Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cyberfox Browser (Modified Firefox) Commandeered by winstart.bat


  • This topic is locked This topic is locked
8 replies to this topic

#1 MelissaPleases

MelissaPleases

  • Members
  • 537 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Now in the Heartland of the USA
  • Local time:08:41 AM

Posted 02 March 2014 - 11:59 PM

I seem to have picked something up, and I cannot find any definitive answer in regard to what it is or how to remove it.

 

I first became aware of this file when I opened Cyberfox browser tonight. After my home page loaded, three more tabs opened, with requests to download a file on each of them. Of course, I did not download. The Firefox Add-on WOT also went off, notifying me that these were untrustworthy sites. I have been using this particular browser for several weeks now, and never had a problem. It comes from a very reliable source.

 

This behavior does not occur in IE, nor does it occur in Opera. Cyberfox seems to be the only browser affected.

 

At any rate, I closed everything and ran a quick scan with Avast! Free. The scan returned a finding of zero infected items, with one curious additional notification:

 

"C:\WINDOWS\winstart.bat is offline - it is currently not available (42006)"

 

Next, I ran a scan with Malwarebytes. It returned with 23 suspicious files, which I told it to remove. A second scan confirmed that it did so successfully.

 

So, in keeping with the notice at the top of the attach.txt file, I'll hold on to that until needed by any responders. I am attaching a zip file containing the dds.txt file, as well as the Malwarebytes log, in case it is needed.

 

As an aside, I made a system drive backup about two weeks ago using DriveImage XML. so if it comes down to it, I can restore the drive using that. I would like that to be a last resort, however, as I've done a fair amount of work in that time frame. I know, I need to do more frequent backups - but at least I'm doing it on a every two weeks or so now, instead of never doing it...

Attached Files


Snowden03.png

~   Notorious Thread Killer   ~
Case: CoolerMaster Storm Trooper Full ATX | Motherboard: GIGABYTE GA-Z170X | CPU: Intel Core i7-6700K 8M Skylake Quad-Core | GPU: MSI Radeon R9 390X 8GB 512-Bit | PSU: EVGA 80 PLUS GOLD 850 W | RAM: Corsair Vengeance DDR4 SDRAM [4x8GB] Audio: Integrated Creative Sound Core 3D 5.1 | Internal Storage: Samsung 2 TB HDD | Seagate 1 TB HDD | Samsung 500GB SSD [x2] | Mushkin 500GB SSD | External Storage: Seagate 2TB | Optical Drive: Lite-On iHAS324 Dual Layer

Display 1: AOC I2757Fh 27" | Display 2 & 3: LG 24MP57HQ-P 24" | Operating Systems: OS 1: Windows 10 Professional | OS 2: Linux Mint Cinnamon | OS 3: Windows 7 Ultimate x-64 | Antivirus: MS Security Essentials | Firewall: Windows Firewall


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,239 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:41 AM

Posted 03 March 2014 - 09:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 MelissaPleases

MelissaPleases
  • Topic Starter

  • Members
  • 537 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Now in the Heartland of the USA
  • Local time:08:41 AM

Posted 03 March 2014 - 11:59 AM

Okay, first things first... Thank you for such a quick response - I expected that to take a couple of days, at least. I had not checked my email - being preoccupied with this issue at the moment - so I took a couple of minor steps on my own prior to seeing this response.

 

Using my amazing powers of deduction, I reached the conclusion that since this issue only occurred when using the Cyberfox browser, it must therefor be somehow linked to the running of that browser. Using Revo Uninstaller, I got rid of the browser, as well as the leftovers that Revo was able to find. I rebooted the computer, tried all other browsers with no problem. I was about to download and reinstall Cyberfox when I saw that that you had replied to my post. Wanting to err on the side of caution, I held off on that, and followed the steps that you outlined. (Yes, yes - I know, it's an odd username for someone named Melissa. It has a connection to my maiden name, and to my partying college days nickname. :blink: )

 

Anyway, the results are as follows:

 

=======================================

 

AdwCleaner[S0].txt

 

# AdwCleaner v3.020 - Report created 03/03/2014 at 10:18:04
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Wolfy - WOLFY-PC
# Running from : C:\Users\Wolfy\Desktop\adwcleaner.exe
# Option : Clean

 

Attached File  Addition.zip   8.47KB   0 downloads
***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\RegClean
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v6
Folder Deleted : C:\Users\Wolfy\AppData\Local\Conduit
Folder Deleted : C:\Users\Wolfy\AppData\Local\PackageAware
Folder Deleted : C:\Users\Wolfy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Wolfy\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Wolfy\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Wolfy\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Wolfy\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Wolfy\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Wolfy\AppData\Roaming\DSite
Folder Deleted : C:\Users\Wolfy\AppData\Roaming\iSafe
Folder Deleted : C:\Users\Wolfy\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Wolfy\AppData\Roaming\SpeedyPC Software
File Deleted : C:\END
File Deleted : C:\Users\Wolfy\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EF7CCEA-7DBF-431A-99D9-ED0BF26F441D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A72500B-28AE-43AE-86FD-7D27ABB0F9B4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v6
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\uTorrentControl_v6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v6 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ File : C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "1447bbc8831c9a7906bf9f425e85ce3a");

*************************

AdwCleaner[R0].txt - [11265 octets] - [03/03/2014 10:17:11]
AdwCleaner[S0].txt - [10257 octets] - [03/03/2014 10:18:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10318 octets] ##########

 

=======================================

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Wolfy on Mon 03/03/2014 at 10:29:07.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E2A1862D-764B-4A91-B414-63F302357E4A}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Wolfy\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\smarttweak"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Users\Wolfy\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/03/2014 at 10:33:57.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

=======================================

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-03-2014
Ran by Wolfy (administrator) on WOLFY-PC on 03-03-2014 11:22:36
Running from C:\Users\Wolfy\Desktop\farbar
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
() C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-06] (AVAST Software)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\runonceex: [Flags] - 128
HKLM-x32\...\runonceex: [Title] - UnHackMe Rootkit Check
HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-05] (Microsoft Corporation)
HKU\S-1-5-21-2947717778-913980176-3336947466-1000\...\Run: [POP Peeper] - C:\Program Files (x86)\POP Peeper\POPPeeper.exe [1613824 2011-11-16] (Mortal Universe)
HKU\S-1-5-21-2947717778-913980176-3336947466-1000\...\Run: [KeePass Password Safe 2] - I:\KeePass 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKU\S-1-5-21-2947717778-913980176-3336947466-1000\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA4DB0195DE46CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {12FBBEF1-8C9D-4190-8ACC-6CB6D423E6E4} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {E1A31D1A-ADB4-4FDD-BA6B-7340429B254C} URL = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=90d79487c79048cfbbec7fe458ce1a8e&tu=11JL0008D2B000s&sku=&tstsId=&ver=&&r=54
BHO: Plus-HD-7.6 - {11111111-1111-1111-1111-110511071178} - C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-bho64.dll No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default
FF NewTab: about:blank
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.cnn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\searchplugins\duckduckgo.xml
FF Extension: Plus-HD-7.6 - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\1079a15c-f3ae-4d92-b473-c51c7f3bc6de@63449f71-c434-4007-828c-7025ecf04b05.com [2014-02-28]
FF Extension: KeeFox - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\keefox@chris.tomlinson [2014-02-20]
FF Extension: ColorfulTabs - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-02-27]
FF Extension: WOT - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-02-15]
FF Extension: Autofill Forms - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\autofillForms@blueimp.net.xpi [2014-02-20]
FF Extension: Clear Console - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\clearConsole@penzil.com.xpi [2014-02-15]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-02-15]
FF Extension: Ghostery - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\firefox@ghostery.com.xpi [2014-02-15]
FF Extension: Self-Destructing Cookies - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-02-15]
FF Extension: DuckDuckGo Plus - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-02-15]
FF Extension: Link Password - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\LinkPassword@EvighetensFilosofi.xpi [2014-02-16]
FF Extension: No Name - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\noverflow@sdrocking.com.xpi [2014-02-15]
FF Extension: S3.Google Translator - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\s3google@translator.xpi [2014-02-15]
FF Extension: No Name - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2014-02-15]
FF Extension: Secure Login - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\secureLogin@blueimp.net.xpi [2014-02-21]
FF Extension: Thumbnail Zoom Plus - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2014-02-15]
FF Extension: URL Fixer - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}.xpi [2014-02-15]
FF Extension: Session Manager - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-02-15]
FF Extension: Clean Links - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-02-15]
FF Extension: Integrated Inbox for Gmail & Google Apps - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi [2014-02-15]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2014-02-15]
FF Extension: NoScript - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-15]
FF Extension: New Tab Wallpapers - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi [2014-02-15]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-02-15]
FF Extension: Show my Password - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2014-02-15]
FF Extension: RightToClick - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-02-15]
FF Extension: Adblock Plus - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-07-25]

==================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
S3 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-07-01] ()
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-06] (AVAST Software)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [32240 2010-07-14] ()
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] ()
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46592 2011-01-05] ()
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-06] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-03] ()
S3 NTIOLib_1_0_1; C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2013-12-16] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2013-12-16] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2013-12-16] ()
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-03 11:21 - 2014-03-03 11:22 - 00000000 ____D () C:\FRST
2014-03-03 11:20 - 2014-03-03 11:21 - 00000000 ____D () C:\Users\Wolfy\Desktop\BC Help
2014-03-03 10:29 - 2014-03-03 10:29 - 00000000 ____D () C:\Windows\ERUNT
2014-03-03 10:19 - 2014-03-03 10:19 - 00000022 _____ () C:\Windows\S.dirmngr
2014-03-03 10:17 - 2014-03-03 10:18 - 00000000 ____D () C:\AdwCleaner
2014-03-03 10:11 - 2014-03-03 11:22 - 00000000 ____D () C:\Users\Wolfy\Desktop\farbar
2014-03-03 10:10 - 2014-03-03 10:10 - 01244192 _____ () C:\Users\Wolfy\Desktop\adwcleaner.exe
2014-03-03 10:10 - 2014-03-03 10:10 - 01037734 _____ (Thisisu) C:\Users\Wolfy\Desktop\JRT.exe
2014-03-03 09:56 - 2014-03-03 09:56 - 00348522 _____ () C:\Users\Wolfy\Desktop\bookmarks.html
2014-03-02 23:57 - 2014-03-02 23:57 - 00008252 _____ () C:\Users\Wolfy\Desktop\Attachments.zip
2014-03-02 23:05 - 2014-03-02 23:14 - 00011005 _____ () C:\Users\Wolfy\Desktop\attach.txt
2014-03-02 23:05 - 2014-03-02 23:12 - 00025948 _____ () C:\Users\Wolfy\Desktop\dds.txt
2014-03-02 23:04 - 2014-03-02 23:04 - 00688992 ____R (Swearware) C:\Users\Wolfy\Desktop\dds.com
2014-03-02 15:22 - 2014-03-02 15:22 - 00000000 _____ () C:\Users\Wolfy\takedown
2014-03-02 14:13 - 2014-03-02 14:13 - 00000963 _____ () C:\Users\Wolfy\Desktop\RocketDock.lnk
2014-03-02 14:11 - 2014-03-02 14:11 - 06463660 _____ (Punk Software ) C:\Users\Wolfy\Downloads\RocketDock-v1.3.5.exe
2014-03-02 13:05 - 2014-03-02 13:05 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-02 12:59 - 2014-03-02 12:59 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\Korbin_Bickel
2014-03-02 10:54 - 2014-03-02 11:30 - 00000000 ____D () C:\Program Files (x86)\Screensavers
2014-03-02 10:54 - 2014-03-02 10:54 - 00001940 _____ () C:\Users\Wolfy\Desktop\LCARS USS Enterprise Galaxy Class MSD.lnk
2014-03-02 10:03 - 2014-03-02 10:03 - 00000000 ____D () C:\Program Files (x86)\NCH Swift Sound
2014-03-02 09:57 - 2014-03-02 09:57 - 00000380 _____ () C:\setuplogfile.log
2014-03-02 09:54 - 2014-03-02 09:54 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-03-02 09:51 - 2014-03-02 09:51 - 00001983 _____ () C:\Users\Public\Desktop\ASUS Boot Setting 1.00.10.lnk
2014-03-02 09:51 - 2014-03-02 09:51 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-03-02 09:51 - 2010-08-24 15:16 - 00013440 _____ () C:\Windows\SysWOW64\Drivers\AsIO.sys
2014-03-02 09:51 - 2010-06-29 15:41 - 00028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2014-03-02 09:34 - 2014-03-02 09:34 - 00000000 ____D () C:\Program Files\Rainmeter
2014-03-02 09:19 - 2014-03-02 09:19 - 00001039 _____ () C:\Users\Public\Desktop\Theme Manager.lnk
2014-03-02 09:19 - 2014-03-02 09:19 - 00000000 ____D () C:\Program Files (x86)\Theme Manager
2014-03-01 15:11 - 2014-03-02 11:50 - 00000000 ____D () C:\Users\Wolfy\Downloads\_Star Trek Stuff
2014-03-01 08:56 - 2014-03-01 08:56 - 00001178 _____ () C:\Users\Wolfy\Desktop\instructions.txt
2014-03-01 08:00 - 2014-03-01 08:00 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Theme Resource Changer X64 v1.0
2014-02-28 23:41 - 2014-02-28 23:58 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-02-28 23:41 - 2014-02-28 23:41 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Yahoo!
2014-02-28 23:41 - 2014-02-28 23:41 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-02-28 23:40 - 2014-02-28 23:57 - 00000000 ____D () C:\Program Files (x86)\HUD-Blue Skin Pack
2014-02-28 22:44 - 2014-02-28 22:44 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7tsp
2014-02-28 22:22 - 2014-02-28 22:22 - 00044544 _____ () C:\Windows\SysWOW64\Gif89.dll
2014-02-28 22:16 - 2014-02-28 22:16 - 01226624 _____ () C:\Users\Wolfy\Desktop\greenbiohazard.rar
2014-02-28 22:16 - 2014-02-28 22:16 - 00005422 _____ () C:\Windows\System32\Tasks\Plus-HD-7.6-validator
2014-02-28 22:16 - 2014-02-28 22:16 - 00004538 _____ () C:\Windows\System32\Tasks\Plus-HD-7.6-updater
2014-02-28 22:16 - 2014-02-28 22:16 - 00004494 _____ () C:\Windows\System32\Tasks\Plus-HD-7.6-codedownloader
2014-02-28 22:16 - 2014-02-28 22:16 - 00004392 _____ () C:\Windows\System32\Tasks\Plus-HD-7.6-enabler
2014-02-28 20:27 - 2014-03-01 07:41 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-02-28 20:27 - 2014-02-28 20:27 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-02-28 20:27 - 2013-06-04 12:23 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2014-02-28 12:12 - 2014-02-28 12:12 - 00002067 _____ () C:\Users\Public\Desktop\AMD OverDrive.lnk
2014-02-28 12:12 - 2014-02-28 12:12 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-02-28 12:11 - 2014-02-28 12:11 - 00001981 _____ () C:\Users\Public\Desktop\EasyViewer.lnk
2014-02-28 12:11 - 2014-02-28 12:11 - 00001101 _____ () C:\Users\Public\Desktop\Live Update 5.lnk
2014-02-28 12:10 - 2014-02-28 12:10 - 00001032 _____ () C:\Users\Public\Desktop\MSI VideoGenie.lnk
2014-02-28 12:10 - 2014-02-28 12:10 - 00000928 _____ () C:\Users\Public\Desktop\Teaming Genie.lnk
2014-02-28 12:10 - 2014-02-28 12:10 - 00000207 _____ () C:\setup.log
2014-02-28 12:10 - 2014-02-28 12:10 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\InstallShield
2014-02-28 12:10 - 2010-04-10 15:05 - 00050720 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtTeam60.sys
2014-02-28 12:10 - 2009-07-20 10:27 - 00027136 _____ (Realtek ) C:\Windows\system32\Drivers\RtNdPt60.sys
2014-02-28 12:09 - 2014-02-28 12:11 - 00000000 ____D () C:\Program Files (x86)\MSI
2014-02-28 12:09 - 2014-02-28 12:09 - 00001205 _____ () C:\Users\Public\Desktop\BIOSUnlockCPUCore.lnk
2014-02-28 12:09 - 2014-02-28 12:09 - 00001177 _____ () C:\Users\Public\Desktop\Super-Charger.lnk
2014-02-28 12:09 - 2014-02-28 12:09 - 00001157 _____ () C:\Users\Public\Desktop\ControlCenter.lnk
2014-02-28 12:09 - 2014-02-28 12:09 - 00001097 _____ () C:\Users\Public\Desktop\AutoBoot.lnk
2014-02-28 12:09 - 2006-12-26 12:01 - 00000222 _____ () C:\Windows\ver5.5.14.0.txt
2014-02-28 12:09 - 2006-10-13 08:18 - 00380928 _____ (NVIDIA) C:\Windows\ntuneoem.dll
2014-02-28 12:09 - 2006-10-13 08:18 - 00018216 _____ (NVidia Corp.) C:\Windows\nvoclk64.sys
2014-02-28 12:09 - 2006-10-13 08:18 - 00006912 _____ (NVidia Corp.) C:\Windows\nvoclock.sys
2014-02-28 12:09 - 2006-10-13 08:16 - 00421888 _____ (NVIDIA) C:\Windows\nvsulib.dll
2014-02-28 12:09 - 2006-10-13 08:13 - 01622016 _____ (NVIDIA) C:\Windows\NVBenchMarks.dll
2014-02-28 12:09 - 2006-10-13 08:12 - 00028672 _____ (NVIDIA) C:\Windows\AutoTuneScript.dll
2014-02-28 12:09 - 2006-09-05 14:59 - 00217088 _____ () C:\Windows\NVGfxOgl.dll
2014-02-28 12:09 - 2006-08-21 09:20 - 00045056 _____ (NVIDIA) C:\Windows\NTuneGpu.dll
2014-02-28 12:09 - 2006-06-01 17:22 - 00053248 _____ (NVIDIA Corporation) C:\Windows\Nvgpio.dll
2014-02-28 12:09 - 2005-09-23 16:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\MFC71.dll
2014-02-28 12:09 - 2005-09-23 16:33 - 00499712 _____ (Microsoft Corporation) C:\Windows\msvcp71.dll
2014-02-28 12:09 - 2005-09-23 16:33 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2014-02-28 08:48 - 2014-02-28 08:48 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\NeoSmart_Technologies
2014-02-28 08:47 - 2014-02-28 08:47 - 00049152 _____ () C:\Users\Wolfy\Documents\EasyBCD Backup (2014-02-28).bcd
2014-02-28 08:42 - 2014-02-28 08:42 - 00000000 ____D () C:\ProgramData\launcher
2014-02-28 08:42 - 2014-02-28 08:42 - 00000000 ____D () C:\ProgramData\explauncher
2014-02-27 07:00 - 2014-02-27 07:00 - 00000000 ____D () C:\ProgramData\Macrium
2014-02-27 06:58 - 2014-02-27 06:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2014-02-27 06:57 - 2014-03-02 09:13 - 00000000 ____D () C:\Program Files\Paragon Software
2014-02-27 06:56 - 2014-02-28 12:12 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\Downloaded Installations
2014-02-27 06:54 - 2014-02-27 06:54 - 00000000 ____D () C:\Program Files (x86)\NeoSmart Technologies
2014-02-27 06:53 - 2014-02-27 06:53 - 00001107 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-02-27 06:53 - 2014-02-27 06:53 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-02-26 13:11 - 2014-02-26 13:11 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-22 18:43 - 2014-03-02 14:13 - 00000000 ____D () C:\Program Files (x86)\RocketDock
2014-02-20 22:16 - 2014-02-26 16:01 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-02-20 21:27 - 2014-02-20 21:27 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\SanDisk SecureAccess
2014-02-18 16:16 - 2014-02-18 17:24 - 00000000 ____D () C:\Users\Wolfy\Documents\CRASH
2014-02-18 08:22 - 2014-02-18 08:22 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\TeamViewer
2014-02-17 16:10 - 2014-03-02 15:00 - 00000000 ____D () C:\Program Files (x86)\7tsp
2014-02-17 16:05 - 2014-03-01 08:18 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker
2014-02-17 15:30 - 2014-02-28 23:57 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\AIMP3
2014-02-17 15:30 - 2014-02-26 15:03 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-02-17 15:03 - 2014-02-26 14:39 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\AIMP
2014-02-17 14:55 - 2014-02-28 20:01 - 00000000 ____D () C:\Users\Wolfy\Downloads\_AIMP
2014-02-16 16:39 - 2014-02-16 16:39 - 00000722 _____ () C:\Users\Wolfy\AppData\Local\recently-used.xbel
2014-02-16 16:38 - 2014-02-16 16:38 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\gtk-2.0
2014-02-16 13:22 - 2014-03-01 07:40 - 00000000 ____D () C:\ProgramData\RegRun
2014-02-16 12:40 - 2014-02-16 12:40 - 00000000 ____D () C:\Windows\Intuit
2014-02-16 12:33 - 2014-02-16 12:33 - 00000000 ____D () C:\Program Files (x86)\Yellow Pages Spider
2014-02-16 12:29 - 2014-02-16 12:29 - 00000000 ____D () C:\Users\Wolfy\Documents\LogoMaker
2014-02-16 12:23 - 2014-02-28 21:27 - 00000000 ____D () C:\Users\Wolfy\Downloads\_Wallpaper, Themes, More
2014-02-16 12:11 - 2014-02-16 12:11 - 00000000 ____D () C:\tmpDownload
2014-02-16 12:10 - 2014-02-16 12:10 - 00034308 _____ () C:\ProgramData\mazuki.dll
2014-02-16 12:09 - 2014-02-16 12:09 - 00000000 ____D () C:\YouTubeGet
2014-02-16 12:06 - 2014-03-01 09:35 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\http___www.julien-manici
2014-02-16 12:03 - 2014-02-16 12:03 - 00003065 _____ () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Logon Background Changer.lnk
2014-02-16 12:03 - 2014-02-16 12:03 - 00000000 ____D () C:\Program Files (x86)\Julien MANICI
2014-02-16 11:48 - 2014-02-27 06:43 - 00000000 ____D () C:\Users\Wolfy\Documents\EBooks
2014-02-16 11:33 - 2014-03-01 07:41 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-02-16 11:33 - 2014-03-01 07:41 - 00000000 ____D () C:\Users\Wolfy\Documents\RegRun2
2014-02-15 21:39 - 2014-02-15 21:39 - 00000000 ____D () C:\Program Files (x86)\Siber Systems
2014-02-15 09:17 - 2014-02-26 16:01 - 00000000 ____D () C:\Users\Wolfy\Downloads\_CyberFox Browser
2014-02-15 08:21 - 2014-02-15 08:21 - 00251198 _____ () C:\Users\Wolfy\Documents\Opera Bookmarks.adr
2014-02-15 08:19 - 2014-02-15 08:19 - 00234986 _____ () C:\Users\Wolfy\Documents\Opera Bookmarks.html
2014-02-14 16:43 - 2014-02-26 16:01 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Rainmeter
2014-02-14 16:43 - 2014-02-14 16:43 - 00000000 ____D () C:\Users\Wolfy\Documents\Rainmeter
2014-02-14 13:59 - 2014-03-03 10:19 - 00006925 _____ () C:\Windows\setupact.log
2014-02-14 13:59 - 2014-02-14 13:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 13:58 - 2014-03-02 22:47 - 00009842 _____ () C:\Windows\PFRO.log
2014-02-14 12:29 - 2012-10-29 16:37 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeservice.dll.backup
2014-02-13 11:44 - 2014-02-02 22:04 - 00000187 _____ () C:\Users\Wolfy\Documents\NewDatabase.key
2014-02-13 09:56 - 2012-10-29 16:37 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeservice.dll
2014-02-12 14:03 - 2014-02-20 22:18 - 00003742 _____ () C:\Users\Wolfy\Documents\NewDatabase.kdbx
2014-02-11 16:27 - 2014-02-11 16:27 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\ThemeManager
2014-02-11 15:05 - 2014-03-01 08:00 - 00000000 ____D () C:\Program Files\Theme Resource Changer
2014-02-11 14:47 - 2014-03-02 22:06 - 00000000 ____D () C:\Users\Wolfy\Desktop\Storage
2014-02-11 14:45 - 2014-02-11 14:45 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\FreeCommanderXE
2014-02-11 14:45 - 2014-02-11 14:45 - 00000000 ____D () C:\Program Files (x86)\FreeCommander XE
2014-02-11 14:17 - 2014-02-26 16:01 - 00000000 ____D () C:\Windows\system32\Taskman
2014-02-11 07:31 - 2014-03-03 10:27 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\KeePass
2014-02-10 15:07 - 2014-02-10 15:07 - 00000000 ____D () C:\Program Files (x86)\SkinPack
2014-02-10 15:02 - 2014-02-10 15:02 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\VS Revo Group
2014-02-10 15:01 - 2014-02-10 15:01 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-02-10 15:01 - 2014-02-10 15:01 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-10 15:01 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-02-10 14:29 - 2010-11-20 07:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll.backup
2014-02-10 14:29 - 2009-07-13 20:11 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll.backup
2014-02-10 14:03 - 2009-07-13 20:39 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2014-02-10 14:02 - 2010-11-20 08:27 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll.backup
2014-02-10 14:02 - 2010-11-20 08:27 - 01808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2014-02-10 14:02 - 2010-11-20 08:27 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-02-10 14:02 - 2010-11-20 08:25 - 00749568 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2014-02-10 14:02 - 2009-07-13 20:41 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll.backup
2014-02-10 14:02 - 2009-07-13 20:41 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll.backup
2014-02-10 14:02 - 2009-07-13 20:39 - 06676480 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2014-02-10 14:02 - 2009-07-13 20:38 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2014-02-10 11:58 - 2014-02-28 12:26 - 00000000 ____D () C:\Windows\pss
2014-02-10 11:07 - 2014-02-10 11:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-09 14:46 - 2014-02-10 00:39 - 00000000 ____D () C:\Program Files (x86)\YoWindow
2014-02-09 14:46 - 2014-02-09 15:37 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\YoWindow
2014-02-09 14:46 - 2014-02-09 14:46 - 00000000 ____D () C:\ProgramData\YoWindow
2014-02-09 13:57 - 2014-02-09 13:57 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\RegistryKeys
2014-02-09 12:47 - 2014-02-28 23:57 - 00000000 ____D () C:\Program Files (x86)\Skin Pack
2014-02-09 12:15 - 2014-02-28 20:10 - 00000000 ____D () C:\Users\Wolfy\Downloads\_7-Data Recovery Suite 2.1
2014-02-09 12:02 - 2014-02-16 12:14 - 00000000 ____D () C:\Users\Wolfy\Downloads\_YouTubeGet
2014-02-08 17:37 - 2014-02-08 18:02 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-08 17:37 - 2014-02-08 18:02 - 00000000 ____D () C:\Program Files (x86)\Intuit
2014-02-08 17:36 - 2014-02-08 17:36 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11
2014-02-08 12:26 - 2014-02-09 16:37 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Claws-mail
2014-02-08 12:09 - 2014-02-08 12:10 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\.kde
2014-02-08 12:03 - 2014-02-08 12:03 - 00006012 _____ () C:\Users\Wolfy\secret-key-EEE6045B.asc
2014-02-08 11:50 - 2014-02-08 11:50 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\GNU
2014-02-08 11:49 - 2014-02-17 10:39 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\gnupg
2014-02-08 11:49 - 2014-02-11 15:43 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-02-08 11:49 - 2014-02-08 11:49 - 00000000 ____D () C:\ProgramData\GNU
2014-02-06 22:12 - 2014-03-02 09:44 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AC0C2D6-3CFC-4470-AE4E-410E7C6796E1}
2014-02-03 16:30 - 2014-02-05 00:30 - 00000077 _____ () C:\Users\Wolfy\AppData\Roaming\WB.CFG
2014-02-02 21:56 - 2014-02-17 05:32 - 00000510 _____ () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Free Password Generator.lnk

==================== One Month Modified Files and Folders =======

2014-03-03 11:22 - 2014-03-03 11:21 - 00000000 ____D () C:\FRST
2014-03-03 11:22 - 2014-03-03 10:11 - 00000000 ____D () C:\Users\Wolfy\Desktop\farbar
2014-03-03 11:22 - 2013-05-03 10:16 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\POP Peeper
2014-03-03 11:21 - 2014-03-03 11:20 - 00000000 ____D () C:\Users\Wolfy\Desktop\BC Help
2014-03-03 10:29 - 2014-03-03 10:29 - 00000000 ____D () C:\Windows\ERUNT
2014-03-03 10:27 - 2014-02-11 07:31 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\KeePass
2014-03-03 10:27 - 2009-07-13 23:45 - 00014736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 10:27 - 2009-07-13 23:45 - 00014736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 10:23 - 2014-01-23 07:07 - 01614981 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 10:20 - 2013-05-02 11:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-03 10:19 - 2014-03-03 10:19 - 00000022 _____ () C:\Windows\S.dirmngr
2014-03-03 10:19 - 2014-02-14 13:59 - 00006925 _____ () C:\Windows\setupact.log
2014-03-03 10:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 10:18 - 2014-03-03 10:17 - 00000000 ____D () C:\AdwCleaner
2014-03-03 10:18 - 2013-05-24 08:45 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\CheckPoint
2014-03-03 10:10 - 2014-03-03 10:10 - 01244192 _____ () C:\Users\Wolfy\Desktop\adwcleaner.exe
2014-03-03 10:10 - 2014-03-03 10:10 - 01037734 _____ (Thisisu) C:\Users\Wolfy\Desktop\JRT.exe
2014-03-03 09:56 - 2014-03-03 09:56 - 00348522 _____ () C:\Users\Wolfy\Desktop\bookmarks.html
2014-03-02 23:57 - 2014-03-02 23:57 - 00008252 _____ () C:\Users\Wolfy\Desktop\Attachments.zip
2014-03-02 23:14 - 2014-03-02 23:05 - 00011005 _____ () C:\Users\Wolfy\Desktop\attach.txt
2014-03-02 23:12 - 2014-03-02 23:05 - 00025948 _____ () C:\Users\Wolfy\Desktop\dds.txt
2014-03-02 23:04 - 2014-03-02 23:04 - 00688992 ____R (Swearware) C:\Users\Wolfy\Desktop\dds.com
2014-03-02 22:47 - 2014-02-14 13:58 - 00009842 _____ () C:\Windows\PFRO.log
2014-03-02 22:06 - 2014-02-11 14:47 - 00000000 ____D () C:\Users\Wolfy\Desktop\Storage
2014-03-02 15:28 - 2013-05-05 09:01 - 01881088 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2014-03-02 15:27 - 2013-05-01 21:37 - 00000000 ___RD () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-02 15:26 - 2013-05-05 09:01 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\Exploreframe_03-02-2014@15-28.gsw
2014-03-02 15:22 - 2014-03-02 15:22 - 00000000 _____ () C:\Users\Wolfy\takedown
2014-03-02 15:22 - 2013-05-01 21:36 - 00000000 ____D () C:\Users\Wolfy
2014-03-02 15:10 - 2009-07-14 00:13 - 00781462 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 15:01 - 2009-07-13 23:45 - 04981936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-02 15:00 - 2014-02-17 16:10 - 00000000 ____D () C:\Program Files (x86)\7tsp
2014-03-02 14:13 - 2014-03-02 14:13 - 00000963 _____ () C:\Users\Wolfy\Desktop\RocketDock.lnk
2014-03-02 14:13 - 2014-02-22 18:43 - 00000000 ____D () C:\Program Files (x86)\RocketDock
2014-03-02 14:11 - 2014-03-02 14:11 - 06463660 _____ (Punk Software ) C:\Users\Wolfy\Downloads\RocketDock-v1.3.5.exe
2014-03-02 13:39 - 2013-05-02 07:44 - 00091408 _____ () C:\Users\Wolfy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-02 13:31 - 2013-05-05 09:00 - 03049472 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-03-02 13:31 - 2009-07-13 18:55 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-02 13:31 - 2009-07-13 18:54 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
2014-03-02 13:05 - 2014-03-02 13:05 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-02 12:59 - 2014-03-02 12:59 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\Korbin_Bickel
2014-03-02 11:52 - 2013-05-16 18:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 11:50 - 2014-03-01 15:11 - 00000000 ____D () C:\Users\Wolfy\Downloads\_Star Trek Stuff
2014-03-02 11:30 - 2014-03-02 10:54 - 00000000 ____D () C:\Program Files (x86)\Screensavers
2014-03-02 10:54 - 2014-03-02 10:54 - 00001940 _____ () C:\Users\Wolfy\Desktop\LCARS USS Enterprise Galaxy Class MSD.lnk
2014-03-02 10:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2014-03-02 10:16 - 2013-07-15 08:07 - 00000000 ____D () C:\ProgramData\Roxio
2014-03-02 10:03 - 2014-03-02 10:03 - 00000000 ____D () C:\Program Files (x86)\NCH Swift Sound
2014-03-02 10:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-03-02 09:57 - 2014-03-02 09:57 - 00000380 _____ () C:\setuplogfile.log
2014-03-02 09:54 - 2014-03-02 09:54 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-03-02 09:51 - 2014-03-02 09:51 - 00001983 _____ () C:\Users\Public\Desktop\ASUS Boot Setting 1.00.10.lnk
2014-03-02 09:51 - 2014-03-02 09:51 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-03-02 09:51 - 2013-06-04 06:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-02 09:44 - 2014-02-06 22:12 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AC0C2D6-3CFC-4470-AE4E-410E7C6796E1}
2014-03-02 09:34 - 2014-03-02 09:34 - 00000000 ____D () C:\Program Files\Rainmeter
2014-03-02 09:19 - 2014-03-02 09:19 - 00001039 _____ () C:\Users\Public\Desktop\Theme Manager.lnk
2014-03-02 09:19 - 2014-03-02 09:19 - 00000000 ____D () C:\Program Files (x86)\Theme Manager
2014-03-02 09:13 - 2014-02-27 06:57 - 00000000 ____D () C:\Program Files\Paragon Software
2014-03-02 08:53 - 2013-05-16 18:34 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-02 08:53 - 2013-05-03 10:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-02 08:53 - 2013-05-03 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 09:35 - 2014-02-16 12:06 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\http___www.julien-manici
2014-03-01 08:56 - 2014-03-01 08:56 - 00001178 _____ () C:\Users\Wolfy\Desktop\instructions.txt
2014-03-01 08:18 - 2014-02-17 16:05 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker
2014-03-01 08:00 - 2014-03-01 08:00 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Theme Resource Changer X64 v1.0
2014-03-01 08:00 - 2014-02-11 15:05 - 00000000 ____D () C:\Program Files\Theme Resource Changer
2014-03-01 07:41 - 2014-02-28 20:27 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-03-01 07:41 - 2014-02-16 11:33 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-03-01 07:41 - 2014-02-16 11:33 - 00000000 ____D () C:\Users\Wolfy\Documents\RegRun2
2014-03-01 07:40 - 2014-02-16 13:22 - 00000000 ____D () C:\ProgramData\RegRun
2014-02-28 23:58 - 2014-02-28 23:41 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-02-28 23:57 - 2014-02-28 23:40 - 00000000 ____D () C:\Program Files (x86)\HUD-Blue Skin Pack
2014-02-28 23:57 - 2014-02-17 15:30 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\AIMP3
2014-02-28 23:57 - 2014-02-09 12:47 - 00000000 ____D () C:\Program Files (x86)\Skin Pack
2014-02-28 23:57 - 2013-05-07 14:11 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\IrfanView
2014-02-28 23:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-02-28 23:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-02-28 23:41 - 2014-02-28 23:41 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Yahoo!
2014-02-28 23:41 - 2014-02-28 23:41 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-02-28 22:44 - 2014-02-28 22:44 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7tsp
2014-02-28 22:22 - 2014-02-28 22:22 - 00044544 _____ () C:\Windows\SysWOW64\Gif89.dll
2014-02-28 22:16 - 2014-02-28 22:16 - 01226624 _____ () C:\Users\Wolfy\Desktop\greenbiohazard.rar
2014-02-28 22:16 - 2014-02-28 22:16 - 00005422 _____ () C:\Windows\System32\Tasks\Plus-HD-7.6-validator
2014-02-28 22:16 - 2014-02-28 22:16 - 00004538 _____ () C:\Windows\System32\Tasks\Plus-HD-7.6-updater
2014-02-28 22:16 - 2014-02-28 22:16 - 00004494 _____ () C:\Windows\System32\Tasks\Plus-HD-7.6-codedownloader
2014-02-28 22:16 - 2014-02-28 22:16 - 00004392 _____ () C:\Windows\System32\Tasks\Plus-HD-7.6-enabler
2014-02-28 21:58 - 2014-01-24 09:46 - 00000000 ____D () C:\Program Files\Recuva
2014-02-28 21:27 - 2014-02-16 12:23 - 00000000 ____D () C:\Users\Wolfy\Downloads\_Wallpaper, Themes, More
2014-02-28 20:27 - 2014-02-28 20:27 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-02-28 20:10 - 2014-02-09 12:15 - 00000000 ____D () C:\Users\Wolfy\Downloads\_7-Data Recovery Suite 2.1
2014-02-28 20:01 - 2014-02-17 14:55 - 00000000 ____D () C:\Users\Wolfy\Downloads\_AIMP
2014-02-28 12:26 - 2014-02-10 11:58 - 00000000 ____D () C:\Windows\pss
2014-02-28 12:12 - 2014-02-28 12:12 - 00002067 _____ () C:\Users\Public\Desktop\AMD OverDrive.lnk
2014-02-28 12:12 - 2014-02-28 12:12 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-02-28 12:12 - 2014-02-27 06:56 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\Downloaded Installations
2014-02-28 12:11 - 2014-02-28 12:11 - 00001981 _____ () C:\Users\Public\Desktop\EasyViewer.lnk
2014-02-28 12:11 - 2014-02-28 12:11 - 00001101 _____ () C:\Users\Public\Desktop\Live Update 5.lnk
2014-02-28 12:11 - 2014-02-28 12:09 - 00000000 ____D () C:\Program Files (x86)\MSI
2014-02-28 12:10 - 2014-02-28 12:10 - 00001032 _____ () C:\Users\Public\Desktop\MSI VideoGenie.lnk
2014-02-28 12:10 - 2014-02-28 12:10 - 00000928 _____ () C:\Users\Public\Desktop\Teaming Genie.lnk
2014-02-28 12:10 - 2014-02-28 12:10 - 00000207 _____ () C:\setup.log
2014-02-28 12:10 - 2014-02-28 12:10 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\InstallShield
2014-02-28 12:09 - 2014-02-28 12:09 - 00001205 _____ () C:\Users\Public\Desktop\BIOSUnlockCPUCore.lnk
2014-02-28 12:09 - 2014-02-28 12:09 - 00001177 _____ () C:\Users\Public\Desktop\Super-Charger.lnk
2014-02-28 12:09 - 2014-02-28 12:09 - 00001157 _____ () C:\Users\Public\Desktop\ControlCenter.lnk
2014-02-28 12:09 - 2014-02-28 12:09 - 00001097 _____ () C:\Users\Public\Desktop\AutoBoot.lnk
2014-02-28 08:48 - 2014-02-28 08:48 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\NeoSmart_Technologies
2014-02-28 08:47 - 2014-02-28 08:47 - 00049152 _____ () C:\Users\Wolfy\Documents\EasyBCD Backup (2014-02-28).bcd
2014-02-28 08:42 - 2014-02-28 08:42 - 00000000 ____D () C:\ProgramData\launcher
2014-02-28 08:42 - 2014-02-28 08:42 - 00000000 ____D () C:\ProgramData\explauncher
2014-02-27 07:00 - 2014-02-27 07:00 - 00000000 ____D () C:\ProgramData\Macrium
2014-02-27 07:00 - 2013-07-15 08:09 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-27 06:58 - 2014-02-27 06:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2014-02-27 06:54 - 2014-02-27 06:54 - 00000000 ____D () C:\Program Files (x86)\NeoSmart Technologies
2014-02-27 06:53 - 2014-02-27 06:53 - 00001107 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-02-27 06:53 - 2014-02-27 06:53 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-02-27 06:43 - 2014-02-16 11:48 - 00000000 ____D () C:\Users\Wolfy\Documents\EBooks
2014-02-26 16:01 - 2014-02-20 22:16 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-02-26 16:01 - 2014-02-15 09:17 - 00000000 ____D () C:\Users\Wolfy\Downloads\_CyberFox Browser
2014-02-26 16:01 - 2014-02-14 16:43 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Rainmeter
2014-02-26 16:01 - 2014-02-11 14:17 - 00000000 ____D () C:\Windows\system32\Taskman
2014-02-26 16:01 - 2013-12-13 10:41 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\Microsoft Help
2014-02-26 16:01 - 2013-05-09 14:42 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\uTorrent
2014-02-26 16:01 - 2013-05-05 09:04 - 00000000 ____D () C:\Windows\system32\SPReview
2014-02-26 16:01 - 2013-05-05 09:03 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-02-26 16:01 - 2013-05-03 10:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-26 16:01 - 2013-05-02 08:42 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Winamp
2014-02-26 16:01 - 2013-05-01 21:36 - 00000000 ___RD () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-26 16:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-02-26 16:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-26 16:00 - 2013-05-02 12:00 - 00000000 ____D () C:\Windows\system32\kodak
2014-02-26 16:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spp
2014-02-26 16:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spool
2014-02-26 16:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Speech
2014-02-26 15:57 - 2013-05-01 21:37 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\VirtualStore
2014-02-26 15:56 - 2013-05-02 08:42 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-02-26 15:03 - 2014-02-17 15:30 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-02-26 14:39 - 2014-02-17 15:03 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\AIMP
2014-02-26 13:11 - 2014-02-26 13:11 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-20 22:18 - 2014-02-12 14:03 - 00003742 _____ () C:\Users\Wolfy\Documents\NewDatabase.kdbx
2014-02-20 21:27 - 2014-02-20 21:27 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\SanDisk SecureAccess
2014-02-18 17:24 - 2014-02-18 16:16 - 00000000 ____D () C:\Users\Wolfy\Documents\CRASH
2014-02-18 08:22 - 2014-02-18 08:22 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\TeamViewer
2014-02-17 10:39 - 2014-02-08 11:49 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\gnupg
2014-02-17 05:32 - 2014-02-02 21:56 - 00000510 _____ () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Free Password Generator.lnk
2014-02-16 23:48 - 2013-05-03 06:36 - 00001209 _____ () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2014-02-16 16:39 - 2014-02-16 16:39 - 00000722 _____ () C:\Users\Wolfy\AppData\Local\recently-used.xbel
2014-02-16 16:38 - 2014-02-16 16:38 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\gtk-2.0
2014-02-16 12:40 - 2014-02-16 12:40 - 00000000 ____D () C:\Windows\Intuit
2014-02-16 12:33 - 2014-02-16 12:33 - 00000000 ____D () C:\Program Files (x86)\Yellow Pages Spider
2014-02-16 12:29 - 2014-02-16 12:29 - 00000000 ____D () C:\Users\Wolfy\Documents\LogoMaker
2014-02-16 12:14 - 2014-02-09 12:02 - 00000000 ____D () C:\Users\Wolfy\Downloads\_YouTubeGet
2014-02-16 12:11 - 2014-02-16 12:11 - 00000000 ____D () C:\tmpDownload
2014-02-16 12:10 - 2014-02-16 12:10 - 00034308 _____ () C:\ProgramData\mazuki.dll
2014-02-16 12:09 - 2014-02-16 12:09 - 00000000 ____D () C:\YouTubeGet
2014-02-16 12:03 - 2014-02-16 12:03 - 00003065 _____ () C:\Users\Wolfy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Logon Background Changer.lnk
2014-02-16 12:03 - 2014-02-16 12:03 - 00000000 ____D () C:\Program Files (x86)\Julien MANICI
2014-02-15 21:39 - 2014-02-15 21:39 - 00000000 ____D () C:\Program Files (x86)\Siber Systems
2014-02-15 14:15 - 2013-05-02 12:20 - 00000000 ____D () C:\ProgramData\Kodak
2014-02-15 08:28 - 2013-05-07 14:26 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Mozilla
2014-02-15 08:21 - 2014-02-15 08:21 - 00251198 _____ () C:\Users\Wolfy\Documents\Opera Bookmarks.adr
2014-02-15 08:19 - 2014-02-15 08:19 - 00234986 _____ () C:\Users\Wolfy\Documents\Opera Bookmarks.html
2014-02-15 07:11 - 2013-05-03 10:06 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Skype
2014-02-14 16:43 - 2014-02-14 16:43 - 00000000 ____D () C:\Users\Wolfy\Documents\Rainmeter
2014-02-14 15:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 13:59 - 2014-02-14 13:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-13 11:21 - 2014-01-27 11:20 - 00000141 _____ () C:\Users\Wolfy\Documents\Mail.txt
2014-02-12 13:18 - 2009-07-14 00:08 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-11 16:27 - 2014-02-11 16:27 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\ThemeManager
2014-02-11 15:45 - 2013-05-03 06:36 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\GRETECH
2014-02-11 15:43 - 2014-02-08 11:49 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-02-11 14:45 - 2014-02-11 14:45 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\FreeCommanderXE
2014-02-11 14:45 - 2014-02-11 14:45 - 00000000 ____D () C:\Program Files (x86)\FreeCommander XE
2014-02-11 13:49 - 2013-05-04 09:21 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-02-11 13:23 - 2013-05-02 08:43 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect
2014-02-11 13:17 - 2013-05-04 09:21 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\WinRAR
2014-02-10 16:22 - 2013-05-03 10:16 - 00000000 ____D () C:\Program Files (x86)\POP Peeper
2014-02-10 15:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-02-10 15:07 - 2014-02-10 15:07 - 00000000 ____D () C:\Program Files (x86)\SkinPack
2014-02-10 15:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
2014-02-10 15:02 - 2014-02-10 15:02 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\VS Revo Group
2014-02-10 15:01 - 2014-02-10 15:01 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-02-10 15:01 - 2014-02-10 15:01 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-10 14:11 - 2013-06-04 07:01 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-10 14:03 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-02-10 11:07 - 2014-02-10 11:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-10 00:39 - 2014-02-09 14:46 - 00000000 ____D () C:\Program Files (x86)\YoWindow
2014-02-09 16:37 - 2014-02-08 12:26 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\Claws-mail
2014-02-09 15:37 - 2014-02-09 14:46 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\YoWindow
2014-02-09 14:46 - 2014-02-09 14:46 - 00000000 ____D () C:\ProgramData\YoWindow
2014-02-09 13:57 - 2014-02-09 13:57 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\RegistryKeys
2014-02-09 12:44 - 2014-01-06 13:36 - 00007604 _____ () C:\Users\Wolfy\AppData\Local\resmon.resmoncfg
2014-02-08 18:02 - 2014-02-08 17:37 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-08 18:02 - 2014-02-08 17:37 - 00000000 ____D () C:\Program Files (x86)\Intuit
2014-02-08 17:36 - 2014-02-08 17:36 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11
2014-02-08 12:10 - 2014-02-08 12:09 - 00000000 ____D () C:\Users\Wolfy\AppData\Roaming\.kde
2014-02-08 12:03 - 2014-02-08 12:03 - 00006012 _____ () C:\Users\Wolfy\secret-key-EEE6045B.asc
2014-02-08 11:50 - 2014-02-08 11:50 - 00000000 ____D () C:\Users\Wolfy\AppData\Local\GNU
2014-02-08 11:49 - 2014-02-08 11:49 - 00000000 ____D () C:\ProgramData\GNU
2014-02-06 14:49 - 2014-01-03 16:59 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-06 14:49 - 2013-05-02 11:28 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-06 14:49 - 2013-05-02 11:28 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-06 14:49 - 2013-05-02 11:28 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-06 14:49 - 2013-05-02 11:28 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-06 14:49 - 2013-05-02 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-05 00:30 - 2014-02-03 16:30 - 00000077 _____ () C:\Users\Wolfy\AppData\Roaming\WB.CFG
2014-02-03 00:39 - 2013-05-03 10:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-03 00:39 - 2013-05-03 10:06 - 00000000 ____D () C:\ProgramData\Skype
2014-02-02 22:04 - 2014-02-13 11:44 - 00000187 _____ () C:\Users\Wolfy\Documents\NewDatabase.key

Files to move or delete:
====================
C:\ProgramData\mazuki.dll


Some content of TEMP:
====================
C:\Users\Wolfy\AppData\Local\Temp\Quarantine.exe
C:\Users\Wolfy\AppData\Local\Temp\Run Reactor-X Blue theme.exe
C:\Users\Wolfy\AppData\Local\Temp\RXB.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-05-05 09:01] - [2010-11-20 08:24] - 3039744 ____A (Microsoft Corporation) 3C4ECE21DC0BA753EF68AFD033502366

C:\Windows\SysWOW64\explorer.exe
[2013-05-05 09:01] - [2010-11-20 07:17] - 2783744 ____A (Microsoft Corporation) 123936D0DFC37104B9157CA57542C708

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 19:19

==================== End Of Log ============================


Edited by MelissaPleases, 03 March 2014 - 12:02 PM.

Snowden03.png

~   Notorious Thread Killer   ~
Case: CoolerMaster Storm Trooper Full ATX | Motherboard: GIGABYTE GA-Z170X | CPU: Intel Core i7-6700K 8M Skylake Quad-Core | GPU: MSI Radeon R9 390X 8GB 512-Bit | PSU: EVGA 80 PLUS GOLD 850 W | RAM: Corsair Vengeance DDR4 SDRAM [4x8GB] Audio: Integrated Creative Sound Core 3D 5.1 | Internal Storage: Samsung 2 TB HDD | Seagate 1 TB HDD | Samsung 500GB SSD [x2] | Mushkin 500GB SSD | External Storage: Seagate 2TB | Optical Drive: Lite-On iHAS324 Dual Layer

Display 1: AOC I2757Fh 27" | Display 2 & 3: LG 24MP57HQ-P 24" | Operating Systems: OS 1: Windows 10 Professional | OS 2: Linux Mint Cinnamon | OS 3: Windows 7 Ultimate x-64 | Antivirus: MS Security Essentials | Firewall: Windows Firewall


#4 MelissaPleases

MelissaPleases
  • Topic Starter

  • Members
  • 537 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Now in the Heartland of the USA
  • Local time:08:41 AM

Posted 03 March 2014 - 11:59 AM

** Oops - I double-clicked the post button **


Edited by MelissaPleases, 03 March 2014 - 12:01 PM.

Snowden03.png

~   Notorious Thread Killer   ~
Case: CoolerMaster Storm Trooper Full ATX | Motherboard: GIGABYTE GA-Z170X | CPU: Intel Core i7-6700K 8M Skylake Quad-Core | GPU: MSI Radeon R9 390X 8GB 512-Bit | PSU: EVGA 80 PLUS GOLD 850 W | RAM: Corsair Vengeance DDR4 SDRAM [4x8GB] Audio: Integrated Creative Sound Core 3D 5.1 | Internal Storage: Samsung 2 TB HDD | Seagate 1 TB HDD | Samsung 500GB SSD [x2] | Mushkin 500GB SSD | External Storage: Seagate 2TB | Optical Drive: Lite-On iHAS324 Dual Layer

Display 1: AOC I2757Fh 27" | Display 2 & 3: LG 24MP57HQ-P 24" | Operating Systems: OS 1: Windows 10 Professional | OS 2: Linux Mint Cinnamon | OS 3: Windows 7 Ultimate x-64 | Antivirus: MS Security Essentials | Firewall: Windows Firewall


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,239 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:41 AM

Posted 03 March 2014 - 02:25 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe
SearchScopes: HKCU - {E1A31D1A-ADB4-4FDD-BA6B-7340429B254C} URL = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=90d79487c79048cfbbec7fe458ce1a8e&tu=11JL0008D2B000s&sku=&tstsId=&ver=&&r=54
BHO: Plus-HD-7.6 - {11111111-1111-1111-1111-110511071178} - C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-bho64.dll No File
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF SearchPlugin: C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\searchplugins\duckduckgo.xml
FF Extension: Plus-HD-7.6 - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\1079a15c-f3ae-4d92-b473-c51c7f3bc6de@63449f71-c434-4007-828c-7025ecf04b05.com [2014-02-28]
FF Extension: Ghostery - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\firefox@ghostery.com.xpi [2014-02-15]
FF Extension: DuckDuckGo Plus - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
C:\Users\Wolfy\AppData\Local\Temp\Run Reactor-X Blue theme.exe
C:\Users\Wolfy\AppData\Local\Temp\RXB.exe

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know what problem persists.

#6 MelissaPleases

MelissaPleases
  • Topic Starter

  • Members
  • 537 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Now in the Heartland of the USA
  • Local time:08:41 AM

Posted 03 March 2014 - 04:48 PM

Knowing that it's unsafe to assume anything, I will wait until I hear from you before downloading and reinstalling Cyberfox. For that matter, I think it best to forgo using it, and stay with the official Firefox. The only reason I switched was because Cyberfox was created specifically for use with a Win 7 custom theme that I have. It was only a matter of appearance, though, and it's not like Firefox doesn't have a million and one themes available, so I'm sure I can find something that will look presentable with it. Still, I won't install Firefox until I get the go ahead from you.

 

As for any other problems with this, as I said, it seems that it only hijacked Cyberfox. I got some extremely unusual popup ads on my homepage when I opened it - my homepage is CNN, and suddenly there were gaming and porn ads showing up. I checked IE, which I never use unless it's for a rare site that only functions with IE, and it was fine. The same goes for Opera - nothing unusual, no popups, etc.

 

Program logs:

 

=======================================

 

fixlist.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-03-2014
Ran by Wolfy at 2014-03-03 16:28:01 Run:1
Running from C:\Users\Wolfy\Desktop\farbar
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe
SearchScopes: HKCU - {E1A31D1A-ADB4-4FDD-BA6B-7340429B254C} URL = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=90d79487c79048cfbbec7fe458ce1a8e&tu=11JL0008D2B000s&sku=&tstsId=&ver=&&r=54
BHO: Plus-HD-7.6 - {11111111-1111-1111-1111-110511071178} - C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-bho64.dll No File
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF SearchPlugin: C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\searchplugins\duckduckgo.xml
FF Extension: Plus-HD-7.6 - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\1079a15c-f3ae-4d92-b473-c51c7f3bc6de@63449f71-c434-4007-828c-7025ecf04b05.com [2014-02-28]
FF Extension: Ghostery - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\firefox@ghostery.com.xpi [2014-02-15]
FF Extension: DuckDuckGo Plus - C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
C:\Users\Wolfy\AppData\Local\Temp\Run Reactor-X Blue theme.exe
C:\Users\Wolfy\AppData\Local\Temp\RXB.exe

end
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1A31D1A-ADB4-4FDD-BA6B-7340429B254C} => Key deleted successfully.
HKCR\CLSID\{E1A31D1A-ADB4-4FDD-BA6B-7340429B254C} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071178} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110511071178} => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\searchplugins\duckduckgo.xml => Moved successfully.
C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\1079a15c-f3ae-4d92-b473-c51c7f3bc6de@63449f71-c434-4007-828c-7025ecf04b05.com => Moved successfully.
C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\firefox@ghostery.com.xpi => Moved successfully.
C:\Users\Wolfy\AppData\Roaming\Mozilla\Firefox\Profiles\1y750q9l.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value deleted successfully.
C:\Users\Wolfy\AppData\Local\Temp\Run Reactor-X Blue theme.exe => Moved successfully.
C:\Users\Wolfy\AppData\Local\Temp\RXB.exe => Moved successfully.

==== End of Fixlog ====

 

=======================================

 

checkup.txt:

 

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````


Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````


Malwarebytes Anti-Malware version 1.75.0.1300
Eusing Free Registry Cleaner
Flash Cookie Cleaner
Adobe Flash Player 12.0.0.70 Flash Player out

of Date!

Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````


AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````


Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Snowden03.png

~   Notorious Thread Killer   ~
Case: CoolerMaster Storm Trooper Full ATX | Motherboard: GIGABYTE GA-Z170X | CPU: Intel Core i7-6700K 8M Skylake Quad-Core | GPU: MSI Radeon R9 390X 8GB 512-Bit | PSU: EVGA 80 PLUS GOLD 850 W | RAM: Corsair Vengeance DDR4 SDRAM [4x8GB] Audio: Integrated Creative Sound Core 3D 5.1 | Internal Storage: Samsung 2 TB HDD | Seagate 1 TB HDD | Samsung 500GB SSD [x2] | Mushkin 500GB SSD | External Storage: Seagate 2TB | Optical Drive: Lite-On iHAS324 Dual Layer

Display 1: AOC I2757Fh 27" | Display 2 & 3: LG 24MP57HQ-P 24" | Operating Systems: OS 1: Windows 10 Professional | OS 2: Linux Mint Cinnamon | OS 3: Windows 7 Ultimate x-64 | Antivirus: MS Security Essentials | Firewall: Windows Firewall


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,239 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:41 AM

Posted 04 March 2014 - 08:25 AM


I would keep away from Cyberfox.

Cyberfox now includes StartPage.com (IXQuick.com) as default page for completely Private searching!
IXQuick.com is not quite free.
Read about it.
http://www.systemlookup.com/search.php?type=name&client=malwaresearch-chrome&search=Ixquick
===

Now that we have remove the bad items, I would reinstall Firefox.
Do not add any Add-ons or extension for now. Test it and if all is well you can install the add-ons/extensions that you want.
Install only one at a time and the if any popups are showing up.
===

Adobe Flash Player 12.0.0.70 Flash Player out of Date!

This is a false positive. The SecurityCheck tool needs to be updated.
===

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#8 MelissaPleases

MelissaPleases
  • Topic Starter

  • Members
  • 537 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Now in the Heartland of the USA
  • Local time:08:41 AM

Posted 04 March 2014 - 09:04 AM

Thank you so very much for your assistance, nasdaq. I currently use both avast! Free Antivirus and Malwarebytes. I will install one of the firewall applications that you recommended.

 

Again, thank you for your help with this. It is very much appreciated.


Snowden03.png

~   Notorious Thread Killer   ~
Case: CoolerMaster Storm Trooper Full ATX | Motherboard: GIGABYTE GA-Z170X | CPU: Intel Core i7-6700K 8M Skylake Quad-Core | GPU: MSI Radeon R9 390X 8GB 512-Bit | PSU: EVGA 80 PLUS GOLD 850 W | RAM: Corsair Vengeance DDR4 SDRAM [4x8GB] Audio: Integrated Creative Sound Core 3D 5.1 | Internal Storage: Samsung 2 TB HDD | Seagate 1 TB HDD | Samsung 500GB SSD [x2] | Mushkin 500GB SSD | External Storage: Seagate 2TB | Optical Drive: Lite-On iHAS324 Dual Layer

Display 1: AOC I2757Fh 27" | Display 2 & 3: LG 24MP57HQ-P 24" | Operating Systems: OS 1: Windows 10 Professional | OS 2: Linux Mint Cinnamon | OS 3: Windows 7 Ultimate x-64 | Antivirus: MS Security Essentials | Firewall: Windows Firewall


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,239 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:41 AM

Posted 04 March 2014 - 01:39 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users