Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Speedial redirect, file deletion, browser disabled


  • This topic is locked This topic is locked
13 replies to this topic

#1 lydonst

lydonst

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 28 May 2014 - 03:43 PM

Downloaded winzip and it came with this thing. Description above.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by Steven at 22:39:40 on 2014-05-28
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8071.5669 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TinyWall\TinyWall.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\TinyWall\TinyWall.exe
C:\Users\Steven\AppData\Local\FluxSoftware\Flux\flux.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0AyEyD0DtAyCtC0AtByBtD0FtDtD0DyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StCtD0D0Azz0EtBtCtGtD0DtA0CtGtCyD0FyCtGyEtBtCtCtGyEyDtBtD0C0DyE0FyD0CtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByE0D0C0C0E0DtBtGyEtAtCzytG0EyCyEyBtG0BzyyE0EtGtByD0EtCzz0DyBtD0F0B0B0B2Q&cr=1649251511&ir=
mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0AyEyD0DtAyCtC0AtByBtD0FtDtD0DyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StCtD0D0Azz0EtBtCtGtD0DtA0CtGtCyD0FyCtGyEtBtCtCtGyEyDtBtD0C0DyE0FyD0CtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByE0D0C0C0E0DtBtGyEtAtCzytG0EyCyEyBtG0BzyyE0EtGtByD0EtCzz0DyBtD0F0B0B0B2Q&cr=1649251511&ir=
mWinlogon: Userinit = userinit.exe
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
uRun: [f.lux] "C:\Users\Steven\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
TCP: NameServer = 87.216.1.65 87.216.1.66
TCP: Interfaces\{CE542562-8715-4A91-96B3-EA1BBBAA40FB} : DHCPNameServer = 87.216.1.65 87.216.1.66
TCP: Interfaces\{CE542562-8715-4A91-96B3-EA1BBBAA40FB}\75C616E633 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CE542562-8715-4A91-96B3-EA1BBBAA40FB}\84F4354554C4 : DHCPNameServer = 192.168.1.1 10.103.2.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0AyEyD0DtAyCtC0AtByBtD0FtDtD0DyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StCtD0D0Azz0EtBtCtGtD0DtA0CtGtCyD0FyCtGyEtBtCtCtGyEyDtBtD0C0DyE0FyD0CtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByE0D0C0C0E0DtBtGyEtAtCzytG0EyCyEyBtG0BzyyE0EtGtByD0EtCzz0DyBtD0F0B0B0B2Q&cr=1649251511&ir=
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TinyWall Controller] C:\Program Files (x86)\TinyWall\TinyWall.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\drivers\amdkmpfd.sys [2012-3-20 32896]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-3-27 19224]
R1 eamonm;eamonm;C:\windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-3-29 235520]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-12 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-12 1764992]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;C:\windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-3-16 33560]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-17 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-9-12 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-9-12 165144]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-28 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-28 860472]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2013-10-7 230920]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-10-7 69640]
R2 TinyWall;TinyWall Service;C:\Program Files (x86)\TinyWall\TinyWall.exe [2013-7-14 649176]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-9-12 363800]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2012-3-20 2694224]
R3 clwvd;CyberLink Webcam Sharing Manager;C:\windows\System32\drivers\clwvd.sys [2012-8-28 40944]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-1-10 169752]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2014-1-10 449496]
R3 intelkmd;intelkmd;C:\windows\System32\drivers\igdpmd64.sys [2012-3-26 14748416]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-3-27 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-3-27 789272]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-5-28 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-5-28 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-5-28 63704]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-11-2 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-4-17 648808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-11-29 111616]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2013-9-12 117552]
.
=============== Created Last 30 ================
.
2014-05-28 20:20:10 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-05-28 20:15:10 -------- d-----w- C:\Users\Steven\AppData\Roaming\TinyWall
2014-05-28 20:14:59 -------- d-----w- C:\ProgramData\HitmanPro
2014-05-28 20:14:48 -------- d-----w- C:\ProgramData\TinyWall
2014-05-28 20:14:37 -------- d-----w- C:\AdwCleaner
2014-05-28 14:29:39 -------- d--h--w- C:\Users\Steven\AppData\Roaming\Nitro
2014-05-28 14:26:21 29704 ----a-w- C:\windows\System32\nitrolocalmon9.dll
2014-05-28 14:26:21 17928 ----a-w- C:\windows\System32\nitrolocalui9.dll
2014-05-28 14:26:12 -------- d-----w- C:\Program Files\Common Files\Nitro
2014-05-28 14:26:11 -------- d-----w- C:\ProgramData\Nitro
2014-05-28 14:26:11 -------- d-----w- C:\Program Files (x86)\Nitro
2014-05-28 14:26:11 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro
2014-05-28 14:22:48 -------- d--h--w- C:\Users\Steven\AppData\Roaming\Downloaded Installations
2014-05-28 14:17:09 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2014-05-28 11:13:21 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-05-28 11:13:07 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-05-28 11:13:07 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-05-28 11:13:07 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-05-28 11:13:07 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-28 11:13:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 10:58:19 -------- d--h--w- C:\Users\Steven\AppData\Local\WinZip
2014-05-28 10:57:39 -------- d--h--w- C:\Users\Steven\AppData\Roaming\Speedial
2014-04-30 00:47:19 -------- d--h--w- C:\Users\Steven\AppData\Roaming\DropboxMaster
.
==================== Find3M  ====================
.
2014-05-15 19:19:55 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 19:19:55 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 22:39:57.30 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 29 May 2014 - 07:02 PM

Hello lydonst,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

Things to include in your next reply::

AdwCleaner log

JRT.txt

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 lydonst

lydonst
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 30 May 2014 - 03:08 AM

Ok so things are generally running much slower. I got a blue screen of death after I ran adw and restarting. Getting them as well when leaving sleep mode. I actually ran adw yesterday too, so I'll post both logs.

 

# AdwCleaner v3.211 - Report created 28/05/2014 at 22:20:09
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Steven - STEVENPC
# Running from : C:\Users\Steven\Downloads\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\windows\Tasks\Speedial.job
File Deleted : C:\windows\System32\Tasks\Speedial
File Deleted : C:\windows\Tasks\UpdaterEX.job
File Deleted : C:\windows\System32\Tasks\UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Speedial
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speedial

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v29.0.1 (en-US)

-\\ Google Chrome v35.0.1916.114

*************************

AdwCleaner[R0].txt - [1606 octets] - [28/05/2014 22:15:37]
AdwCleaner[S0].txt - [1383 octets] - [28/05/2014 22:20:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1443 octets] ##########
 

 

 

 

# AdwCleaner v3.211 - Report created 30/05/2014 at 09:50:13
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Steven - STEVENPC
# Running from : C:\Users\Steven\Downloads\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Steven\AppData\Roaming\UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1606 octets] - [28/05/2014 22:15:37]
AdwCleaner[R1].txt - [1297 octets] - [30/05/2014 09:47:27]
AdwCleaner[S0].txt - [1523 octets] - [28/05/2014 22:20:09]
AdwCleaner[S1].txt - [1226 octets] - [30/05/2014 09:50:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1286 octets] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Steven on 30/05/2014 at  9:57:48.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Steven\AppData\Roaming\mozilla\firefox\profiles\wdk8epxp.default-1401284535197\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/05/2014 at 10:04:51.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 30 May 2014 - 05:46 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 lydonst

lydonst
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 31 May 2014 - 01:14 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Steven (administrator) on STEVENPC on 31-05-2014 08:12:27
Running from C:\Users\Steven\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(Flux Software LLC) C:\Users\Steven\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-13] (IDT, Inc.)
HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3235354972-3038171923-2700477278-1001\...\Run: [f.lux] => C:\Users\Steven\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3235354972-3038171923-2700477278-1001\...\MountPoints2: {5ace049a-43fe-11e3-8892-806e6f6e6963} - D:\EasySuite.exe
HKU\S-1-5-21-3235354972-3038171923-2700477278-1001\...\MountPoints2: {a4ffe09f-43e9-11e3-b918-48d224f788e1} - D:\EasySuite.exe
Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0AyEyD0DtAyCtC0AtByBtD0FtDtD0DyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StCtD0D0Azz0EtBtCtGtD0DtA0CtGtCyD0FyCtGyEtBtCtCtGyEyDtBtD0C0DyE0FyD0CtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByE0D0C0C0E0DtBtGyEtAtCzytG0EyCyEyBtG0BzyyE0EtGtByD0EtCzz0DyBtD0F0B0B0B2Q&cr=1649251511&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0AyEyD0DtAyCtC0AtByBtD0FtDtD0DyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StCtD0D0Azz0EtBtCtGtD0DtA0CtGtCyD0FyCtGyEtBtCtCtGyEyDtBtD0C0DyE0FyD0CtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByE0D0C0C0E0DtBtGyEtAtCzytG0EyCyEyBtG0BzyyE0EtGtByD0EtCzz0DyBtD0F0B0B0B2Q&cr=1649251511&ir=
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66

FireFox:
========
FF ProfilePath: C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\searchplugins\duckduckgo.xml
FF Extension: Ghostery - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\firefox@ghostery.com.xpi [2014-05-28]
FF Extension: DuckDuckGo Plus - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-05-30]
FF Extension: Zotero - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\zotero@chnm.gmu.edu.xpi [2014-05-28]
FF Extension: Adblock Plus - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-12]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-02]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-02]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-28]
CHR Extension: (Google Drive) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-28]
CHR Extension: (Google Search) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-28]
CHR Extension: (Zotero Connector) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28]
CHR Extension: (Gmail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-28]

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-12] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-10-07] (Nitro PDF Software)
R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-07] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 JMCR; system32\DRIVERS\jmcr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 08:12 - 2014-05-31 08:13 - 00015288 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-05-31 08:12 - 2014-05-31 08:12 - 00000000 ____D () C:\FRST
2014-05-31 08:11 - 2014-05-31 08:12 - 02066944 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-05-30 21:02 - 2014-05-30 21:02 - 00000011 _____ () C:\Users\Steven\Desktop\Deutsche Bank.txt
2014-05-30 09:57 - 2014-05-30 09:57 - 00000000 ____D () C:\windows\ERUNT
2014-05-30 09:55 - 2014-05-30 09:55 - 01016261 _____ (Thisisu) C:\Users\Steven\Desktop\JRT(1).exe
2014-05-30 09:53 - 2014-05-30 09:53 - 00280056 _____ () C:\windows\Minidump\053014-21091-01.dmp
2014-05-29 22:56 - 2014-05-29 22:56 - 00280056 _____ () C:\windows\Minidump\052914-28485-01.dmp
2014-05-29 17:59 - 2014-05-08 09:14 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-29 17:59 - 2014-05-08 08:37 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-29 17:59 - 2014-05-08 07:52 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-29 17:59 - 2014-05-08 07:27 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-29 17:59 - 2014-05-08 06:57 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-29 17:59 - 2014-05-08 06:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-29 17:48 - 2014-05-29 17:49 - 00000000 ____D () C:\windows\system32\MRT
2014-05-29 17:48 - 2014-05-04 17:12 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-29 17:44 - 2013-12-21 11:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-29 17:44 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-29 17:43 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-29 17:43 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-29 17:43 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-29 17:43 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-29 17:43 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-29 17:43 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-29 17:43 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-29 17:43 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-29 17:43 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-29 17:43 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-29 17:43 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-29 17:43 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-29 17:43 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-29 17:43 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-29 17:43 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-29 17:43 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-29 17:43 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-29 17:43 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-29 17:43 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-29 17:43 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-29 17:43 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-29 17:43 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-29 17:43 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-29 17:43 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-29 17:43 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-29 17:43 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-29 17:43 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-29 17:43 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-29 17:43 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-29 17:43 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-29 17:43 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-29 17:43 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-29 17:43 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-29 17:43 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-29 17:43 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-29 17:43 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-29 17:42 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-29 17:42 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-29 17:42 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-29 17:42 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-29 17:42 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-29 17:42 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-29 17:42 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-29 17:42 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-29 17:42 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-29 17:42 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-29 17:42 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-29 17:42 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-29 17:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-29 17:42 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-29 17:42 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-29 17:42 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-29 17:42 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-05-29 17:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-05-29 17:42 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-29 17:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-05-29 17:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-05-29 17:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-05-29 17:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-05-29 17:42 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-05-29 17:42 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-05-29 17:42 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-05-29 17:42 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-05-29 17:42 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-05-29 17:42 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-05-29 17:42 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-05-29 17:42 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-05-29 17:42 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-05-29 17:42 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-05-29 17:42 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-05-29 17:42 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-05-29 17:42 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-05-29 17:42 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-05-29 17:42 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-05-29 17:42 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-05-29 17:42 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-05-29 17:42 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-05-29 17:42 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-05-29 17:42 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-05-29 17:42 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-05-29 17:42 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-05-29 17:42 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-05-29 17:42 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-05-29 17:42 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-05-29 17:34 - 2014-05-30 09:53 - 562218160 _____ () C:\windows\MEMORY.DMP
2014-05-29 17:34 - 2014-05-30 09:53 - 00000000 ____D () C:\windows\Minidump
2014-05-29 17:34 - 2014-05-29 17:34 - 00280056 _____ () C:\windows\Minidump\052914-21902-01.dmp
2014-05-29 00:16 - 2014-05-29 00:16 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk
2014-05-29 00:16 - 2014-05-29 00:16 - 00001177 _____ () C:\Users\Public\Desktop\Zotero Standalone.lnk
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Zotero
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Users\Steven\AppData\Local\Zotero
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2014-05-29 00:15 - 2014-05-29 00:15 - 28201704 _____ (Mozilla) C:\Users\Steven\Downloads\Zotero-4.0.20_setup.exe
2014-05-28 22:54 - 2014-05-29 19:30 - 00000000 ____D () C:\Users\Steven\Desktop\DAAD
2014-05-28 22:54 - 2014-05-28 22:54 - 04739790 _____ () C:\Users\Steven\Downloads\Lydon.7z
2014-05-28 22:38 - 2014-05-28 22:38 - 00688992 ____R (Swearware) C:\Users\Steven\Downloads\dds.com
2014-05-28 22:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-28 22:18 - 2014-05-28 22:18 - 01016261 _____ (Thisisu) C:\Users\Steven\Downloads\JRT.exe
2014-05-28 22:15 - 2014-05-28 22:15 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\TinyWall
2014-05-28 22:14 - 2014-05-30 09:50 - 00000000 ____D () C:\AdwCleaner
2014-05-28 22:14 - 2014-05-28 22:20 - 00000000 ____D () C:\ProgramData\TinyWall
2014-05-28 22:14 - 2014-05-28 22:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-28 22:14 - 2014-05-28 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall
2014-05-28 22:14 - 2014-05-28 22:14 - 10971424 _____ (SurfRight B.V.) C:\Users\Steven\Downloads\HitmanPro_x64.exe
2014-05-28 22:14 - 2014-05-28 22:14 - 10094400 _____ (SurfRight B.V.) C:\Users\Steven\Downloads\HitmanPro.exe
2014-05-28 22:14 - 2014-05-28 22:14 - 01327971 _____ () C:\Users\Steven\Downloads\adwcleaner_3.211.exe
2014-05-28 22:11 - 2014-05-28 22:11 - 01163264 _____ () C:\Users\Steven\Downloads\TinyWallInstaller.msi
2014-05-28 22:03 - 2014-05-31 08:08 - 00000784 _____ () C:\windows\setupact.log
2014-05-28 22:03 - 2014-05-30 09:50 - 00000940 _____ () C:\windows\PFRO.log
2014-05-28 22:03 - 2014-05-28 22:03 - 00000000 _____ () C:\windows\setuperr.log
2014-05-28 16:31 - 2014-05-30 13:06 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nitro PDF
2014-05-28 16:29 - 2014-05-28 16:29 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00002565 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2014-05-28 16:26 - 2014-05-28 16:26 - 00001970 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\ProgramData\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-05-28 16:26 - 2013-10-07 09:41 - 00029704 _____ (Nitro PDF Software) C:\windows\system32\nitrolocalmon9.dll
2014-05-28 16:26 - 2013-10-07 09:41 - 00017928 _____ (Nitro PDF Software) C:\windows\system32\nitrolocalui9.dll
2014-05-28 16:22 - 2014-05-28 16:22 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Downloaded Installations
2014-05-28 16:17 - 2014-05-28 16:17 - 00001085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2014-05-28 16:17 - 2014-05-28 16:17 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-05-28 16:16 - 2014-05-28 16:16 - 02469824 _____ () C:\Users\Steven\Downloads\AdobeDownloadAssistant.exe
2014-05-28 15:59 - 2014-05-28 15:59 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-28 15:59 - 2014-05-28 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-28 15:58 - 2014-05-31 08:08 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-28 15:58 - 2014-05-30 23:04 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 15:58 - 2014-05-28 15:58 - 00918672 _____ (Google Inc.) C:\Users\Steven\Downloads\ChromeSetup.exe
2014-05-28 15:58 - 2014-05-28 15:58 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-28 15:58 - 2014-05-28 15:58 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-28 13:13 - 2014-05-30 09:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 13:13 - 2014-05-28 13:13 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 13:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-28 13:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-28 13:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-28 12:58 - 2014-05-28 12:58 - 00002291 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\Users\Steven\AppData\Local\WinZip
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 12:49 - 2014-05-28 22:58 - 00000000 ____D () C:\Users\Steven\Desktop\Goethe Uni
2014-05-14 16:42 - 2014-05-14 16:42 - 00000600 _____ () C:\Users\Steven\Desktop\Digitale Bibliothek 3.lnk
2014-05-12 15:09 - 2014-05-12 15:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-05-31 08:13 - 2014-05-31 08:12 - 00015288 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-05-31 08:13 - 2013-11-02 20:09 - 00000000 ____D () C:\Users\Steven\AppData\Local\Temp
2014-05-31 08:12 - 2014-05-31 08:12 - 00000000 ____D () C:\FRST
2014-05-31 08:12 - 2014-05-31 08:11 - 02066944 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-05-31 08:10 - 2013-09-12 16:07 - 01161924 _____ () C:\windows\WindowsUpdate.log
2014-05-31 08:09 - 2014-04-30 02:47 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\DropboxMaster
2014-05-31 08:09 - 2013-11-02 21:57 - 00000000 ___RD () C:\Users\Steven\Dropbox
2014-05-31 08:09 - 2013-11-02 21:55 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Dropbox
2014-05-31 08:08 - 2014-05-28 22:03 - 00000784 _____ () C:\windows\setupact.log
2014-05-31 08:08 - 2014-05-28 15:58 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-31 08:08 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-30 23:04 - 2014-05-28 15:58 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 22:56 - 2013-11-03 03:36 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Skype
2014-05-30 22:18 - 2013-12-14 23:43 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 21:02 - 2014-05-30 21:02 - 00000011 _____ () C:\Users\Steven\Desktop\Deutsche Bank.txt
2014-05-30 20:47 - 2009-07-14 07:13 - 00779266 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-30 20:46 - 2013-11-02 20:27 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8C1D3170-C6CF-4A9B-8FCE-58B462A55076}
2014-05-30 20:46 - 2009-07-14 06:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 20:46 - 2009-07-14 06:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 13:06 - 2014-05-28 16:31 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nitro PDF
2014-05-30 11:53 - 2013-11-02 23:08 - 00000000 ____D () C:\Program Files\PeerBlock
2014-05-30 09:57 - 2014-05-30 09:57 - 00000000 ____D () C:\windows\ERUNT
2014-05-30 09:55 - 2014-05-30 09:55 - 01016261 _____ (Thisisu) C:\Users\Steven\Desktop\JRT(1).exe
2014-05-30 09:54 - 2014-05-28 13:13 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 09:53 - 2014-05-30 09:53 - 00280056 _____ () C:\windows\Minidump\053014-21091-01.dmp
2014-05-30 09:53 - 2014-05-29 17:34 - 562218160 _____ () C:\windows\MEMORY.DMP
2014-05-30 09:53 - 2014-05-29 17:34 - 00000000 ____D () C:\windows\Minidump
2014-05-30 09:50 - 2014-05-28 22:14 - 00000000 ____D () C:\AdwCleaner
2014-05-30 09:50 - 2014-05-28 22:03 - 00000940 _____ () C:\windows\PFRO.log
2014-05-29 22:56 - 2014-05-29 22:56 - 00280056 _____ () C:\windows\Minidump\052914-28485-01.dmp
2014-05-29 19:30 - 2014-05-28 22:54 - 00000000 ____D () C:\Users\Steven\Desktop\DAAD
2014-05-29 18:03 - 2013-11-02 20:27 - 00000000 ___RD () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-29 18:03 - 2013-11-02 20:27 - 00000000 ___RD () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-29 18:02 - 2009-07-14 06:45 - 00377464 _____ () C:\windows\system32\FNTCACHE.DAT
2014-05-29 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-05-29 17:59 - 2013-04-17 10:02 - 00765178 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-05-29 17:49 - 2014-05-29 17:48 - 00000000 ____D () C:\windows\system32\MRT
2014-05-29 17:34 - 2014-05-29 17:34 - 00280056 _____ () C:\windows\Minidump\052914-21902-01.dmp
2014-05-29 00:16 - 2014-05-29 00:16 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk
2014-05-29 00:16 - 2014-05-29 00:16 - 00001177 _____ () C:\Users\Public\Desktop\Zotero Standalone.lnk
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Zotero
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Users\Steven\AppData\Local\Zotero
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2014-05-29 00:15 - 2014-05-29 00:15 - 28201704 _____ (Mozilla) C:\Users\Steven\Downloads\Zotero-4.0.20_setup.exe
2014-05-28 22:58 - 2014-05-28 12:49 - 00000000 ____D () C:\Users\Steven\Desktop\Goethe Uni
2014-05-28 22:54 - 2014-05-28 22:54 - 04739790 _____ () C:\Users\Steven\Downloads\Lydon.7z
2014-05-28 22:38 - 2014-05-28 22:38 - 00688992 ____R (Swearware) C:\Users\Steven\Downloads\dds.com
2014-05-28 22:20 - 2014-05-28 22:14 - 00000000 ____D () C:\ProgramData\TinyWall
2014-05-28 22:19 - 2014-05-28 22:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-28 22:18 - 2014-05-28 22:18 - 01016261 _____ (Thisisu) C:\Users\Steven\Downloads\JRT.exe
2014-05-28 22:15 - 2014-05-28 22:15 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\TinyWall
2014-05-28 22:15 - 2014-05-28 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall
2014-05-28 22:15 - 2014-02-08 18:16 - 00002378 _____ () C:\windows\system32\InstallUtil.InstallLog
2014-05-28 22:15 - 2014-02-08 18:16 - 00000000 ____D () C:\Program Files (x86)\TinyWall
2014-05-28 22:14 - 2014-05-28 22:14 - 10971424 _____ (SurfRight B.V.) C:\Users\Steven\Downloads\HitmanPro_x64.exe
2014-05-28 22:14 - 2014-05-28 22:14 - 10094400 _____ (SurfRight B.V.) C:\Users\Steven\Downloads\HitmanPro.exe
2014-05-28 22:14 - 2014-05-28 22:14 - 01327971 _____ () C:\Users\Steven\Downloads\adwcleaner_3.211.exe
2014-05-28 22:11 - 2014-05-28 22:11 - 01163264 _____ () C:\Users\Steven\Downloads\TinyWallInstaller.msi
2014-05-28 22:03 - 2014-05-28 22:03 - 00000000 _____ () C:\windows\setuperr.log
2014-05-28 17:54 - 2013-11-02 23:15 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Winamp
2014-05-28 17:34 - 2013-11-02 23:30 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\BitTorrent
2014-05-28 16:29 - 2014-05-28 16:29 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00002565 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2014-05-28 16:26 - 2014-05-28 16:26 - 00001970 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\ProgramData\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-05-28 16:22 - 2014-05-28 16:22 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Downloaded Installations
2014-05-28 16:17 - 2014-05-28 16:17 - 00001085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2014-05-28 16:17 - 2014-05-28 16:17 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-05-28 16:16 - 2014-05-28 16:16 - 02469824 _____ () C:\Users\Steven\Downloads\AdobeDownloadAssistant.exe
2014-05-28 15:59 - 2014-05-28 15:59 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-28 15:59 - 2014-05-28 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-28 15:59 - 2013-11-04 04:21 - 00000000 ____D () C:\Users\Steven\AppData\Local\Google
2014-05-28 15:59 - 2013-11-04 04:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-28 15:58 - 2014-05-28 15:58 - 00918672 _____ (Google Inc.) C:\Users\Steven\Downloads\ChromeSetup.exe
2014-05-28 15:58 - 2014-05-28 15:58 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-28 15:58 - 2014-05-28 15:58 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-28 13:13 - 2014-05-28 13:13 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 12:58 - 2014-05-28 12:58 - 00002291 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\Users\Steven\AppData\Local\WinZip
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 12:58 - 2013-09-12 17:22 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-28 12:58 - 2013-04-17 10:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-05-28 12:58 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 11:19 - 2013-11-02 21:55 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-23 15:58 - 2009-07-14 07:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-21 07:16 - 2013-11-03 03:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-21 07:16 - 2013-09-12 17:19 - 00000000 ____D () C:\ProgramData\Skype
2014-05-20 20:05 - 2013-11-04 02:01 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-18 03:57 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-05-17 18:15 - 2013-12-05 22:39 - 00000000 ____D () C:\Users\Steven\AppData\Local\CrashDumps
2014-05-15 22:18 - 2013-12-14 23:43 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 21:19 - 2013-04-17 10:23 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 21:19 - 2013-04-17 10:23 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 16:42 - 2014-05-14 16:42 - 00000600 _____ () C:\Users\Steven\Desktop\Digitale Bibliothek 3.lnk
2014-05-13 03:21 - 2013-11-02 20:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 15:09 - 2014-05-12 15:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-12 07:26 - 2014-05-28 13:13 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 13:13 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-11 22:32 - 2014-01-02 04:48 - 00000000 ____D () C:\Users\Steven\Documents\Youcam
2014-05-08 09:14 - 2014-05-29 17:59 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-08 08:37 - 2014-05-29 17:59 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-08 07:52 - 2014-05-29 17:59 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-08 07:27 - 2014-05-29 17:59 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-08 06:57 - 2014-05-29 17:59 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-08 06:04 - 2014-05-29 17:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-04 17:12 - 2014-05-29 17:48 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Steven\AppData\Local\Temp\12093uninstall.exe
C:\Users\Steven\AppData\Local\Temp\15410uninstall.exe
C:\Users\Steven\AppData\Local\Temp\38085uninstall.exe
C:\Users\Steven\AppData\Local\Temp\43578uninstall.exe
C:\Users\Steven\AppData\Local\Temp\76807uninstall.exe
C:\Users\Steven\AppData\Local\Temp\77595uninstall.exe
C:\Users\Steven\AppData\Local\Temp\88566uninstall.exe
C:\Users\Steven\AppData\Local\Temp\89468uninstall.exe
C:\Users\Steven\AppData\Local\Temp\91319uninstall.exe
C:\Users\Steven\AppData\Local\Temp\96906uninstall.exe
C:\Users\Steven\AppData\Local\Temp\98870uninstall.exe
C:\Users\Steven\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr8ys6t.dll
C:\Users\Steven\AppData\Local\Temp\Quarantine.exe
C:\Users\Steven\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 22:54

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by Steven at 2014-05-31 08:13:22
Running from C:\Users\Steven\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{818912C6-BD97-B888-53F1-1C64148A754F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70329.2315 - Advanced Micro Devices, Inc.) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.31141 - BitTorrent Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0329.2311.39738 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0329.2312.39738 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 4.1.1.3423 - CyberLink Corp.) Hidden
Digitale Bibliothek 3 (HKLM-x32\...\Digitale Bibliothek 3) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
ESET NOD32 Antivirus (HKLM\...\{89B0ECE0-A41F-4A45-98D9-D54C74338117}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
f.lux (HKCU\...\Flux) (Version:  - )
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.943.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero Burning Core (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM 2014 (HKLM-x32\...\{326AD556-E540-4C3F-B197-4A9456DABCF3}) (Version: 15.0.01300 - Nero AG)
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.22500 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15003 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nitro Pro 9 (HKLM\...\{02EB7080-8735-4D75-9380-A07D25DA06D2}) (Version: 9.0.2.37 - Nitro)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
Scrivener (HKLM-x32\...\Scrivener 102) (Version: 102 - Literature and Latte)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TinyWall (HKLM-x32\...\{E87F67CD-B72A-4B47-A01D-28CD16AC0711}) (Version: 2.1.4.0 - Károly Pados)
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Zotero Standalone 4.0.20 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.20 (x86 en-US)) (Version: 4.0.20 - Zotero)

==================== Restore Points  =========================

25-04-2014 02:26:33 Scheduled Checkpoint
02-05-2014 16:20:16 Scheduled Checkpoint
09-05-2014 20:32:36 Removed TinyWall
28-05-2014 14:23:11 Installed Nitro Pro 9
28-05-2014 20:11:50 Installed TinyWall
29-05-2014 15:43:18 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04F4FF30-CE3E-40FE-AB4E-86112C5E6A35} - System32\Tasks\{1EF911B7-7A8F-4DBD-80A8-439772C3C99A} => F:\SETUP.EXE
Task: {069060A9-5607-4A5E-A650-8928F0303E13} - System32\Tasks\{7BA755E5-8176-4E71-916D-9B3400CC30FE} => F:\SETUP.EXE
Task: {0AE5FCF2-91A5-4ABB-8934-14DBE926FA02} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe
Task: {13617020-5420-4342-BC4C-22464BB22AC2} - System32\Tasks\{CA42B5EE-1570-46A4-B58E-13ED405668DF} => F:\SETUP.EXE
Task: {17E1A95F-046A-4532-81A6-23F5C6646285} - System32\Tasks\{33FB7116-D1C4-447B-8097-B7570DABC620} => F:\VIP.EXE
Task: {20F978A5-860C-4EA0-8E46-26652BBBC9E0} - System32\Tasks\Peerblock => C:\Program Files\PeerBlock\peerblock.exe [2010-11-07] (PeerBlock, LLC)
Task: {2215FFB8-CE86-4E48-9F12-2AA1C964142D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.)
Task: {27725FAF-56F6-44CC-BB93-6B5C79EC7582} - System32\Tasks\{516DE90B-E571-4FF2-A9B5-B73C440CAEF3} => F:\VIP.EXE
Task: {37A39DC0-996B-41B7-8A9A-42CABB5D4F02} - \Speedial No Task File <==== ATTENTION
Task: {5CC08811-0185-458C-9D70-B864E8736E52} - System32\Tasks\{FD75443B-EE3D-4D3D-81B0-869FE6705E19} => F:\SETUP.EXE
Task: {7CDC10C3-53FC-4932-8FF0-0D840502307A} - System32\Tasks\{26BAD2B4-20EE-4928-87E9-B18EC47BF266} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.1.0.129.272&amp;LastError=404
Task: {9291A9D5-1D3C-43F8-AA38-14726D6E6DC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.)
Task: {95E59673-B9F5-494F-A1D8-61BD3D7723F4} - System32\Tasks\{30FA5E8D-B545-470C-9925-1713AA845CF5} => F:\VIP.EXE
Task: {A291BC3E-AA89-4120-9F35-124782D52A6C} - System32\Tasks\{48663CA7-12EA-4391-9210-BF7A651A03AD} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.1.0.129.272&amp;LastError=404
Task: {B5C48767-D328-4346-8452-8B5D3F59AC79} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {C0CACEA4-E50B-45A1-BD3E-F9683471A9FB} - System32\Tasks\{8500C92D-BE59-4DD5-9FEF-509EFFEB4271} => F:\VIP.EXE
Task: {CF172D3C-9826-4495-80E4-C664FF1019BD} - System32\Tasks\{A18F7564-BBED-4ABE-8886-36C82DA88071} => F:\SETUP.EXE
Task: {D51E2E3E-E1ED-46A0-BE3A-191C671B977D} - \UpdaterEX No Task File <==== ATTENTION
Task: {D5434355-EA05-4476-B2EB-06D66BF09B65} - System32\Tasks\{7B5540D5-1068-4778-922A-77F3D5521CBD} => F:\VIP.EXE
Task: {DDF3615A-A8DB-4DCC-9B2D-4AB189A9FAA2} - System32\Tasks\{B86BF484-08D1-4871-B321-DCA876E08617} => F:\VIP.EXE
Task: {F226CCA5-AA43-4B4A-A6C5-510703E007CC} - System32\Tasks\{2024A32D-D0A8-4320-92E4-AB4564170D11} => F:\VIP.EXE
Task: {F261A50E-8482-42DE-B5AE-20C08D148BA7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {F8BD324A-3D75-4B27-A4EF-C692F07916A3} - System32\Tasks\{EB872BC6-317B-424A-8F87-6F2FACE9446C} => F:\VIP.EXE
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-28 22:14 - 2014-05-28 22:14 - 00084952 _____ () C:\windows\assembly\GAC_MSIL\TinyWall.XmlSerializers\2.1.4.0__d9a8adbcd0c171b3\TinyWall.XmlSerializers.dll
2012-03-26 14:33 - 2012-03-26 14:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-26 22:20 - 2011-12-26 22:20 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-30 08:07 - 2012-03-30 08:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-12 16:34 - 2012-03-28 19:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-05-31 08:09 - 2014-05-31 08:09 - 00043008 _____ () c:\users\steven\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr8ys6t.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Steven\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-12 15:09 - 2014-05-12 15:09 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-03 16:34 - 2013-11-03 16:34 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll
2013-04-17 10:05 - 2012-02-02 03:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-09-12 16:33 - 2012-03-28 19:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:F9EF77F7A5AE2DB3
AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2014 08:10:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 08:08:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/30/2014 08:40:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 08:38:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/30/2014 01:06:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 01:05:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/31/2014 08:08:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\athihvs.dll
Error Code: 14001

Error: (05/31/2014 08:08:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error:
%%3

Error: (05/30/2014 11:09:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/30/2014 08:38:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\athihvs.dll
Error Code: 14001

Error: (05/30/2014 08:38:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error:
%%3

Error: (05/30/2014 04:34:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/30/2014 01:05:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\athihvs.dll
Error Code: 14001

Error: (05/30/2014 01:05:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error:
%%3

Error: (05/30/2014 11:53:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/30/2014 11:03:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (04/16/2014 10:06:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/16/2014 10:06:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1833 seconds with 1380 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 8071.49 MB
Available physical RAM: 5385.91 MB
Total Pagefile: 16141.16 MB
Available Pagefile: 13208.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.91 GB) (Free:474.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:19.44 GB) (Free:2.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: CF4DBAC4)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 31 May 2014 - 03:11 PM

 

F:\VIP.EXE

Do you know anything about this file?

 

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   3.15KB   1 downloads

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 lydonst

lydonst
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 31 May 2014 - 03:30 PM

No, I don't know the file.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014
Ran by Steven at 2014-05-31 22:29:26 Run:1
Running from C:\Users\Steven\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0AyEyD0DtAyCtC0AtByBtD0FtDtD0DyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StCtD0D0Azz0EtBtCtGtD0DtA0CtGtCyD0FyCtGyEtBtCtCtGyEyDtBtD0C0DyE0FyD0CtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByE0D0C0C0E0DtBtGyEtAtCzytG0EyCyEyBtG0BzyyE0EtGtByD0EtCzz0DyBtD0F0B0B0B2Q&cr=1649251511&ir=
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0AyEyD0DtAyCtC0AtByBtD0FtDtD0DyBtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StCtD0D0Azz0EtBtCtGtD0DtA0CtGtCyD0FyCtGyEtBtCtCtGyEyDtBtD0C0DyE0FyD0CtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByE0D0C0C0E0DtBtGyEtAtCzytG0EyCyEyBtG0BzyyE0EtGtByD0EtCzz0DyBtD0F0B0B0B2Q&cr=1649251511&ir=
FF Extension: DuckDuckGo Plus - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-05-30]
FF Extension: Zotero - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\zotero@chnm.gmu.edu.xpi [2014-05-28]
FF Extension: Adblock Plus - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-28]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-12]
2014-05-29 00:16 - 2014-05-29 00:16 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk
2014-05-29 00:16 - 2014-05-29 00:16 - 00001177 _____ () C:\Users\Public\Desktop\Zotero Standalone.lnk
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Zotero
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Users\Steven\AppData\Local\Zotero
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2014-05-29 00:15 - 2014-05-29 00:15 - 28201704 _____ (Mozilla) C:\Users\Steven\Downloads\Zotero-4.0.20_setup.exe
C:\Users\Steven\AppData\Local\Temp\12093uninstall.exe
C:\Users\Steven\AppData\Local\Temp\15410uninstall.exe
C:\Users\Steven\AppData\Local\Temp\38085uninstall.exe
C:\Users\Steven\AppData\Local\Temp\43578uninstall.exe
C:\Users\Steven\AppData\Local\Temp\76807uninstall.exe
C:\Users\Steven\AppData\Local\Temp\77595uninstall.exe
C:\Users\Steven\AppData\Local\Temp\88566uninstall.exe
C:\Users\Steven\AppData\Local\Temp\89468uninstall.exe
C:\Users\Steven\AppData\Local\Temp\91319uninstall.exe
C:\Users\Steven\AppData\Local\Temp\96906uninstall.exe
C:\Users\Steven\AppData\Local\Temp\98870uninstall.exe
C:\Users\Steven\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr8ys6t.dll
C:\Users\Steven\AppData\Local\Temp\Quarantine.exe
C:\Users\Steven\AppData\Local\Temp\Sqlite3.dll
Task: {37A39DC0-996B-41B7-8A9A-42CABB5D4F02} - \Speedial No Task File <==== ATTENTION
Task: {D51E2E3E-E1ED-46A0-BE3A-191C671B977D} - \UpdaterEX No Task File <==== ATTENTION


*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => Key deleted successfully.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => Key deleted successfully.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => Key not found.
C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi => Moved successfully.
C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\zotero@chnm.gmu.edu.xpi => Moved successfully.
C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk => Moved successfully.
C:\Users\Public\Desktop\Zotero Standalone.lnk => Moved successfully.
C:\Users\Steven\AppData\Roaming\Zotero => Moved successfully.
C:\Users\Steven\AppData\Local\Zotero => Moved successfully.
C:\Program Files (x86)\Zotero Standalone => Moved successfully.
C:\Users\Steven\Downloads\Zotero-4.0.20_setup.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\12093uninstall.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\15410uninstall.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\38085uninstall.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\43578uninstall.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\76807uninstall.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\77595uninstall.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\88566uninstall.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\89468uninstall.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\91319uninstall.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\96906uninstall.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\98870uninstall.exe => Moved successfully.
"C:\Users\Steven\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr8ys6t.dll" => File/Directory not found.
C:\Users\Steven\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Steven\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37A39DC0-996B-41B7-8A9A-42CABB5D4F02} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37A39DC0-996B-41B7-8A9A-42CABB5D4F02} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Speedial => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D51E2E3E-E1ED-46A0-BE3A-191C671B977D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D51E2E3E-E1ED-46A0-BE3A-191C671B977D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => Key deleted successfully.

==== End of Fixlog ====



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 01 June 2014 - 03:04 PM

Please run FRST as you did the first time and post the FRST.txt.

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 lydonst

lydonst
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 01 June 2014 - 03:45 PM

Seems better! The only weird thing I've noticed is that some Firefox add-ons disappeared, but that might be the result of the scans.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Steven (administrator) on STEVENPC on 01-06-2014 22:44:18
Running from C:\Users\Steven\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Flux Software LLC) C:\Users\Steven\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-13] (IDT, Inc.)
HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3235354972-3038171923-2700477278-1001\...\Run: [f.lux] => C:\Users\Steven\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3235354972-3038171923-2700477278-1001\...\MountPoints2: {5ace049a-43fe-11e3-8892-806e6f6e6963} - D:\EasySuite.exe
HKU\S-1-5-21-3235354972-3038171923-2700477278-1001\...\MountPoints2: {a4ffe09f-43e9-11e3-b918-48d224f788e1} - D:\EasySuite.exe
Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66

FireFox:
========
FF ProfilePath: C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\searchplugins\duckduckgo.xml
FF Extension: Ghostery - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\firefox@ghostery.com.xpi [2014-05-28]
FF Extension: Zotero - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\zotero@chnm.gmu.edu.xpi [2014-06-01]
FF Extension: Adblock Plus - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\wdk8epxp.default-1401284535197\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-02]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-02]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-28]
CHR Extension: (Google Drive) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-28]
CHR Extension: (Google Search) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-28]
CHR Extension: (Zotero Connector) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28]
CHR Extension: (Gmail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-28]

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-12] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-10-07] (Nitro PDF Software)
R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-07] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 JMCR; system32\DRIVERS\jmcr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 22:44 - 2014-06-01 22:44 - 00014242 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-05-31 08:12 - 2014-06-01 22:44 - 00000000 ____D () C:\FRST
2014-05-31 08:11 - 2014-05-31 08:12 - 02066944 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-05-30 09:57 - 2014-05-30 09:57 - 00000000 ____D () C:\windows\ERUNT
2014-05-30 09:55 - 2014-05-30 09:55 - 01016261 _____ (Thisisu) C:\Users\Steven\Desktop\JRT(1).exe
2014-05-30 09:53 - 2014-05-30 09:53 - 00280056 _____ () C:\windows\Minidump\053014-21091-01.dmp
2014-05-29 22:56 - 2014-05-29 22:56 - 00280056 _____ () C:\windows\Minidump\052914-28485-01.dmp
2014-05-29 17:59 - 2014-05-08 09:14 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-29 17:59 - 2014-05-08 08:37 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-29 17:59 - 2014-05-08 07:52 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-29 17:59 - 2014-05-08 07:27 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-29 17:59 - 2014-05-08 06:57 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-29 17:59 - 2014-05-08 06:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-29 17:48 - 2014-05-29 17:49 - 00000000 ____D () C:\windows\system32\MRT
2014-05-29 17:48 - 2014-05-04 17:12 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-29 17:44 - 2013-12-21 11:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-29 17:44 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-29 17:43 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-29 17:43 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-29 17:43 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-29 17:43 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-29 17:43 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-29 17:43 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-29 17:43 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-29 17:43 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-29 17:43 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-29 17:43 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-29 17:43 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-29 17:43 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-29 17:43 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-29 17:43 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-29 17:43 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-29 17:43 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-29 17:43 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-29 17:43 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-29 17:43 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-29 17:43 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-29 17:43 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-29 17:43 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-29 17:43 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-29 17:43 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-29 17:43 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-29 17:43 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-29 17:43 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-29 17:43 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-29 17:43 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-29 17:43 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-29 17:43 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-29 17:43 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-29 17:43 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-29 17:43 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-29 17:43 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-29 17:43 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-29 17:42 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-29 17:42 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-29 17:42 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-29 17:42 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-29 17:42 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-29 17:42 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-29 17:42 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-29 17:42 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-29 17:42 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-29 17:42 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-29 17:42 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-29 17:42 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-29 17:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-05-29 17:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-29 17:42 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-29 17:42 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-29 17:42 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-29 17:42 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-29 17:42 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-29 17:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-05-29 17:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-05-29 17:42 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-29 17:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-05-29 17:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-05-29 17:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-05-29 17:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-05-29 17:42 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-05-29 17:42 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-05-29 17:42 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-05-29 17:42 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-05-29 17:42 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-05-29 17:42 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-05-29 17:42 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-05-29 17:42 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-05-29 17:42 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-05-29 17:42 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-05-29 17:42 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-05-29 17:42 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-05-29 17:42 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-05-29 17:42 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-05-29 17:42 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-05-29 17:42 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-05-29 17:42 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-05-29 17:42 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-05-29 17:42 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-05-29 17:42 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-05-29 17:42 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-05-29 17:42 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-05-29 17:42 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-05-29 17:42 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-05-29 17:42 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-05-29 17:34 - 2014-05-30 09:53 - 562218160 _____ () C:\windows\MEMORY.DMP
2014-05-29 17:34 - 2014-05-30 09:53 - 00000000 ____D () C:\windows\Minidump
2014-05-29 17:34 - 2014-05-29 17:34 - 00280056 _____ () C:\windows\Minidump\052914-21902-01.dmp
2014-05-28 22:54 - 2014-05-29 19:30 - 00000000 ____D () C:\Users\Steven\Desktop\DAAD
2014-05-28 22:54 - 2014-05-28 22:54 - 04739790 _____ () C:\Users\Steven\Downloads\Lydon.7z
2014-05-28 22:38 - 2014-05-28 22:38 - 00688992 ____R (Swearware) C:\Users\Steven\Downloads\dds.com
2014-05-28 22:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-28 22:18 - 2014-05-28 22:18 - 01016261 _____ (Thisisu) C:\Users\Steven\Downloads\JRT.exe
2014-05-28 22:15 - 2014-05-28 22:15 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\TinyWall
2014-05-28 22:14 - 2014-05-30 09:50 - 00000000 ____D () C:\AdwCleaner
2014-05-28 22:14 - 2014-05-28 22:20 - 00000000 ____D () C:\ProgramData\TinyWall
2014-05-28 22:14 - 2014-05-28 22:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-28 22:14 - 2014-05-28 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall
2014-05-28 22:14 - 2014-05-28 22:14 - 10971424 _____ (SurfRight B.V.) C:\Users\Steven\Downloads\HitmanPro_x64.exe
2014-05-28 22:14 - 2014-05-28 22:14 - 10094400 _____ (SurfRight B.V.) C:\Users\Steven\Downloads\HitmanPro.exe
2014-05-28 22:14 - 2014-05-28 22:14 - 01327971 _____ () C:\Users\Steven\Downloads\adwcleaner_3.211.exe
2014-05-28 22:11 - 2014-05-28 22:11 - 01163264 _____ () C:\Users\Steven\Downloads\TinyWallInstaller.msi
2014-05-28 22:03 - 2014-06-01 20:03 - 00001008 _____ () C:\windows\setupact.log
2014-05-28 22:03 - 2014-05-30 09:50 - 00000940 _____ () C:\windows\PFRO.log
2014-05-28 22:03 - 2014-05-28 22:03 - 00000000 _____ () C:\windows\setuperr.log
2014-05-28 16:31 - 2014-06-01 22:18 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nitro PDF
2014-05-28 16:29 - 2014-05-28 16:29 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00002565 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2014-05-28 16:26 - 2014-05-28 16:26 - 00001970 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\ProgramData\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-05-28 16:26 - 2013-10-07 09:41 - 00029704 _____ (Nitro PDF Software) C:\windows\system32\nitrolocalmon9.dll
2014-05-28 16:26 - 2013-10-07 09:41 - 00017928 _____ (Nitro PDF Software) C:\windows\system32\nitrolocalui9.dll
2014-05-28 16:22 - 2014-05-28 16:22 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Downloaded Installations
2014-05-28 16:17 - 2014-05-28 16:17 - 00001085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2014-05-28 16:17 - 2014-05-28 16:17 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-05-28 16:16 - 2014-05-28 16:16 - 02469824 _____ () C:\Users\Steven\Downloads\AdobeDownloadAssistant.exe
2014-05-28 15:59 - 2014-05-28 15:59 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-28 15:59 - 2014-05-28 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-28 15:58 - 2014-06-01 22:04 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 15:58 - 2014-06-01 20:03 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-28 15:58 - 2014-05-28 15:58 - 00918672 _____ (Google Inc.) C:\Users\Steven\Downloads\ChromeSetup.exe
2014-05-28 15:58 - 2014-05-28 15:58 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-28 15:58 - 2014-05-28 15:58 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-28 13:13 - 2014-05-30 09:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 13:13 - 2014-05-28 13:13 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 13:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-28 13:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-28 13:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-28 12:58 - 2014-05-28 12:58 - 00002291 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\Users\Steven\AppData\Local\WinZip
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 12:49 - 2014-05-28 22:58 - 00000000 ____D () C:\Users\Steven\Desktop\Goethe Uni
2014-05-14 16:42 - 2014-05-14 16:42 - 00000600 _____ () C:\Users\Steven\Desktop\Digitale Bibliothek 3.lnk
2014-05-12 15:09 - 2014-05-12 15:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-01 22:44 - 2014-06-01 22:44 - 00014242 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-06-01 22:44 - 2014-05-31 08:12 - 00000000 ____D () C:\FRST
2014-06-01 22:44 - 2013-11-02 20:09 - 00000000 ____D () C:\Users\Steven\AppData\Local\Temp
2014-06-01 22:21 - 2013-11-03 03:36 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Skype
2014-06-01 22:18 - 2014-05-28 16:31 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nitro PDF
2014-06-01 22:18 - 2013-12-14 23:43 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 22:04 - 2014-05-28 15:58 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 20:44 - 2013-11-02 23:13 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\vlc
2014-06-01 20:34 - 2014-01-02 04:48 - 00000000 ____D () C:\Users\Steven\Documents\Youcam
2014-06-01 20:11 - 2009-07-14 07:13 - 00779266 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-01 20:10 - 2009-07-14 06:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 20:10 - 2009-07-14 06:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 20:04 - 2013-09-12 16:07 - 01233787 _____ () C:\windows\WindowsUpdate.log
2014-06-01 20:03 - 2014-05-28 22:03 - 00001008 _____ () C:\windows\setupact.log
2014-06-01 20:03 - 2014-05-28 15:58 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-01 20:03 - 2014-04-30 02:47 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\DropboxMaster
2014-06-01 20:03 - 2013-11-02 21:57 - 00000000 ___RD () C:\Users\Steven\Dropbox
2014-06-01 20:03 - 2013-11-02 21:55 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Dropbox
2014-06-01 20:03 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-01 09:58 - 2013-11-02 23:08 - 00000000 ____D () C:\Program Files\PeerBlock
2014-06-01 00:37 - 2013-11-02 23:30 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\BitTorrent
2014-05-31 23:07 - 2013-12-05 22:39 - 00000000 ____D () C:\Users\Steven\AppData\Local\CrashDumps
2014-05-31 22:14 - 2013-11-02 20:27 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8C1D3170-C6CF-4A9B-8FCE-58B462A55076}
2014-05-31 08:12 - 2014-05-31 08:11 - 02066944 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-05-30 09:57 - 2014-05-30 09:57 - 00000000 ____D () C:\windows\ERUNT
2014-05-30 09:55 - 2014-05-30 09:55 - 01016261 _____ (Thisisu) C:\Users\Steven\Desktop\JRT(1).exe
2014-05-30 09:54 - 2014-05-28 13:13 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 09:53 - 2014-05-30 09:53 - 00280056 _____ () C:\windows\Minidump\053014-21091-01.dmp
2014-05-30 09:53 - 2014-05-29 17:34 - 562218160 _____ () C:\windows\MEMORY.DMP
2014-05-30 09:53 - 2014-05-29 17:34 - 00000000 ____D () C:\windows\Minidump
2014-05-30 09:50 - 2014-05-28 22:14 - 00000000 ____D () C:\AdwCleaner
2014-05-30 09:50 - 2014-05-28 22:03 - 00000940 _____ () C:\windows\PFRO.log
2014-05-29 22:56 - 2014-05-29 22:56 - 00280056 _____ () C:\windows\Minidump\052914-28485-01.dmp
2014-05-29 19:30 - 2014-05-28 22:54 - 00000000 ____D () C:\Users\Steven\Desktop\DAAD
2014-05-29 18:03 - 2013-11-02 20:27 - 00000000 ___RD () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-29 18:03 - 2013-11-02 20:27 - 00000000 ___RD () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-29 18:02 - 2009-07-14 06:45 - 00377464 _____ () C:\windows\system32\FNTCACHE.DAT
2014-05-29 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-05-29 17:59 - 2013-04-17 10:02 - 00765178 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-05-29 17:49 - 2014-05-29 17:48 - 00000000 ____D () C:\windows\system32\MRT
2014-05-29 17:34 - 2014-05-29 17:34 - 00280056 _____ () C:\windows\Minidump\052914-21902-01.dmp
2014-05-28 22:58 - 2014-05-28 12:49 - 00000000 ____D () C:\Users\Steven\Desktop\Goethe Uni
2014-05-28 22:54 - 2014-05-28 22:54 - 04739790 _____ () C:\Users\Steven\Downloads\Lydon.7z
2014-05-28 22:38 - 2014-05-28 22:38 - 00688992 ____R (Swearware) C:\Users\Steven\Downloads\dds.com
2014-05-28 22:20 - 2014-05-28 22:14 - 00000000 ____D () C:\ProgramData\TinyWall
2014-05-28 22:19 - 2014-05-28 22:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-28 22:18 - 2014-05-28 22:18 - 01016261 _____ (Thisisu) C:\Users\Steven\Downloads\JRT.exe
2014-05-28 22:15 - 2014-05-28 22:15 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\TinyWall
2014-05-28 22:15 - 2014-05-28 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall
2014-05-28 22:15 - 2014-02-08 18:16 - 00002378 _____ () C:\windows\system32\InstallUtil.InstallLog
2014-05-28 22:15 - 2014-02-08 18:16 - 00000000 ____D () C:\Program Files (x86)\TinyWall
2014-05-28 22:14 - 2014-05-28 22:14 - 10971424 _____ (SurfRight B.V.) C:\Users\Steven\Downloads\HitmanPro_x64.exe
2014-05-28 22:14 - 2014-05-28 22:14 - 10094400 _____ (SurfRight B.V.) C:\Users\Steven\Downloads\HitmanPro.exe
2014-05-28 22:14 - 2014-05-28 22:14 - 01327971 _____ () C:\Users\Steven\Downloads\adwcleaner_3.211.exe
2014-05-28 22:11 - 2014-05-28 22:11 - 01163264 _____ () C:\Users\Steven\Downloads\TinyWallInstaller.msi
2014-05-28 22:03 - 2014-05-28 22:03 - 00000000 _____ () C:\windows\setuperr.log
2014-05-28 17:54 - 2013-11-02 23:15 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Winamp
2014-05-28 16:29 - 2014-05-28 16:29 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00002565 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2014-05-28 16:26 - 2014-05-28 16:26 - 00001970 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\ProgramData\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-05-28 16:26 - 2014-05-28 16:26 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-05-28 16:22 - 2014-05-28 16:22 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Downloaded Installations
2014-05-28 16:17 - 2014-05-28 16:17 - 00001085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2014-05-28 16:17 - 2014-05-28 16:17 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-05-28 16:16 - 2014-05-28 16:16 - 02469824 _____ () C:\Users\Steven\Downloads\AdobeDownloadAssistant.exe
2014-05-28 15:59 - 2014-05-28 15:59 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-28 15:59 - 2014-05-28 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-28 15:59 - 2013-11-04 04:21 - 00000000 ____D () C:\Users\Steven\AppData\Local\Google
2014-05-28 15:59 - 2013-11-04 04:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-28 15:58 - 2014-05-28 15:58 - 00918672 _____ (Google Inc.) C:\Users\Steven\Downloads\ChromeSetup.exe
2014-05-28 15:58 - 2014-05-28 15:58 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-28 15:58 - 2014-05-28 15:58 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-28 13:13 - 2014-05-28 13:13 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 13:13 - 2014-05-28 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 12:58 - 2014-05-28 12:58 - 00002291 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\Users\Steven\AppData\Local\WinZip
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-28 12:58 - 2014-05-28 12:58 - 00000000 ____D () C:\Program Files\WinZip
2014-05-28 12:58 - 2013-09-12 17:22 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-28 12:58 - 2013-04-17 10:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-05-28 12:58 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 11:19 - 2013-11-02 21:55 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-23 15:58 - 2009-07-14 07:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-21 07:16 - 2013-11-03 03:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-21 07:16 - 2013-09-12 17:19 - 00000000 ____D () C:\ProgramData\Skype
2014-05-20 20:05 - 2013-11-04 02:01 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-18 03:57 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-05-15 22:18 - 2013-12-14 23:43 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 21:19 - 2013-04-17 10:23 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 21:19 - 2013-04-17 10:23 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 16:42 - 2014-05-14 16:42 - 00000600 _____ () C:\Users\Steven\Desktop\Digitale Bibliothek 3.lnk
2014-05-13 03:21 - 2013-11-02 20:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 15:09 - 2014-05-12 15:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-12 07:26 - 2014-05-28 13:13 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 13:13 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-08 09:14 - 2014-05-29 17:59 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-08 08:37 - 2014-05-29 17:59 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-08 07:52 - 2014-05-29 17:59 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-08 07:27 - 2014-05-29 17:59 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-08 06:57 - 2014-05-29 17:59 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-08 06:04 - 2014-05-29 17:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-04 17:12 - 2014-05-29 17:48 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Steven\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp93eczc.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 22:54

==================== End Of Log ============================



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 01 June 2014 - 04:55 PM

Lets check for any leftovers now.

 

1.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.


Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.


Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

 

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 lydonst

lydonst
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 02 June 2014 - 05:04 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/06/2014
Scan Time: 08:46:22
Logfile: text.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.02.03
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steven

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260953
Time Elapsed: 6 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=f926d4a7f0a8624e9a27ee386a16aa47
# engine=18504
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-02 07:36:19
# local_time=2014-06-02 09:36:19 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 18244697 153324429 0 0
# compatibility_mode_1='ESET NOD32 Antivirus 7.0'
# compatibility_mode=8220 16777213 100 100 18276031 22692643 0 0
# scanned=148160
# found=1
# cleaned=1
# scan_time=2239
# nod_component=V3 Build:0x30000000
sh=FEB52263D83446758F5E06511D38265E6E8E5A74 ft=1 fh=7c704831d16c04b5 vn="a variant of Win32/DealPly.O potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steven\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir"
 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 02 June 2014 - 04:14 PM

Hello, lydonst.

Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

 

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 lydonst

lydonst
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 03 June 2014 - 02:44 PM

Thank you!



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 03 June 2014 - 05:47 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users