desktop\JRT.txt
2014-03-01 21:15 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-01 21:15 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-01 21:12 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-01 21:11 - 2014-03-01 21:11 - 01037734 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-03-01 21:08 - 2014-02-26 11:38 - 00000504 _____ () C:\Windows\setupact.log
2014-03-01 21:08 - 2014-01-15 13:42 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-03-01 21:08 - 2014-01-15 13:42 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-03-01 21:08 - 2014-01-15 13:42 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-03-01 21:08 - 2014-01-15 13:23 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-01 21:08 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-01 21:06 - 2014-02-26 16:50 - 00000000 ____D () C:\AdwCleaner
2014-03-01 20:46 - 2014-01-25 13:46 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {258A706F-E1E5-4471-A328-3DF2A70EF6BA}.job
2014-03-01 20:46 - 2014-01-25 13:46 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {258A706F-E1E5-4471-A328-3DF2A70EF6BA}.job
2014-03-01 20:46 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-01 20:39 - 2014-01-15 13:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 20:37 - 2014-03-01 20:36 - 01244192 _____ () C:\Users\User\Desktop\adwcleaner.exe
2014-03-01 20:33 - 2014-03-01 20:26 - 00000000 ____D () C:\Users\User\Desktop\RK_Quarantine
2014-03-01 20:28 - 2014-03-01 20:28 - 00001754 _____ () C:\Users\User\Desktop\RKreport[0]_D_03012014_202852.txt
2014-03-01 20:28 - 2014-03-01 20:28 - 00001701 _____ () C:\Users\User\Desktop\RKreport[0]_S_03012014_202820.txt
2014-03-01 20:21 - 2014-03-01 20:21 - 04413952 _____ () C:\Users\User\Desktop\RogueKillerX64.exe
2014-03-01 20:18 - 2014-01-22 14:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Macromedia
2014-03-01 19:31 - 2014-01-15 14:02 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-01 19:24 - 2014-01-26 12:58 - 00000000 ____D () C:\Users\User\Documents\Jobs
2014-02-28 23:44 - 2014-02-28 23:44 - 00014756 _____ () C:\Users\User\Desktop\dds.txt
2014-02-28 23:44 - 2014-02-28 23:44 - 00007483 _____ () C:\Users\User\Desktop\attach.txt
2014-02-28 23:41 - 2014-02-28 23:41 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2014-02-28 18:02 - 2014-02-28 18:02 - 00001293 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-02-28 18:02 - 2014-02-28 18:02 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-02-28 17:53 - 2014-02-28 17:52 - 28656912 _____ (Panda Security ) C:\Users\User\Downloads\PandaCloudCleaner.exe
2014-02-27 17:28 - 2014-02-27 17:28 - 00115696 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-27 17:25 - 2014-02-27 17:25 - 00000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2014-02-27 17:24 - 2014-02-27 17:24 - 02406064 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HousecallLauncher64.exe
2014-02-26 19:36 - 2014-02-26 19:36 - 00000834 _____ () C:\Windows\PFRO.log
2014-02-26 17:37 - 2014-02-26 17:37 - 00000000 ____D () C:\Windows\ERUNT
2014-02-26 16:38 - 2014-02-26 16:38 - 00000000 ____D () C:\Users\User\Downloads\tdsskiller
2014-02-26 16:37 - 2014-02-26 16:37 - 04102163 _____ () C:\Users\User\Desktop\tdsskiller.zip
2014-02-26 16:11 - 2014-02-26 16:11 - 00982016 _____ (Farbar) C:\Users\User\Desktop\MiniToolBox.exe
2014-02-26 11:38 - 2014-02-26 11:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-26 11:38 - 2014-02-26 11:37 - 00439928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-25 12:26 - 2014-02-25 12:26 - 00013553 _____ () C:\Users\User\Desktop\CCleaner64.lnk
2014-02-24 18:15 - 2014-02-24 18:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-24 18:14 - 2014-02-24 18:14 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-24 18:14 - 2014-02-24 18:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2014-02-24 18:14 - 2014-02-24 18:14 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-24 18:13 - 2014-02-24 18:13 - 18004456 _____ (SUPERAntiSpyware) C:\Users\User\Downloads\SUPERAntiSpyware.exe
2014-02-24 18:05 - 2014-02-24 18:05 - 00101832 _____ (SUPERAntiSpyware.com) C:\Users\User\Downloads\SASUNINST.EXE
2014-02-23 11:49 - 2014-02-23 11:49 - 00347816 _____ (Microsoft Corporation) C:\Users\User\Downloads\MicrosoftFixit.IEPerformance.RNP.6331658331836686.2.1.Run.exe
2014-02-22 13:25 - 2014-02-19 14:54 - 00000976 _____ () C:\Users\Public\Desktop\Cyberfox.lnk
2014-02-22 13:13 - 2014-01-24 17:40 - 00000000 ____D () C:\Users\User\Documents\Top of the Pops
2014-02-22 12:43 - 2011-02-26 09:05 - 00049814 _____ () C:\Users\User\Documents\Weight.xlsx
2014-02-22 00:31 - 2014-02-21 17:53 - 00000000 ____D () C:\Users\User\Downloads\attachments(1)
2014-02-21 17:52 - 2014-02-21 17:52 - 01180270 _____ () C:\Users\User\Downloads\attachments(1).zip
2014-02-21 14:48 - 2014-02-11 17:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 14:48 - 2014-02-11 17:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 14:54 - 2014-02-19 14:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
2014-02-19 14:54 - 2014-02-19 14:54 - 00000000 ____D () C:\Program Files\Cyberfox
2014-02-19 14:50 - 2014-02-19 14:48 - 32932168 _____ (8pecxstudios ) C:\Users\User\Downloads\LatestVersionAMD.exe
2014-02-18 17:28 - 2014-02-03 09:48 - 00000000 ____D () C:\Users\User\dwhelper
2014-02-18 17:05 - 2014-01-24 14:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-02-18 14:22 - 2014-01-15 21:05 - 00000000 ____D () C:\Windows\Panther
2014-02-18 14:19 - 2014-02-18 14:19 - 00000000 ____D () C:\Users\User\Downloads\ccsetup410
2014-02-18 14:18 - 2014-02-18 14:17 - 04891520 _____ () C:\Users\User\Downloads\ccsetup410.zip
2014-02-17 23:01 - 2014-02-17 23:01 - 17890696 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\install_flash_player.exe
2014-02-17 14:54 - 2014-02-17 14:54 - 00001993 _____ () C:\Users\Public\Desktop\SeaMonkey.lnk
2014-02-17 14:54 - 2014-02-17 14:54 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
2014-02-17 14:54 - 2014-01-22 13:16 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-02-17 14:54 - 2014-01-21 17:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-02-17 14:47 - 2014-02-17 14:47 - 25463092 _____ () C:\Users\User\Downloads\SeaMonkey Setup 2.24.exe
2014-02-17 12:34 - 2014-01-15 13:23 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 12:34 - 2014-01-15 13:23 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 00:06 - 2014-01-15 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 00:05 - 2014-01-15 14:19 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 14:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 19:37 - 2014-01-15 13:25 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 12:14 - 2014-01-15 14:03 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-12 00:44 - 2014-02-11 22:15 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-02-12 00:40 - 2014-02-12 00:40 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2014-02-11 22:13 - 2014-02-11 22:13 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-02-11 22:13 - 2014-02-11 22:13 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-02-11 22:13 - 2014-02-11 22:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-02-11 20:46 - 2014-02-11 20:46 - 00000000 ____D () C:\Users\User\AppData\Local\8pecxstudios
2014-02-11 20:26 - 2014-01-15 13:54 - 00000878 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-11 20:13 - 2014-02-11 20:09 - 377110032 _____ () C:\Users\User\Downloads\25th december 1980 on Vimeo.mp4
2014-02-11 17:46 - 2014-01-22 13:26 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-02-08 19:04 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-07 12:05 - 2014-02-07 12:05 - 00000803 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-02-07 12:05 - 2014-02-07 12:05 - 00000000 ____D () C:\Program Files\Speccy
2014-02-07 12:03 - 2014-02-07 12:03 - 03780920 _____ (Piriform Ltd) C:\Users\User\Downloads\spsetup125_slim.exe
2014-02-06 12:16 - 2014-02-12 19:36 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:30 - 2014-02-12 19:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:30 - 2014-02-12 19:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 - 2014-02-12 19:36 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 11:07 - 2014-02-12 19:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:06 - 2014-02-12 19:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 19:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:56 - 2014-02-12 19:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:52 - 2014-02-12 19:36 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:49 - 2014-02-12 19:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:48 - 2014-02-12 19:36 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:48 - 2014-02-12 19:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:38 - 2014-02-12 19:36 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 10:32 - 2014-02-12 19:36 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:20 - 2014-02-12 19:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 10:17 - 2014-02-12 19:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:11 - 2014-02-12 19:36 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:01 - 2014-02-12 19:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 10:00 - 2014-02-12 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-12 19:36 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 09:57 - 2014-02-12 19:36 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 09:52 - 2014-02-12 19:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 09:52 - 2014-02-12 19:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 09:50 - 2014-02-12 19:36 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 09:49 - 2014-02-12 19:36 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 09:47 - 2014-02-12 19:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 09:46 - 2014-02-12 19:36 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 09:25 - 2014-02-12 19:36 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 09:25 - 2014-02-12 19:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 09:24 - 2014-02-12 19:36 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:22 - 2014-02-12 19:36 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:13 - 2014-02-12 19:36 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 09:09 - 2014-02-12 19:36 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 09:03 - 2014-02-12 19:36 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 08:55 - 2014-02-12 19:36 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 08:41 - 2014-02-12 19:36 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 08:40 - 2014-02-12 19:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 08:36 - 2014-02-12 19:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 08:34 - 2014-02-12 19:36 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-31 17:42 - 2014-01-31 17:40 - 00000000 ____D () C:\Users\User\Documents\Television

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\ntdll_dump.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 14:11

==================== End Of Log ============================

 

 

And now, Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2014
Ran by User at 2014-03-01 21:28:17
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 27.0.1.0 - 8pecxstudios)
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.0323.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.21.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
MyEPSON Portal (HKLM-x32\...\MyEPSON Connect) (Version:  - SEIKO EPSON Corporation)
MyEPSON Portal (x32 Version: 1.0.4.0 - SEIKO EPSON CORPORATION) Hidden
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.97 - Panda Security)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
SeaMonkey 2.24 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.24 (x86 en-US)) (Version: 2.24 - Mozilla)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

==================== Restore Points  =========================

04-02-2014 15:12:16 Scheduled Checkpoint
12-02-2014 12:13:26 Installed AVG 2014
12-02-2014 19:35:50 Windows Update
13-02-2014 14:53:44 Installed Software Updater
17-02-2014 00:05:31 Windows Update
24-02-2014 18:40:23 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0628AB42-3430-4495-B139-4D2DB0C9F559} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {2C16D7BE-D535-4F10-A03D-4E6182A1C871} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)
Task: {3C3BD67E-4BD0-409C-AD17-CB4E4B2E6B84} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {8F5EF3EE-B6D5-4A4E-BF75-F966F7F70244} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {9ACA807D-6AC8-4846-B51D-2F351D1D54BD} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkID=230628
Task: {A70B2B84-80F2-4F7D-A27C-B3A8D9C623A7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D3A085D9-4274-4EA2-B8B0-29C5E5A28B07} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {DD1300BE-7370-4306-B1C2-10EBEB1709BD} - System32\Tasks\EPSON XP-610 Series Invitation {258A706F-E1E5-4471-A328-3DF2A70EF6BA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {EE2E4313-6263-40BF-B760-222146647CCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)
Task: {F3FC53BD-407C-4A77-8D5B-37AC83503E6F} - System32\Tasks\EPSON XP-610 Series Update {258A706F-E1E5-4471-A328-3DF2A70EF6BA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {258A706F-E1E5-4471-A328-3DF2A70EF6BA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\EPSON XP-610 Series Update {258A706F-E1E5-4471-A328-3DF2A70EF6BA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-01-13 14:04 - 2012-01-13 14:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2014-01-15 13:28 - 2012-08-09 10:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-01-15 13:28 - 2012-08-09 10:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-02-19 14:54 - 2014-02-17 11:10 - 04507304 _____ () C:\Program Files\Cyberfox\mozjs.dll
2013-03-23 10:19 - 2013-03-23 10:19 - 02883651 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2013-01-25 17:43 - 2013-01-25 17:43 - 00651331 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2013-02-01 13:26 - 2013-02-01 13:26 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 15:22 - 2008-05-07 15:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 15:01 - 2012-05-08 15:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2012-11-27 15:03 - 2012-11-27 15:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-06-24 15:50 - 2010-06-24 15:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 19:00 - 2011-03-01 19:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2011-10-18 09:26 - 2011-10-18 09:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2013-02-01 13:23 - 2013-02-01 13:23 - 01499204 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2013-03-05 18:45 - 2013-03-05 18:45 - 01335362 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2013-03-23 10:59 - 2013-03-23 10:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 14:11 - 2003-02-14 14:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2012-12-25 15:14 - 2012-12-25 15:14 - 01318988 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2012-09-24 01:49 - 2012-09-24 01:49 - 03854336 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2012-09-24 01:49 - 2012-09-24 01:49 - 00573440 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2013-01-09 17:26 - 2013-01-09 17:26 - 00307200 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (02/07/2014 00:06:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5976 seconds with 2280 seconds of active time.  This session ended with a crash.

Error: (02/03/2014 10:26:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34289 seconds with 3000 seconds of active time.  This session ended with a crash.

Error: (02/02/2014 00:04:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6185 seconds with 2460 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 7661.54 MB
Available physical RAM: 5632.79 MB
Total Pagefile: 15321.26 MB
Available Pagefile: 13031.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:885.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8D281450)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by Castle Robin, 01 March 2014 - 04:37 PM.


#7 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 01 March 2014 - 04:47 PM

My computer is currently working fine, possibly now free of malware, but it looks like I have had malware on my computer, due to preceding situations mainly on Tuesday evening, and today having analysed initially Rogue Killer's log, due to two registry keys being replaced and two others being deleted.  As far as I know, the replaced keys are genuine ones but which were infected and the deleted ones were unwanted malware keys.

 

In the Farbar FRST log, I spotted this:

S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]

Is this malware?

I can't be sure if it's planted itself in Program Files or whether it automatically stores in Program Files due to being installed as part of AdwCleaner.  In case the AVG and Panda Cloud Cleaner diagnosis is accurate that Anti-Adware is malware or has been infested with malware, I've not used this since Tuesday.

Are Google files including Google Update meant to be in my computer? and

Are my Firefox extensions safe?

 

I'm not sure if my computer is now clean, as the problem with malware is that it can hide and not always make computer changes noticeable to the user, depending on the type of parasites, but these are excellent programs for seeking and cleaning out malware, etc and I'll await your next update before proceeding with more steps or concluding the steps before I resume downloading and deleting files, clearing the cache, etc. 


Edited by Castle Robin, 01 March 2014 - 05:40 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:00 PM

Posted 02 March 2014 - 08:47 AM

From previous advice on the forum, it is safe to delete these two entries, so I shall do a clean in just a moment.

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\prefs.js ]

Line Found : user_pref("extensions.trustmyweb.addons.firefox@hotmail.com.install-event-fired", true);


Firefox needs a profile to work. This is normal. It will be recreated if you delete it.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\firefox@ghostery.com.xpi [2014-02-19]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

#9 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 02 March 2014 - 11:21 AM

I hope this is right, as beyond my control, there was no FRST folder in sight when I first tried to add the fixlist.txt to one, causing me to have to create a new folder to place the text file into.  This didn't work, but I wasn't to know.

 

I then searched via Start instead to try to resolve the issue and this time the Fixlog.txt has displayed.  Most importantly, the file has since worked, which I list as follows:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 02
Ran by User at 2014-03-02 16:17:49 Run:1
Running from C:\Users\User\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\firefox@ghostery.com.xpi [2014-02-19]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]

end
*****************

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\Extensions\firefox@ghostery.com.xpi => Moved successfully.
HOSTS Anti-PUPs => Service deleted successfully.

==== End of Fixlog ====



#10 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 02 March 2014 - 11:29 AM

Somehow one of my downloads is out of date. :o  I'm sure they normally prompt me to download new updates, but I did change some Adobe settings during February while cleaning the cache so I may have accidentally turned the prompt off.

 

I can soon remedy this, but only when you give me the go ahead to update the Adobe Flash Player.  On occasions it has sneaked in, without my knowledge, McAfee Security Plus, which I don't require, as I already have other security software, whereas on other occasions it gives me the option to untick McAfee.

 

An update from earlier:

 

This is very intriguing - I've just checked to see if any plug-ins needed updating (but holding back any updating until you give me the cue first) and am most surprised to find that the 64 bit version of Adobe Flash Player 12.0.0.70 (listed as "Shockwave Flash" 12.0.0.70) is out of date in the Security Check, but "Up to Date" on this page:

 

https://www.mozilla.org/en-US/plugincheck/

 

On that basis, maybe I didn't change the Adobe prompts after all, but due to conflicting information on whether my flash player is updated, I don't know the correct status. 

 

Here is the Security Check log:

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
AVG Internet Security 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Panda Cloud Cleaner   
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 


Edited by Castle Robin, 02 March 2014 - 11:44 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:00 PM

Posted 02 March 2014 - 01:28 PM

Adobe Flash Player 12.0.0.70 Flash Player out of Date!

This is a false positive. The Security Tool need to be updated.

What at the final issues with this computer?

#12 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 02 March 2014 - 06:00 PM

 

Adobe Flash Player 12.0.0.70 Flash Player out of Date!

This is a false positive. The Security Tool need to be updated.

What at the final issues with this computer?

 

 

I am confused.  When you say "Security Tool", do you mean Security Check or Mozilla Plugin Check?, as they are both relating to security.

 

If you're referring to Security Check, I already had the most current version, which I installed for the first time earlier.

 

There isn't a way to update the Mozilla PlugIn Check, only the plugins themselves, which are both listed as up-to-date.

 

Adobe Flash Player's current version is the same as above - 12.0.0.70:

 

http://get.adobe.com/flashplayer/?promoid=JZEFT
http://www.adobe.com/products/flashplayer/distribution3.html
http://forums.adobe.com/thread/1018230 - This lists the 64 bit Flash Player as "Macromedia", which I thought that Adobe had taken over

 

I wasn't sure what to do, so I re-downloaded and replaced the first copy that I downloaded earlier with a new copy of Security Check.  The results are exactly the same as before.

 

Only one adverse thing, which may not be related to malware, occurred briefly earlier - while I was viewing another Bleepingcomputer web page, the browser froze, unfroze, froze then unfroze a small number of times.

 

I'm lost.  What are the final issues you're referring to? or do you mean these?:-

 

Is this malware?:

S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]

Are Google files including Google Update meant to be in my computer? and

Are my Firefox extensions safe?

 

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
AVG Internet Security 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Panda Cloud Cleaner   
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 


Edited by Castle Robin, 02 March 2014 - 06:02 PM.


#13 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 03 March 2014 - 09:03 AM

Hi Nasdaq

 

I don't know if this is connected with any of the other malware warnings/findings, but I have just found out that the Ixquick search engine is malware.

 

What is the safest and quickest way to remove this?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:00 PM

Posted 03 March 2014 - 09:03 AM

Sorry I should have said Security Check tool.
You have the latest version of Flash.

===


HOSTS Anti-PUPs/Adwares was a tool you installed. Your version was removed, the file was missing. I just remove it remnant item from the registry.
Read about it.
http://www.shouldiremoveit.com/HOSTS-Anti-PUPsAdwares-88769-program.aspx
===

Your logs are clean.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
Ignore if ComboFix was not used.
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#15 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 03 March 2014 - 09:55 AM

Can you confirm if my computer did have malware? and

 

How do I use ComboFix?

 

I've read that ComboFix deletes browser hijackers, like IX Quick from user's computers.

 

I've only found out this afternoon that this is a virus of some kind, but I can't be sure if it has anything to do with the malware warnings and "DomaIQ" and "Fake Flash" listings that appeared on Tuesday evening.

 

What I do know is, exactly as stated online, it hijacks a user's browser, as I previously had about 6 search engines in a drop down menu including Amazon, Ebay, Google and Bing which are now gone and replaced by solely IXQuick which has  hijacked my browser to become my opening and sole opening search engine.

 

I'll assume that Google files including Google Update are normally installed on computers and that my Firefox extensions are safe from your updates unless you say otherwise.  One add-on has "Play strategy games" and "Coupons Helper" in the menu when right clicking on the icon, which have installed with the add-on and are also available as individual downloads from Download Helper.

 

I have since installed the Should I Remove It program which doesn't list the Anti-PUP program which still remains as part of AdwCleaner.  After what happened on Tuesday night, I have stayed well clear of the Anti-PUP section of AdwCleaner in successive downloads from the Bleepingcomputer download then most recently the French web site download of the same programs.

 

Thanks for all your efforts. :)  I'll work my way through your list of information and web site links & downloads and await your update on IXQuick.  Other than that, it sounds like my computer is now free of malware.


Edited by Castle Robin, 03 March 2014 - 10:20 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users