Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes repeatedly blocking java.exe


  • This topic is locked This topic is locked
21 replies to this topic

#1 papermac123

papermac123

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 08 April 2014 - 12:47 PM

Uy7BQaI.png

 

I noticed that malwarebytes has been blocking this (from various IP addresses) for a while every 1 minute or so.

Most of them are incoming, sometimes it is outgoing though.

 

Here's some of the malwarebytes log for today: 

(it's basically the same thing over and over again for the whole thing)

 

2014/04/08 13:02:12 -0400 HOME-PC Bob IP-BLOCK 37.221.165.229 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:03:24 -0400 HOME-PC Bob IP-BLOCK 46.183.216.107 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:03:24 -0400 HOME-PC Bob IP-BLOCK 46.183.216.107 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:03:24 -0400 HOME-PC Bob IP-BLOCK 46.183.216.107 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:03:32 -0400 HOME-PC Bob IP-BLOCK 46.183.216.107 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:04:12 -0400 HOME-PC Bob IP-BLOCK 46.249.53.34 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:04:12 -0400 HOME-PC Bob IP-BLOCK 46.249.53.34 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:04:20 -0400 HOME-PC Bob IP-BLOCK 46.249.53.34 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:04:20 -0400 HOME-PC Bob IP-BLOCK 188.130.177.100 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:04:20 -0400 HOME-PC Bob IP-BLOCK 188.130.177.100 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:04:28 -0400 HOME-PC Bob IP-BLOCK 188.130.177.100 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:04:36 -0400 HOME-PC Bob IP-BLOCK 130.0.238.36 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:04:36 -0400 HOME-PC Bob IP-BLOCK 130.0.238.36 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:04:36 -0400 HOME-PC Bob IP-BLOCK 64.90.187.193 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:04:36 -0400 HOME-PC Bob IP-BLOCK 64.90.187.193 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:04:36 -0400 HOME-PC Bob IP-BLOCK 130.0.238.36 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:04:36 -0400 HOME-PC Bob IP-BLOCK 64.90.187.193 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:04:44 -0400 HOME-PC Bob IP-BLOCK 64.90.187.193 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:04:44 -0400 HOME-PC Bob IP-BLOCK 130.0.238.36 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:07:41 -0400 HOME-PC Bob IP-BLOCK 188.211.239.231 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:07:41 -0400 HOME-PC Bob IP-BLOCK 188.211.239.231 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:07:49 -0400 HOME-PC Bob IP-BLOCK 188.211.239.231 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:07:57 -0400 HOME-PC Bob IP-BLOCK 188.211.239.231 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:17:28 -0400 HOME-PC Bob IP-BLOCK 37.221.165.229 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:18:40 -0400 HOME-PC Bob IP-BLOCK 37.221.165.229 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:20:01 -0400 HOME-PC Bob IP-BLOCK 46.183.216.107 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:21:46 -0400 HOME-PC Bob IP-BLOCK 212.7.194.208 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:21:46 -0400 HOME-PC Bob IP-BLOCK 212.7.194.208 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:21:46 -0400 HOME-PC Bob IP-BLOCK 212.7.194.208 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:21:54 -0400 HOME-PC Bob IP-BLOCK 212.7.194.208 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:23:38 -0400 HOME-PC Bob IP-BLOCK 37.221.165.229 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:23:38 -0400 HOME-PC Bob IP-BLOCK 37.221.165.229 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:23:38 -0400 HOME-PC Bob IP-BLOCK 37.221.165.229 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:23:46 -0400 HOME-PC Bob IP-BLOCK 37.221.165.229 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:25:22 -0400 HOME-PC Bob IP-BLOCK 37.221.165.229 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:25:30 -0400 HOME-PC Bob IP-BLOCK 37.221.165.229 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:25:30 -0400 HOME-PC Bob IP-BLOCK 37.221.165.229 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:26:42 -0400 HOME-PC Bob IP-BLOCK 46.249.53.34 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:26:50 -0400 HOME-PC Bob IP-BLOCK 46.249.53.34 (Type: outgoing, Port: 15489, Process: java.exe)
2014/04/08 13:26:58 -0400 HOME-PC Bob IP-BLOCK 188.211.239.231 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:26:58 -0400 HOME-PC Bob IP-BLOCK 188.211.239.231 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:26:58 -0400 HOME-PC Bob IP-BLOCK 188.211.239.231 (Type: incoming, Port: 15489, Process: java.exe)
2014/04/08 13:27:06 -0400 HOME-PC Bob IP-BLOCK 188.211.239.231 (Type: incoming, Port: 15489, Process: java.exe)
 
___________________________________________________________________________________________________________
 
Here's the DDS log:
 
_______
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16540  BrowserJavaVersion: 10.51.2
Run by Bob at 13:13:02 on 2014-04-08
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6132.1952 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\i2p\I2Psvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\java.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Users\Bob\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\ContaCam\ContaCam.exe
C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\puush\puush.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\ManyCam\ManyCam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ContaCam\microapache\mapache.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Bob\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ContaCam\microapache\mapache.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Bob\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
C:\Users\Bob\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\Desktop\Tor Browser\App\vidalia.exe
C:\Users\Bob\Desktop\Tor Browser\App\tor.exe
C:\Users\Bob\Desktop\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [F.lux] "C:\Users\Bob\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [MediaFire Tray] "C:\Users\Bob\AppData\Local\MediaFire Express\mf_systray.exe" --boot-start
uRun: [AdobeBridge] <no file>
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Win2DS] "c:\Users\Bro\Documents\ds2win.ds\Win2DS.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{64B9599E-E7F6-4C74-86FA-1A01C6C9DAF3} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com/firefox
FF - prefs.js: network.proxy.ftp - 81.218.215.27
FF - prefs.js: network.proxy.ftp_port - 12479
FF - prefs.js: network.proxy.http - 81.218.215.27
FF - prefs.js: network.proxy.http_port - 12479
FF - prefs.js: network.proxy.socks - 81.218.215.27
FF - prefs.js: network.proxy.socks_port - 12479
FF - prefs.js: network.proxy.ssl - 81.218.215.27
FF - prefs.js: network.proxy.ssl_port - 12479
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Bob\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: !HIDDEN! 2012-08-13 13:15; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-14 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-14 207904]
R0 vmci;VMware VMCI Bus Driver;C:\Windows\System32\drivers\vmci.sys [2012-10-24 85104]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-4-9 70296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-10 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-10 421704]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 738984]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 47336]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;C:\Windows\System32\drivers\CSN5PDTS82x64.sys [2013-10-23 34840]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-4-6 465216]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-10 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-10 50344]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-7-10 75144]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-7-10 385416]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-3-20 70352]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-1-28 2135232]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-3-20 2327248]
R2 i2p;I2P Service;C:\Program Files (x86)\i2p\I2Psvc.exe [2013-2-24 380416]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-6 701512]
R2 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2013-2-28 36600]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-3-31 1646056]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-26 1153368]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-21 4972864]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv.sys [2013-11-26 42016]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-6 25928]
R3 MonitorFunction;Driver for Monitor;C:\Windows\System32\drivers\TVMonitor.sys [2014-2-20 16376]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-6-17 166576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-7-10 397704]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-5-12 2264280]
S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2010-5-14 68064]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-12-6 35232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-2-20 35112]
S3 vmjyhbo;{6AE5EBA5-DD0B-4A7A-B7B0-DA10CA70AAA4};C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [2008-7-22 57344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-7-26 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* [UserChoice]
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-04-08 00:29:32 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-25 19:22:46 47336 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2014-03-25 19:22:46 105552 ----a-w- C:\Windows\System32\drivers\inspect.sys
2014-03-25 19:22:45 738984 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2014-03-25 19:22:45 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2014-03-25 19:22:37 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2014-03-25 19:22:36 363504 ----a-w- C:\Windows\SysWow64\guard32.dll
2014-03-25 19:22:35 453680 ----a-w- C:\Windows\System32\guard64.dll
2014-03-25 19:22:29 352984 ----a-w- C:\Windows\System32\cmdvrt64.dll
2014-03-25 19:22:28 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2014-03-25 19:22:25 284888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2014-03-25 19:22:23 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2014-03-19 05:29:59 90015360 ----a-w- C:\Windows\System32\mrt.exe
2014-03-12 20:37:16 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 20:37:16 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-23 07:12:29 17847808 ----a-w- C:\Windows\System32\mshtml.dll
2014-02-23 06:54:58 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 06:52:45 10926592 ----a-w- C:\Windows\System32\ieframe.dll
2014-02-23 06:48:43 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2014-02-23 06:48:31 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 06:46:42 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-23 06:46:20 237056 ----a-w- C:\Windows\System32\url.dll
2014-02-23 06:46:08 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-02-23 06:45:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-23 06:45:32 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-02-23 06:45:27 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-23 06:44:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-02-23 06:44:57 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2014-02-23 06:44:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-02-23 06:44:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-23 06:43:22 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-02-23 05:50:22 12347904 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-02-23 05:47:19 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 05:43:55 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-02-23 05:41:03 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-02-23 05:40:18 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 05:39:28 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:15 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-02-23 05:38:08 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-02-23 05:38:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-23 05:37:28 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-02-23 05:37:12 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-02-23 05:37:09 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-02-23 05:36:31 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-02-23 05:36:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:35:49 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-02-09 13:44:30 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-09 13:44:30 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2014-02-09 13:44:30 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2014-02-09 13:44:30 421704 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2014-02-09 13:44:30 334136 ----a-w- C:\Windows\System32\aswBoot.exe
2014-02-09 13:44:30 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-09 13:44:29 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-07 12:11:49 2776064 ----a-w- C:\Windows\System32\win32k.sys
2014-02-03 13:20:59 619008 ----a-w- C:\Windows\System32\qedit.dll
2014-02-03 10:37:54 505344 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-31 02:30:09 57096 ----a-w- C:\Windows\System32\certsentry.dll
2014-01-31 02:30:09 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2014-01-30 10:12:47 1111040 ----a-w- C:\Windows\System32\wer.dll
2014-01-30 07:46:58 876032 ----a-w- C:\Windows\SysWow64\wer.dll
.
============= FINISH: 13:15:16.81 ===============
 
attach.txt is in attachment
 
To the helpers, thanks.
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 PM

Posted 08 April 2014 - 04:48 PM

Did you set this proxy yourself?

FF - prefs.js: network.proxy.ftp - 81.218.215.27
FF - prefs.js: network.proxy.ftp_port - 12479
FF - prefs.js: network.proxy.http - 81.218.215.27
FF - prefs.js: network.proxy.http_port - 12479
FF - prefs.js: network.proxy.socks - 81.218.215.27
FF - prefs.js: network.proxy.socks_port - 12479
FF - prefs.js: network.proxy.ssl - 81.218.215.27
FF - prefs.js: network.proxy.ssl_port - 12479
FF - prefs.js: network.proxy.type - 0




Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 April 2014 - 02:00 PM

82lEC.png

I did set up that proxy, but I haven't used it for a long time.

 

________

 

FRST log;

_____________

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Bob (administrator) on HOME-PC on 08-04-2014 19:24:08
Running from C:\Users\Bob\Desktop\New Folder (9)
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Tanuki Software, Ltd.) C:\Program Files (x86)\i2p\I2Psvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Oracle Corporation) C:\Windows\SysWOW64\java.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Opera Software) C:\Program Files (x86)\Opera\Opera.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(Flux Software LLC) C:\Users\Bob\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\ContaCam\ContaCam.exe
(BitTorrent Inc.) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apache Software Foundation) C:\Program Files (x86)\ContaCam\microapache\mapache.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Skillbrains) C:\Users\Bob\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apache Software Foundation) C:\Program Files (x86)\ContaCam\microapache\mapache.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Logitech, Inc.) C:\Users\Bob\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Bob\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Bob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Bob\Desktop\Tor Browser\App\vidalia.exe
() C:\Users\Bob\Desktop\Tor Browser\App\tor.exe
(Mozilla Corporation) C:\Users\Bob\Desktop\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\Bro\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Users\Bro\Documents\ds2win.ds\Win2DS.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Win2DS] - c:\Users\Bro\Documents\ds2win.ds\Win2DS.exe [277504 2008-06-12] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-04-15] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-03-20] (Comodo Security Solutions, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [Google Update] - C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-25] (Google Inc.)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [694032 2012-06-17] (SANDBOXIE L.T.D)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [F.lux] - C:\Users\Bob\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [MediaFire Tray] - C:\Users\Bob\AppData\Local\MediaFire Express\mf_systray.exe [2349640 2013-04-04] (MediaFire LLC)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [ContaCam] - C:\Program Files (x86)\ContaCam\ContaCam.exe [8264192 2013-05-30] ()
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [uTorrent] - C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-15] (BitTorrent Inc.)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [puush] - C:\Program Files (x86)\puush\puush.exe [567880 2014-03-29] ()
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [Gyazo] - C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [ManyCam] - C:\Program Files (x86)\ManyCam\ManyCam.exe [5679200 2013-12-09] (Visicom Media Inc.)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3032519781-586980267-3098026202-1000\...\Run: [LightShot] - C:\Users\Bob\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-12] ()
HKU\S-1-5-21-3032519781-586980267-3098026202-1001\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3032519781-586980267-3098026202-1001\...\Run: [F.lux] - C:\Users\Bro\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEF4C00B81847CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default
FF SelectedSearchEngine: Google
FF Homepage: google.com/firefox
FF NetworkProxy: "backup.ftp", "177.135.236.245"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "177.135.236.245"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "177.135.236.245"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "81.218.215.27"
FF NetworkProxy: "ftp_port", 12479
FF NetworkProxy: "http", "81.218.215.27"
FF NetworkProxy: "http_port", 12479
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "81.218.215.27"
FF NetworkProxy: "socks_port", 12479
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "81.218.215.27"
FF NetworkProxy: "ssl_port", 12479
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bob\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bob\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bob\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Bob\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\ascsurfingprotection@iobit.com [2013-04-28]
FF Extension: Search Assistant - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\{B3834E60-12A8-11E0-A289-939FDFD72085} [2012-09-16]
FF Extension: DownloadHelper - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-10-05]
FF Extension: Cryptocat - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\cryptocat@crypto.cat.xpi [2013-04-04]
FF Extension: Firebug - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\firebug@software.joehewitt.com.xpi [2013-02-05]
FF Extension: Greasefire - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\greasefire@skrul.com.xpi [2013-01-09]
FF Extension: Easy YouTube Video Downloader - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-10-03]
FF Extension: DownThemAll! - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-09]
FF Extension: Greasemonkey - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c} [2014-04-07]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-13]
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Users\Bob\Appdata\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Bob\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bob\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bob\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Bob\Appdata\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.6) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Google Update) - C:\Users\Bob\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (HP Product Detection Plugin) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2012-10-19]
CHR Extension: (Angry Birds) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-07-25]
CHR Extension: (WOT) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-03-13]
CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-25]
CHR Extension: (Adblock Plus) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-15]
CHR Extension: (FB Auto-Poker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhccgdbmajoblcbfbgmhnpiecmjiadh [2013-12-11]
CHR Extension: (Google Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-25]
CHR Extension: (Tampermonkey) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-07-23]
CHR Extension: (Shield For Chrome ) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gceighgadbamgchioaofojlblndjcggh [2014-01-26]
CHR Extension: (Cryptocat) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij [2013-04-09]
CHR Extension: (StumbleUpon) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2012-10-01]
CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2013-05-06]
CHR Extension: (CHROMIFIED Google Translate [BBmod]) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddinjaeleehccjagphnmkcjafhidhmc [2012-07-25]
CHR Extension: (Shortcut Manager) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjjeipcdnnjhgodgjpfkffcejoljijf [2013-06-18]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-04-29]
CHR Extension: (PAC-Match Party) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhglkgppclbkpakbalpciidkcpkjfhj [2012-07-25]
CHR Extension: (Google Wallet) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-25]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Bob\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2012-07-25]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-04-06]
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [465216 2013-01-15] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397704 2012-07-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385416 2012-07-10] (BlueStack Systems, Inc.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-03-20] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6812400 2014-03-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-03-20] (Comodo Security Solutions, Inc.)
R2 i2p; C:\Program Files (x86)\i2p\I2Psvc.exe [380416 2013-02-24] (Tanuki Software, Ltd.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [98576 2012-06-17] (SANDBOXIE L.T.D)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 vmjyhbo; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [57344 2008-07-22] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-09] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-02-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-09] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-31] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [75144 2012-07-10] (BlueStack Systems)
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40256 2012-09-03] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-03-25] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738984 2014-03-25] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [47336 2014-03-25] (COMODO)
R1 CSN5PDTS82x64; C:\Windows\System32\Drivers\CSN5PDTS82x64.sys [34840 2012-10-24] (Colasoft Co., Ltd.)
S1 DhaHelper; C:\Windows\SysWOW64\drivers\dhahelper.sys [7168 2011-12-14] (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-03-25] (COMODO)
S3 lvsels64; C:\Windows\System32\DRIVERS\lvsels64.sys [68064 2010-05-14] (Logitech Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-06-17] (SANDBOXIE L.T.D)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-08 19:20 - 2014-04-08 19:24 - 00000000 ____D () C:\FRST
2014-04-08 19:17 - 2014-04-08 19:24 - 00000000 ____D () C:\Users\Bob\Desktop\New Folder (9)
2014-04-08 13:20 - 2014-04-08 13:43 - 00009122 _____ () C:\Users\Bob\Desktop\attach.txt
2014-04-08 13:20 - 2014-04-08 13:15 - 00026424 _____ () C:\Users\Bob\Desktop\dds.txt
2014-04-08 13:11 - 2014-04-08 13:11 - 00688992 ____R (Swearware) C:\Users\Bob\Downloads\dds.com
2014-04-07 22:14 - 2014-04-07 22:15 - 12417636 _____ () C:\Users\Bob\Downloads\Puffin Web Browser v3.0.10154M apkmania.com (1).rar
2014-04-07 20:32 - 2014-04-07 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-07 20:29 - 2014-04-07 21:50 - 00000000 ____D () C:\Users\Bob\Desktop\mbar
2014-04-07 20:29 - 2014-04-07 20:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-07 20:28 - 2014-04-07 20:29 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Bob\Downloads\mbar-1.07.0.1009.exe
2014-04-07 20:25 - 2014-04-07 20:25 - 04118841 _____ () C:\Users\Bob\Downloads\tdsskiller.zip
2014-04-07 20:25 - 2014-04-07 20:25 - 00000000 ____D () C:\Users\Bob\Downloads\tdsskiller
2014-04-07 20:23 - 2014-04-07 20:24 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (2).exe
2014-04-07 20:21 - 2014-04-07 20:21 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (1).exe
2014-04-07 19:46 - 2014-04-07 19:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-04 19:09 - 2014-04-04 19:09 - 00922726 _____ () C:\Users\Bob\Downloads\1396642501752.webm
2014-04-03 17:48 - 2014-04-03 17:48 - 00001670 _____ () C:\Users\Public\Desktop\Opera 12.16 1860.lnk
2014-04-03 17:45 - 2014-04-03 17:45 - 13156120 _____ (Opera Software ASA) C:\Users\Bob\Downloads\Opera_1216_int_Setup.exe
2014-04-03 17:32 - 2014-04-03 17:32 - 00000841 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-04-03 17:30 - 2014-04-03 17:31 - 34718824 _____ (Opera Software ASA) C:\Users\Bob\Downloads\Opera_20.0.1387.91_Setup.exe
2014-04-02 21:16 - 2014-04-02 21:16 - 00000000 ____D () C:\Users\Bob\Downloads\cm-unicode-0.7.0
2014-04-02 21:16 - 2014-04-02 21:12 - 15349760 _____ () C:\Users\Bob\Downloads\cm-unicode-0.7.0-ttf.tar
2014-04-02 21:15 - 2014-04-02 21:15 - 01110476 _____ () C:\Users\Bob\Downloads\7z920.exe
2014-04-02 21:15 - 2014-04-02 21:15 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-04-02 21:12 - 2014-04-02 21:12 - 04856068 _____ () C:\Users\Bob\Downloads\cm-unicode-0.7.0-ttf.tar.xz
2014-04-01 20:31 - 2014-04-01 20:31 - 00041496 _____ () C:\Users\Bob\Downloads\antigone_u10.zip
2014-03-31 07:46 - 2014-04-06 16:59 - 00002604 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-03-29 22:18 - 2014-03-29 22:18 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype
2014-03-29 21:56 - 2014-03-29 21:56 - 00000443 _____ () C:\Users\Bob\AppData\Local\UserProducts.xml
2014-03-29 21:55 - 2014-03-29 21:55 - 02189048 _____ (Skillbrains ) C:\Users\Bob\Downloads\setup-lightshot.exe
2014-03-29 21:50 - 2014-03-29 21:50 - 00000000 ____D () C:\Program Files (x86)\puush
2014-03-29 21:49 - 2014-03-29 21:49 - 01085440 _____ () C:\Users\Bob\Downloads\puush (3).msi
2014-03-28 01:06 - 2014-03-28 01:07 - 07985664 _____ () C:\Users\Bob\Downloads\22_Lecture_Presentation.ppt
2014-03-27 23:17 - 2014-03-27 23:17 - 04763648 _____ () C:\Users\Bob\Downloads\22_lecture_presentation_0.ppt
2014-03-27 17:25 - 2014-03-27 17:27 - 00000000 ____D () C:\Users\Bob\Downloads\ugely bec
2014-03-26 21:55 - 2014-03-26 22:02 - 07291904 _____ () C:\Users\Bob\Downloads\21_lecture_presentation.ppt
2014-03-26 21:54 - 2014-03-26 21:54 - 07291904 _____ () C:\Users\Bob\Downloads\21_Lecture_Presentation_0.ppt
2014-03-24 23:02 - 2014-03-24 23:02 - 01085440 _____ () C:\Users\Bob\Downloads\puush (2).msi
2014-03-24 01:37 - 2014-03-24 01:37 - 11714048 _____ () C:\Users\Bob\Downloads\27_Lecture_Presentation.ppt
2014-03-24 01:35 - 2014-03-24 01:36 - 11846656 _____ () C:\Users\Bob\Downloads\47_Lecture_Presentation.ppt
2014-03-23 17:49 - 2014-03-23 17:50 - 06849024 _____ () C:\Users\Bob\Downloads\46_lecture_presentation_0.ppt
2014-03-23 17:49 - 2014-03-23 17:49 - 06802432 _____ () C:\Users\Bob\Downloads\47_lecture_presentation_0.ppt
2014-03-23 17:48 - 2014-03-23 17:48 - 06212608 _____ () C:\Users\Bob\Downloads\27_lecture_presentation_0.ppt
2014-03-23 15:30 - 2014-03-23 15:30 - 09797418 _____ () C:\Users\Bob\Downloads\df_34_11_win.zip
2014-03-20 19:30 - 2014-03-20 19:30 - 00000000 ____D () C:\Users\Bob\Downloads\patchptt
2014-03-20 18:29 - 2014-03-20 18:30 - 00868138 _____ () C:\Users\Bob\Downloads\TI84Plus_OS (2).8Xu
2014-03-20 18:29 - 2014-03-20 18:29 - 00710374 _____ () C:\Users\Bob\Downloads\TI84Plus_OS243 (1).8Xu
2014-03-20 16:56 - 2014-03-20 16:56 - 00001952 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-03-20 16:55 - 2014-03-20 16:55 - 00420318 _____ () C:\Windows\dd_vcredistMSI0AE3.txt
2014-03-20 16:55 - 2014-03-20 16:55 - 00011164 _____ () C:\Windows\dd_vcredistUI0AE3.txt
2014-03-18 16:45 - 2014-03-18 16:46 - 00830624 _____ ( ) C:\Users\Bro\Downloads\FlvPlayerSetup.exe
2014-03-17 22:40 - 2014-03-17 22:40 - 00000000 ____D () C:\Users\Bob\Downloads\usb140201
2014-03-17 22:39 - 2014-03-17 22:39 - 17334297 _____ () C:\Users\Bob\Downloads\usb140201.zip
2014-03-12 19:56 - 2014-03-12 19:56 - 00061141 _____ () C:\Users\Bob\Downloads\Myths and misunderstandings(1).odt
2014-03-12 02:17 - 2014-02-23 03:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 02:17 - 2014-02-23 02:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 02:17 - 2014-02-23 02:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 02:17 - 2014-02-23 02:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 02:17 - 2014-02-23 02:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 02:17 - 2014-02-23 02:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 02:17 - 2014-02-23 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 02:17 - 2014-02-23 02:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 02:17 - 2014-02-23 02:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 02:17 - 2014-02-23 02:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-12 02:17 - 2014-02-23 02:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 02:17 - 2014-02-23 02:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 02:17 - 2014-02-23 02:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 02:17 - 2014-02-23 02:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 02:17 - 2014-02-23 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 02:17 - 2014-02-23 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 02:17 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 02:17 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 02:17 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 02:17 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 02:17 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 02:17 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 02:17 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-12 02:17 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 02:17 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 02:17 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 02:17 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 02:17 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 02:17 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-12 02:17 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 02:17 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-12 02:17 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 20:17 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 20:17 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 20:17 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-11 20:17 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-11 20:16 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 20:16 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 20:16 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 02:39 - 2014-03-11 02:39 - 00224784 _____ () C:\Users\Bob\Downloads\The Periodic Table Powerpoint.pptx
2014-03-11 02:30 - 2014-03-11 02:30 - 00001292 _____ () C:\Users\Bob\Downloads\patchptt (1).zip
 
==================== One Month Modified Files and Folders =======
 
2014-04-08 19:25 - 2012-07-25 19:13 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3032519781-586980267-3098026202-1000UA.job
2014-04-08 19:24 - 2014-04-08 19:20 - 00000000 ____D () C:\FRST
2014-04-08 19:24 - 2014-04-08 19:17 - 00000000 ____D () C:\Users\Bob\Desktop\New Folder (9)
2014-04-08 19:23 - 2012-07-26 19:55 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\uTorrent
2014-04-08 19:22 - 2013-08-09 12:34 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Skype
2014-04-08 19:20 - 2013-04-01 11:27 - 00000000 ____D () C:\Users\Bob\AppData\Local\CrashDumps
2014-04-08 19:14 - 2012-07-29 14:57 - 00000390 _____ () C:\Windows\Tasks\update-sys.job
2014-04-08 18:57 - 2012-08-13 18:01 - 00000340 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-04-08 18:56 - 2006-11-02 11:22 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 18:56 - 2006-11-02 11:22 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 18:46 - 2012-10-11 21:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 18:37 - 2012-07-26 20:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 17:38 - 2012-07-29 14:57 - 00000390 _____ () C:\Windows\Tasks\update-S-1-5-21-3032519781-586980267-3098026202-1000.job
2014-04-08 16:36 - 2012-07-25 21:05 - 00002049 _____ () C:\Users\Bob\Desktop\Google Chrome.lnk
2014-04-08 15:33 - 2012-10-11 21:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 13:43 - 2014-04-08 13:20 - 00009122 _____ () C:\Users\Bob\Desktop\attach.txt
2014-04-08 13:15 - 2014-04-08 13:20 - 00026424 _____ () C:\Users\Bob\Desktop\dds.txt
2014-04-08 13:11 - 2014-04-08 13:11 - 00688992 ____R (Swearware) C:\Users\Bob\Downloads\dds.com
2014-04-08 12:46 - 2013-05-21 00:10 - 00000000 ____D () C:\Users\Bob\Desktop\4chin
2014-04-08 12:30 - 2008-01-20 21:53 - 02024231 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 11:06 - 2012-07-25 18:11 - 00000000 ____D () C:\Users\Bob\AppData\Local\Adobe
2014-04-08 11:05 - 2013-05-15 22:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-08 10:58 - 2013-04-09 20:56 - 00000000 ____D () C:\ProgramData\VMware
2014-04-08 10:58 - 2013-02-24 15:07 - 00000000 ____D () C:\ProgramData\i2p
2014-04-08 10:56 - 2013-07-07 14:51 - 00015656 _____ () C:\Windows\system32\spsys.log
2014-04-08 10:56 - 2012-07-26 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-08 10:56 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 07:44 - 2006-11-02 11:42 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 07:08 - 2013-04-29 06:51 - 00307874 _____ () C:\Windows\PFRO.log
2014-04-07 23:40 - 2013-04-29 00:25 - 00000000 ____D () C:\mine
2014-04-07 23:40 - 2013-04-22 17:21 - 00000000 ____D () C:\Program Files (x86)\Litecoin
2014-04-07 22:49 - 2013-07-28 16:10 - 00000000 ____D () C:\ContaCam
2014-04-07 22:47 - 2013-03-27 15:58 - 00033280 _____ () C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-07 22:15 - 2014-04-07 22:14 - 12417636 _____ () C:\Users\Bob\Downloads\Puffin Web Browser v3.0.10154M apkmania.com (1).rar
2014-04-07 21:50 - 2014-04-07 20:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-07 21:50 - 2014-04-07 20:29 - 00000000 ____D () C:\Users\Bob\Desktop\mbar
2014-04-07 21:28 - 2013-04-01 23:28 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F55F9222-E683-46F7-950A-5B3008F7455C}
2014-04-07 20:29 - 2014-04-07 20:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-07 20:29 - 2014-04-07 20:28 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Bob\Downloads\mbar-1.07.0.1009.exe
2014-04-07 20:25 - 2014-04-07 20:25 - 04118841 _____ () C:\Users\Bob\Downloads\tdsskiller.zip
2014-04-07 20:25 - 2014-04-07 20:25 - 00000000 ____D () C:\Users\Bob\Downloads\tdsskiller
2014-04-07 20:24 - 2014-04-07 20:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (2).exe
2014-04-07 20:21 - 2014-04-07 20:21 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller (1).exe
2014-04-07 19:46 - 2014-04-07 19:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-07 11:30 - 2012-12-10 23:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-07 07:24 - 2012-07-30 14:18 - 00000000 ____D () C:\Users\Bro\AppData\Local\Adobe
2014-04-06 16:59 - 2014-03-31 07:46 - 00002604 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-04-06 16:58 - 2013-12-21 15:26 - 00000999 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-06 16:18 - 2012-07-31 15:28 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\TeamViewer
2014-04-06 01:25 - 2012-07-25 19:13 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3032519781-586980267-3098026202-1000Core.job
2014-04-04 19:09 - 2014-04-04 19:09 - 00922726 _____ () C:\Users\Bob\Downloads\1396642501752.webm
2014-04-03 17:48 - 2014-04-03 17:48 - 00001670 _____ () C:\Users\Public\Desktop\Opera 12.16 1860.lnk
2014-04-03 17:48 - 2013-06-19 10:52 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-03 17:45 - 2014-04-03 17:45 - 13156120 _____ (Opera Software ASA) C:\Users\Bob\Downloads\Opera_1216_int_Setup.exe
2014-04-03 17:32 - 2014-04-03 17:32 - 00000841 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-04-03 17:31 - 2014-04-03 17:30 - 34718824 _____ (Opera Software ASA) C:\Users\Bob\Downloads\Opera_20.0.1387.91_Setup.exe
2014-04-03 17:09 - 2013-03-24 20:19 - 00070712 _____ () C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 15:23 - 2013-07-28 22:16 - 00070712 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 07:15 - 2013-05-12 16:27 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-04-03 07:14 - 2012-07-26 10:57 - 00070712 _____ () C:\Users\Bro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 07:09 - 2006-11-02 11:21 - 04926856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-03 00:28 - 2013-05-12 16:38 - 00851302 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-04-02 21:16 - 2014-04-02 21:16 - 00000000 ____D () C:\Users\Bob\Downloads\cm-unicode-0.7.0
2014-04-02 21:15 - 2014-04-02 21:15 - 01110476 _____ () C:\Users\Bob\Downloads\7z920.exe
2014-04-02 21:15 - 2014-04-02 21:15 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-04-02 21:12 - 2014-04-02 21:16 - 15349760 _____ () C:\Users\Bob\Downloads\cm-unicode-0.7.0-ttf.tar
2014-04-02 21:12 - 2014-04-02 21:12 - 04856068 _____ () C:\Users\Bob\Downloads\cm-unicode-0.7.0-ttf.tar.xz
2014-04-02 20:15 - 2013-07-22 18:10 - 00000000 ____D () C:\Users\Bob\Downloads\skypequote.exe
2014-04-02 19:14 - 2013-05-12 01:01 - 00001926 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-04-01 20:31 - 2014-04-01 20:31 - 00041496 _____ () C:\Users\Bob\Downloads\antigone_u10.zip
2014-04-01 20:15 - 2014-01-15 22:25 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Audacity
2014-04-01 17:12 - 2013-02-24 15:07 - 00000000 ____D () C:\Program Files (x86)\i2p
2014-03-31 17:48 - 2013-05-24 20:23 - 00000680 _____ () C:\Users\Bob\AppData\Local\d3d9caps.dat
2014-03-30 00:25 - 2013-11-01 21:10 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype
2014-03-29 23:59 - 2006-11-02 08:46 - 00778238 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-29 23:56 - 2013-05-21 23:17 - 00002385 _____ () C:\Windows\setupact.log
2014-03-29 22:18 - 2014-03-29 22:18 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype
2014-03-29 22:18 - 2014-03-03 00:18 - 00002499 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-29 22:18 - 2013-03-24 00:15 - 00000000 ____D () C:\ProgramData\Skype
2014-03-29 21:56 - 2014-03-29 21:56 - 00000443 _____ () C:\Users\Bob\AppData\Local\UserProducts.xml
2014-03-29 21:56 - 2012-07-29 14:57 - 00003266 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-3032519781-586980267-3098026202-1000
2014-03-29 21:55 - 2014-03-29 21:55 - 02189048 _____ (Skillbrains ) C:\Users\Bob\Downloads\setup-lightshot.exe
2014-03-29 21:55 - 2012-07-29 14:57 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-03-29 21:50 - 2014-03-29 21:50 - 00000000 ____D () C:\Program Files (x86)\puush
2014-03-29 21:49 - 2014-03-29 21:49 - 01085440 _____ () C:\Users\Bob\Downloads\puush (3).msi
2014-03-29 01:20 - 2012-07-25 19:13 - 00003798 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3032519781-586980267-3098026202-1000UA
2014-03-29 01:20 - 2012-07-25 19:13 - 00003402 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3032519781-586980267-3098026202-1000Core
2014-03-28 01:07 - 2014-03-28 01:06 - 07985664 _____ () C:\Users\Bob\Downloads\22_Lecture_Presentation.ppt
2014-03-27 23:17 - 2014-03-27 23:17 - 04763648 _____ () C:\Users\Bob\Downloads\22_lecture_presentation_0.ppt
2014-03-27 22:41 - 2012-10-11 21:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 22:41 - 2012-10-11 21:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 17:27 - 2014-03-27 17:25 - 00000000 ____D () C:\Users\Bob\Downloads\ugely bec
2014-03-26 22:02 - 2014-03-26 21:55 - 07291904 _____ () C:\Users\Bob\Downloads\21_lecture_presentation.ppt
2014-03-26 21:54 - 2014-03-26 21:54 - 07291904 _____ () C:\Users\Bob\Downloads\21_Lecture_Presentation_0.ppt
2014-03-25 15:22 - 2013-04-25 11:05 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2014-03-25 15:22 - 2013-04-23 15:04 - 00453680 _____ (COMODO) C:\Windows\system32\guard64.dll
2014-03-25 15:22 - 2013-04-23 15:04 - 00363504 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2014-03-25 15:22 - 2013-04-15 18:38 - 00738984 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2014-03-25 15:22 - 2013-04-15 18:38 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2014-03-25 15:22 - 2013-04-15 18:38 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2014-03-25 15:22 - 2013-04-15 18:38 - 00047336 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-03-25 15:22 - 2013-04-15 18:38 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2014-03-25 15:22 - 2013-04-15 18:38 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2014-03-25 15:22 - 2013-04-15 18:38 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2014-03-25 15:22 - 2013-04-15 18:38 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-03-24 23:02 - 2014-03-24 23:02 - 01085440 _____ () C:\Users\Bob\Downloads\puush (2).msi
2014-03-24 01:37 - 2014-03-24 01:37 - 11714048 _____ () C:\Users\Bob\Downloads\27_Lecture_Presentation.ppt
2014-03-24 01:36 - 2014-03-24 01:35 - 11846656 _____ () C:\Users\Bob\Downloads\47_Lecture_Presentation.ppt
2014-03-23 17:50 - 2014-03-23 17:49 - 06849024 _____ () C:\Users\Bob\Downloads\46_lecture_presentation_0.ppt
2014-03-23 17:49 - 2014-03-23 17:49 - 06802432 _____ () C:\Users\Bob\Downloads\47_lecture_presentation_0.ppt
2014-03-23 17:48 - 2014-03-23 17:48 - 06212608 _____ () C:\Users\Bob\Downloads\27_lecture_presentation_0.ppt
2014-03-23 15:30 - 2014-03-23 15:30 - 09797418 _____ () C:\Users\Bob\Downloads\df_34_11_win.zip
2014-03-22 20:39 - 2012-07-25 17:57 - 00000000 ____D () C:\Users\Bob
2014-03-20 20:38 - 2012-08-01 19:21 - 00001896 _____ () C:\Windows\Sandboxie.ini
2014-03-20 19:30 - 2014-03-20 19:30 - 00000000 ____D () C:\Users\Bob\Downloads\patchptt
2014-03-20 18:30 - 2014-03-20 18:29 - 00868138 _____ () C:\Users\Bob\Downloads\TI84Plus_OS (2).8Xu
2014-03-20 18:29 - 2014-03-20 18:29 - 00710374 _____ () C:\Users\Bob\Downloads\TI84Plus_OS243 (1).8Xu
2014-03-20 16:56 - 2014-03-20 16:56 - 00001952 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-03-20 16:55 - 2014-03-20 16:55 - 00420318 _____ () C:\Windows\dd_vcredistMSI0AE3.txt
2014-03-20 16:55 - 2014-03-20 16:55 - 00011164 _____ () C:\Windows\dd_vcredistUI0AE3.txt
2014-03-19 17:40 - 2012-08-10 23:58 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Mozilla
2014-03-19 01:33 - 2013-07-23 04:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 01:29 - 2006-11-02 08:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-18 16:46 - 2014-03-18 16:45 - 00830624 _____ ( ) C:\Users\Bro\Downloads\FlvPlayerSetup.exe
2014-03-17 22:40 - 2014-03-17 22:40 - 00000000 ____D () C:\Users\Bob\Downloads\usb140201
2014-03-17 22:39 - 2014-03-17 22:39 - 17334297 _____ () C:\Users\Bob\Downloads\usb140201.zip
2014-03-12 20:06 - 2013-02-20 22:33 - 00000000 ____D () C:\Users\Bob\Desktop\image
2014-03-12 19:56 - 2014-03-12 19:56 - 00061141 _____ () C:\Users\Bob\Downloads\Myths and misunderstandings(1).odt
2014-03-12 16:37 - 2012-07-26 20:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 16:37 - 2012-07-26 20:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 16:37 - 2012-07-26 20:24 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 07:47 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-03-12 07:26 - 2012-07-28 20:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 23:42 - 2012-10-03 19:56 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\vlc
2014-03-11 23:41 - 2013-11-30 19:40 - 00000000 ____D () C:\Users\Bob\Downloads\New Folder (2)
2014-03-11 02:39 - 2014-03-11 02:39 - 00224784 _____ () C:\Users\Bob\Downloads\The Periodic Table Powerpoint.pptx
2014-03-11 02:30 - 2014-03-11 02:30 - 00001292 _____ () C:\Users\Bob\Downloads\patchptt (1).zip
2014-03-10 07:46 - 2013-11-04 20:50 - 00000000 ____D () C:\Users\Bro\AppData\Local\CrashDumps
 
Files to move or delete:
====================
C:\Users\Bob\jagex_cl_runescape_LIVE.dat
C:\Users\Bob\random.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-08 11:09
 
==================== End Of Log ============================
 
aswMBR log:
_________
 
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-09 11:55:25
-----------------------------
11:55:25.885    OS Version: Windows x64 6.0.6002 Service Pack 2
11:55:25.886    Number of processors: 4 586 0x1707
11:55:25.887    ComputerName: HOME-PC  UserName: Bob
11:55:28.440    Initialize success
11:55:31.739    AVAST engine defs: 14040902
11:55:33.649    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:55:33.652    Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 3
11:55:33.792    Disk 0 MBR read successfully
11:55:33.795    Disk 0 MBR scan
11:55:33.799    Disk 0 Windows VISTA default MBR code
11:55:33.802    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       54 MB offset 63
11:55:33.811    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15360 MB offset 112640
11:55:33.827    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       595064 MB offset 31569920
11:55:33.850    Disk 0 scanning C:\Windows\system32\drivers
11:55:45.621    Service scanning
11:56:07.044    Modules scanning
11:56:07.045    Disk 0 trace - called modules:
11:56:07.058    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
11:56:07.061    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078a0790]
11:56:07.061    3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> [0xfffffa800616ea90]
11:56:07.062    5 acpi.sys[fffffa60008e2fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800614a590]
11:56:09.197    AVAST engine scan C:\Windows
11:56:18.872    AVAST engine scan C:\Windows\system32
12:01:44.700    AVAST engine scan C:\Windows\system32\drivers
12:02:12.783    AVAST engine scan C:\Users\Bob
13:14:51.150    AVAST engine scan C:\ProgramData
14:41:18.458    Scan finished successfully
14:48:44.958    Disk 0 MBR has been saved successfully to "C:\Users\Bob\Desktop\New Folder (9)\aswbn\MBR.dat"
14:48:45.014    The log file has been saved successfully to "C:\Users\Bob\Desktop\New Folder (9)\aswbn\aswMBR.txt"
 
The other logs are attached.
 
 

 

 

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 PM

Posted 09 April 2014 - 02:17 PM

If you are no longer using that proxy, then I recommend removing it.

Please run the following:

Download attached fixlist.txt file and save it to the Desktop\New Folder (9) folder as that is where FRST64.exe is saved.

Attached File  FixList.txt   364bytes   1 downloads

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 April 2014 - 02:42 PM

Here's the fixlog.txt
 
____________
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Bob at 2014-04-09 15:39:05 Run:1
Running from C:\Users\Bob\Desktop\New Folder (9)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [X]
FF Extension: Search Assistant - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\{B3834E60-12A8-11E0-A289-
 
939FDFD72085} [2012-09-16]
S3 vmjyhbo; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [57344 2008-07-22] ()
C:\Users\Bob\jagex_cl_runescape_LIVE.dat
C:\Users\Bob\random.dat
end
 
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\Extensions\{B3834E60-12A8-11E0-A289-939FDFD72085} => Moved 
 
successfully.
vmjyhbo => Service deleted successfully.
C:\Users\Bob\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Bob\random.dat => Moved successfully.
 
==== End of Fixlog ====


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 PM

Posted 09 April 2014 - 03:05 PM

Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 April 2014 - 04:35 PM

While I was running combofix for the first time, I forgot to turn off my firewall (comodo) and it blocked a lot of files. I tried running Combofix again and I get this:

82xlQ.png

 

Sorry for complicating things.

What should I do?



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 PM

Posted 09 April 2014 - 05:03 PM

no worries,

Delete the copy of ComboFix that you have on your desktop and download a fresh copy

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 April 2014 - 05:33 PM

I deleted combofix and put the new copy on the desktop, ran it, but now I get this error:

 

82Ben.png

 

Should I just press OK? Or do something else?


Edited by papermac123, 09 April 2014 - 06:01 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 PM

Posted 09 April 2014 - 08:08 PM

yes,

 

see if you can ok through the errors


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 10 April 2014 - 12:48 PM

83jWa.png

This keeps popping up during the preparation of the log report

It popped up a few times before during the beginning (along with a few other errors), but now it just keeps popping back up every time I press close program.

 

EDIT: After a few more times it finished making the log.

 

Log:

 

________________

 

 

ComboFix 14-04-09.02 - Bob 04/10/2014  12:14:05.2.4 - x64
Running from: c:\users\Bob\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Bob\AppData\Roaming\poclbm
c:\users\Bob\AppData\Roaming\poclbm\poclbm.ini
c:\users\Bob\AUTORUN.INF
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-10 to 2014-04-10  )))))))))))))))))))))))))))))))
.
.
2014-04-10 17:34 . 2014-04-10 17:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-04-10 17:34 . 2014-04-10 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-09 21:53 . 2014-04-09 21:53 -------- d-----w- C:\Uninstall
2014-04-09 20:29 . 2014-03-08 03:49 2334720 ----a-w- c:\windows\system32\jscript9.dll
2014-04-09 18:44 . 2014-02-06 04:21 1212416 ----a-w- c:\windows\system32\kernel32.dll
2014-04-09 02:22 . 2014-04-09 02:22 -------- d-----w- c:\program files (x86)\FileASSASSIN
2014-04-08 15:14 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A8B9E36-F554-4B64-8BD0-E2BB86E98489}\mpengine.dll
2014-04-08 00:32 . 2014-04-08 01:50 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-08 00:29 . 2014-04-08 00:29 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 01:15 . 2014-04-03 01:15 -------- d-----w- c:\program files (x86)\7-Zip
2014-03-30 02:18 . 2014-03-30 02:18 -------- d-----w- c:\users\Guest\AppData\Local\Skype
2014-03-30 01:50 . 2014-03-30 01:50 -------- d-----w- c:\program files (x86)\puush
2014-03-20 20:56 . 2014-03-20 20:56 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2014-03-12 00:17 . 2014-01-30 10:12 1111040 ----a-w- c:\windows\system32\wer.dll
2014-03-12 00:17 . 2014-01-30 07:46 876032 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 00:17 . 2013-11-13 01:54 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-12 00:17 . 2013-11-13 00:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-03-12 00:16 . 2014-02-03 13:20 619008 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 00:16 . 2014-02-03 10:37 505344 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 00:16 . 2014-02-07 12:11 2776064 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 20:26 . 2006-11-02 12:35 90655440 ----a-w- c:\windows\system32\mrt.exe
2014-03-25 19:22 . 2013-04-25 15:05 105552 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-03-25 19:22 . 2013-04-15 22:38 47336 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-03-25 19:22 . 2013-04-15 22:38 738984 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2014-03-25 19:22 . 2013-04-15 22:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-03-25 19:22 . 2013-04-15 22:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2014-03-25 19:22 . 2013-04-23 19:04 363504 ----a-w- c:\windows\SysWow64\guard32.dll
2014-03-25 19:22 . 2013-04-23 19:04 453680 ----a-w- c:\windows\system32\guard64.dll
2014-03-25 19:22 . 2013-04-15 22:38 352984 ----a-w- c:\windows\system32\cmdvrt64.dll
2014-03-25 19:22 . 2013-04-15 22:38 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2014-03-25 19:22 . 2013-04-15 22:38 284888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2014-03-25 19:22 . 2013-04-15 22:38 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2014-03-12 20:37 . 2012-07-27 00:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 20:37 . 2012-07-27 00:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-09 13:44 . 2012-12-11 03:41 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-09 13:44 . 2012-12-11 03:41 64752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-09 13:44 . 2012-12-11 03:41 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-09 13:44 . 2012-12-11 03:41 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-09 13:44 . 2012-12-11 03:41 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-09 13:44 . 2012-12-11 03:41 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-09 13:44 . 2012-12-11 03:40 43152 ----a-w- c:\windows\avastSS.scr
2014-01-31 02:30 . 2014-01-31 02:30 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2014-01-31 02:30 . 2014-01-10 02:25 57096 ----a-w- c:\windows\system32\certsentry.dll
2014-01-12 05:23 . 2014-01-12 05:23 53248 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2014-3-20 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
"ForceActiveDesktopOn"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 20:37]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12 01:48]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12 01:48]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3032519781-586980267-3098026202-1000Core.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 23:13]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3032519781-586980267-3098026202-1000UA.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 23:13]
.
2014-04-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-03-08 23:40]
.
2014-04-10 c:\windows\Tasks\update-S-1-5-21-3032519781-586980267-3098026202-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-07-29 04:26]
.
2014-04-10 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-07-29 04:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\locy25dt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com/firefox
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-08-13 13:15; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Notify-igfxcui - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
Completion time: 2014-04-10  13:51:49
ComboFix-quarantined-files.txt  2014-04-10 17:51
.
Pre-Run: 171,299,282,944 bytes free
Post-Run: 172,022,480,896 bytes free
.
- - End Of File - - 0C31C48D8C52DA6DD343226FA3DC1E2E
5C616939100B85E558DA92B899A0FC36
 
 
_______________________
 
Some stuff like this also popped up during combofix's scanning:
 
83kpc.png
 
and
 
83ofZ.png
 
dunno if that's helpful or not

Edited by papermac123, 10 April 2014 - 12:56 PM.


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 PM

Posted 10 April 2014 - 01:00 PM

Please run the following:

 

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.

  • Right-mouse click JRT.exe and select Run as administrator

  • The tool will open and start scanning your system.

  • Please be patient as this can take a while to complete.

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

  • Post the contents of JRT.txt into your next message

 

NEXT

 

Download AdwCleaner from  here and save it to your desktop.

  • Run AdwCleaner and select Scan

  • If items are found, please select the Clean button

  • Once done it will ask to reboot, allow the reboot

  • On reboot a log will be produced, please attach the content of the log to your next reply

 

NEXT

 

Please download Farbar Service Scanner and run it

  • Make sure the following options are checked:
    • Internet Services

    • Windows Firewall

    • System Restore

    • Security Center

    • Windows Update

    • Windows Defender

  • Press "Scan".

  • It will create a log (FSS.txt) in the same directory the tool is run.

  • Please copy and paste the log to your reply.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 10 April 2014 - 04:31 PM

Ok, here are the logs. While i was running JRT for the first time, i didn't turn off comodo and it blocked something, and during the scan a lot of errors came up and some other stuff, I thought i messed up kind of bad so I ran it again and it ran smoothly.

 

Here's the first one:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Bob on Thu 04/10/2014 at 14:17:51.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\locy25dt.default\extensions\staged
Emptied folder: C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\locy25dt.default\minidumps [6 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/10/2014 at 15:12:11.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
JRT log number 2:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Bob on Thu 04/10/2014 at 16:13:15.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/10/2014 at 17:21:30.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
When I ran AdwCleaner, nothing came up after the reboot, so I looked in C:\AdwCleaner and there were 2 .txt files. Attached them.
 
___
 
 
FSS log:
___
 
 
Farbar Service Scanner Version: 25-02-2014
Ran by Bob (administrator) on 10-04-2014 at 15:47:01
Running from "C:\Users\Bob\Desktop\New Folder (9)\farbar"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 16:39] - [2013-09-03 22:31] - 0404992 ____A (Microsoft Corporation) 2BA159E1F9FD75F6A496742B20F1D9CF
 
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-08-14 18:12] - [2013-07-05 00:45] - 1423808 ____A (Microsoft Corporation) C2CB949645C299E23FBFD26CAD3FC96E
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 

Attached Files



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:55 PM

Posted 10 April 2014 - 05:32 PM

Please do the following:

 

  • Please open your MalwareBytes AntiMalware Program

  • Click the Update Tab and search for updates

  • If an update is found, it will download and install the latest version.

  • Once the program has loaded, select "Perform Quick Scan", then click Scan.

  • The scan may take some time to finish, so please be patient.

  • When the scan is complete, click OK, then Show Results to view the results.

  • Make sure that everything is checked, and click Remove Selected. <-- very important

  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

  • Copy&Paste the entire report in your next reply.

 

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

 

NEXT

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan

  • Tick the box next to YES, I accept the Terms of Use.

  • Click Start

  • When asked, allow the activeX control to install

  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan

  • Wait for the scan to finish

  • When the scan completes,  if it shows a screen that says "Threats found!", then click "List of found threats" button

  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop

  • Include the contents of this report in your next reply.

  • Press the BACK button.

  • Press Finish

 

NEXT

 

Please open up Malwarebytes > go to "Logs" > look for the most recent "Protection log" > open it (it will open in Notepad > save the Notepad to your desktop > attach it to your next reply


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 10 April 2014 - 10:33 PM

Here's the mbytes scan log:
______________________________
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.04.10.09
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Bob :: HOME-PC [administrator]
 
Protection: Enabled
 
4/10/2014 7:26:30 PM
mbam-log-2014-04-10 (19-26-30).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296501
Time elapsed: 16 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 9
C:\Users\Bob\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Bro\Downloads\FlvPlayerSetup.exe (PUP.Optional.BestFree) -> Quarantined and deleted successfully.
C:\Users\Bob\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Bob\Downloads\guiminer.zip (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\Users\Bob\Downloads\ManyCamSetup (4).exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Bob\Downloads\media.player.codec.pack.v4.2.8.setup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Bob\Downloads\pooler-cpuminer-2.2.3-win64.zip (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Bob\Downloads\PowerISO5.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Bob\Downloads\scryptminer-gui-x86-64.zip (Riskware.BitcoinMiner) -> Quarantined and deleted successfully.
 
(end)
 
___________
 
ESET log:
_______
 
C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application
C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application
C:\Program Files (x86)\IObit\Smart Defrag 2\smart-defrag-3-free.exe Win32/Toolbar.Widgi.E potentially unwanted application
C:\Program Files (x86)\IObit\Smart Defrag 3\SDUpgrate.exe Win32/Toolbar.Widgi.E potentially unwanted application
C:\Program Files (x86)\ophcrack\ophcrack.exe probably a variant of Win32/PSWTool.ophCrack.A potentially unsafe application
C:\Program Files (x86)\ophcrack\ophcrack_nogui.exe probably a variant of Win32/PSWTool.ophCrack.A potentially unsafe application
C:\Program Files (x86)\ophcrack\pwdump\lsremora.dll Win32/PSWTool.PWDump6 potentially unsafe application
C:\Program Files (x86)\ophcrack\pwdump\pwdump6_setup.exe Win32/PSWTool.PWDump6 potentially unsafe application
C:\Program Files (x86)\ophcrack\pwdump\servpw.exe Win32/PSWTool.PWDump6 potentially unsafe application
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\ProgramData\Spybot - Search & Destroy\Recovery\CoolWWWSearchLeftovers1.zip Win32/Bagle.gen.zip worm
C:\Sandbox\Speedy\DefaultBox\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7HQLS0JM\SetupDataMngr_Searchqu[1].exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Sandbox\Speedy\DefaultBox\user\current\AppData\Local\Temp\SetupDataMngr_Searchqu.exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\All Users\Spybot - Search & Destroy\Recovery\CoolWWWSearchLeftovers1.zip Win32/Bagle.gen.zip worm
C:\Users\Bro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\4ab61cc5-511cb1c7 multiple threats
C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000009 multiple threats
C:\Users\Bob\Desktop\New Folder (5)\guiminer-scrypt_win32_binaries_v0.03.zip.exe Win32/Adware.1ClickDownload.AE application
C:\Users\Bob\Desktop\New Folder (5)\scryptminer-gui-x86-64.zip a variant of Win64/BitCoinMiner.E potentially unsafe application
C:\Users\Bob\Desktop\New Folder (8)\ScryptMinerGUI_r10.zip a variant of Win32/BitCoinMiner.K potentially unsafe application
 
___
 
note: for some reason the ESET scan, at the end, said "Scan status: Stopped by user" even though I didn't stop it. Or maybe somehow I did stop it but I didn't notice.
 
The other malwarebytes scan is attached. I noticed utorrent in the log but I don't have any torrents seeding/downloading/haven't had any recently.

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users