Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing cj.dotomi.com virus from c drive & all removable drives


  • This topic is locked This topic is locked
15 replies to this topic

#1 hoagie1ob

hoagie1ob

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 01 June 2014 - 10:56 AM

Last week, I started getting blank pop-up from financial/shopping websites that started with cj.dotomi.com.  I tried to disinfect myself using spybot, malwarebytes, spyhunter (bought), and ccleaner (bought).  I still couldn't get rid of it so I took my computer to GeekSquad.  Before I did so, I saved to 2 hard drives as back up (1) my Firefox bookmarks, (2) all my documents, (3) all my pictures, and (4) all my mp3's and wave files.  

 

GeekSquad was unable to clean and ended up doing to full system restore.  Once they did the full system restore, I was able to get to sites fine without cj.dotomi.com virus appearing again.  However, once I returned home, I did the following to my computer, which seems to have added cj.dotomi.com back!  

 

The change that was made between when system restore point produced no virus and when I saw it was:  (1) I downloaded and installed Firefox, Opera browser, and Chrome browsers and re-installed all the disinfectant mentioned above; (2) I downloaded f.lux; (3) I imported Firefox bookmarks from one of my back-up hard drives, (4) I opened and made some changes to excel spreadsheets that were in my back-up hard drive (I did not move them to C drive).  

 

I re-set all my homepages for all the browsers to various sites I go to -- Yahoo email, Google email, AOL email, Yahoo news, KBPS.org, wsj.com, dramafever.com, and youtube.com.  

 

I think the problem must reside with the back-up files in the hard drive, and I have suspicion that it's residing in Firefox bookmark file, which was saved as html document.  I use Kaspersky, which did not catch this.  

 

I would very much appreciate if you could help me in removing the virus from my re-infected C drive AND all my removable drives currently attached to my computer.  

Thank you!  

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041
Run by Haeji at 8:25:37 on 2014-06-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.5187 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Haeji\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mail.google.com/mail/u/0/#inbox
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [f.lux] "C:\Users\Haeji\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C8063D0C-F9A7-4BC4-89A2-FAC1C1CC23B9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C8063D0C-F9A7-4BC4-89A2-FAC1C1CC23B9}\75051445572656A7 : DHCPNameServer = 168.94.0.14 168.94.0.15
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Haeji\AppData\Roaming\Mozilla\Firefox\Profiles\mrbn9ey1.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-8 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-14 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-14 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-14 62584]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-13 203264]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-8 214512]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-13 311376]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-14 868224]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-13 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-11 257344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-5-31 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-5-31 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-5-31 171928]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-1-9 1025408]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-13 2656280]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-14 243232]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-8 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-8 29280]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-12-13 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-29 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-29 180736]
S2 CLKMSVC10_34E30CCC;CyberLink Product - 2014/05/31 10:45:23;C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [2010-11-25 254448]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2014-5-31 22704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-31 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-31 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-13 247400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-31 56832]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-31 1255736]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-5-31 115296]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-01 14:03:52 -------- d-----w- C:\Users\Haeji\AppData\Roaming\Opera Software
2014-06-01 14:03:52 -------- d-----w- C:\Users\Haeji\AppData\Local\Opera Software
2014-06-01 13:58:37 -------- d-----w- C:\Users\Haeji\AppData\Local\Google
2014-06-01 13:58:10 -------- d-----w- C:\Users\Haeji\AppData\Local\Deployment
2014-06-01 13:58:10 -------- d-----w- C:\Users\Haeji\AppData\Local\Apps
2014-06-01 13:48:23 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-01 13:36:50 -------- d-----w- C:\Program Files\CCleaner
2014-06-01 04:33:38 -------- d-----w- C:\Users\Haeji\AppData\Local\FluxSoftware
2014-06-01 04:33:07 -------- d-----w- C:\Program Files (x86)\Canon
2014-06-01 04:32:03 -------- d--h--w- C:\Windows\System32\CanonMF Uninstaller Information
2014-06-01 04:31:54 98816 ----a-w- C:\Windows\System32\CNCLSC34a.DLL
2014-06-01 04:31:54 244736 ----a-w- C:\Windows\System32\CNCLSU34a.DLL
2014-06-01 04:31:54 153600 ----a-w- C:\Windows\System32\CNCLSD34a.DLL
2014-06-01 04:31:54 124416 ----a-w- C:\Windows\System32\CNCLST34a.DLL
2014-06-01 04:31:54 109056 ----a-w- C:\Windows\System32\CNCLSI34a.DLL
2014-06-01 04:31:50 83456 ----a-w- C:\Windows\System32\CNCI4360.DLL
2014-06-01 04:31:50 49664 ----a-w- C:\Windows\System32\CNCLSO34a.dll
2014-06-01 04:31:50 142848 ----a-w- C:\Windows\System32\CNCL4360.DLL
2014-06-01 04:31:47 308736 ----a-w- C:\Windows\System32\CNCC4360.DLL
2014-06-01 04:31:41 66048 ----a-w- C:\Windows\System32\CNAS0MMK.DLL
2014-06-01 04:31:37 -------- d-----w- C:\Program Files\Canon
2014-06-01 04:23:47 -------- d-----w- C:\Users\Haeji\AppData\Local\Diagnostics
2014-06-01 04:23:07 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-06-01 04:23:02 110080 ----a-r- C:\Users\Haeji\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconF7A21AF7.exe
2014-06-01 04:23:02 110080 ----a-r- C:\Users\Haeji\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconD7F16134.exe
2014-06-01 04:23:02 110080 ----a-r- C:\Users\Haeji\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\Icon1226A4C5.exe
2014-06-01 04:23:00 -------- d-----w- C:\sh4ldr
2014-06-01 04:23:00 -------- d-----w- C:\Program Files\Enigma Software Group
2014-06-01 04:22:33 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-01 04:22:30 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-06-01 04:18:41 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-06-01 04:18:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-01 04:18:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-01 04:09:22 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-06-01 04:09:22 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-06-01 04:04:27 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-01 04:04:27 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-01 04:04:27 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-01 04:04:26 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-01 04:04:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-01 04:03:44 -------- d-----w- C:\Users\Haeji\AppData\Local\Programs
2014-06-01 03:54:53 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-06-01 03:54:25 -------- d-----w- C:\Users\Haeji\AppData\Local\Microsoft Help
2014-05-31 23:56:46 110176 ----a-w- C:\Windows\System32\klfphc.dll
2014-05-31 23:56:20 -------- d-----w- C:\Windows\ELAMBKUP
2014-05-31 23:56:17 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-05-31 23:56:17 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-05-31 23:56:13 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-05-31 23:41:44 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF657775-4B66-415F-B6EC-5CBD706D6D23}\mpengine.dll
2014-05-31 23:41:42 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-05-31 23:22:39 -------- d-sh--w- C:\Users\Haeji\AppData\Local\EmieUserList
2014-05-31 23:22:39 -------- d-sh--w- C:\Users\Haeji\AppData\Local\EmieSiteList
2014-05-31 23:07:59 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-31 23:07:57 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-05-31 23:07:54 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-31 23:07:54 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-05-31 23:07:54 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-05-31 23:07:54 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-05-31 23:07:10 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-05-31 23:07:10 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-05-31 23:07:08 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-05-31 23:07:08 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-05-31 22:33:58 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-31 22:33:58 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-31 22:25:57 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-31 22:19:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-31 22:19:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-31 22:16:14 2871808 ----a-w- C:\Windows\explorer.exe
2014-05-31 22:16:14 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-05-31 22:16:05 67072 ----a-w- C:\Windows\splwow64.exe
2014-05-31 22:16:05 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-05-31 22:14:55 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-05-31 22:14:55 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2014-05-31 22:14:54 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-05-31 22:14:52 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-05-31 22:14:52 2565632 ----a-w- C:\Windows\System32\esent.dll
2014-05-31 22:14:52 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2014-05-31 22:14:50 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-05-31 22:14:50 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-05-31 22:14:50 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-05-31 22:11:42 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-05-31 22:11:42 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-05-31 22:11:31 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-05-31 22:11:31 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-05-31 22:11:31 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-05-31 22:11:31 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-05-31 22:09:39 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-05-31 22:09:39 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-05-31 21:56:26 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-31 21:47:32 -------- d-----w- C:\Windows\System32\MRT
2014-05-31 21:31:30 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-31 21:13:12 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-05-31 21:13:12 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-05-31 21:13:12 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-05-31 21:13:11 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-05-31 21:07:49 -------- d-----w- C:\Windows\Migration
2014-05-31 21:02:34 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-05-31 21:02:34 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2014-05-31 21:01:45 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-05-31 21:01:45 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2014-05-31 21:01:45 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-05-31 21:01:45 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-05-31 21:01:45 102400 ----a-w- C:\Windows\System32\davclnt.dll
2014-05-31 21:00:52 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-05-31 21:00:52 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-05-31 21:00:52 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-05-31 21:00:52 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-05-31 21:00:52 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-05-31 21:00:51 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-05-31 21:00:08 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-05-31 20:58:46 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2014-05-31 20:58:46 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2014-05-31 20:58:07 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-05-31 20:57:21 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-05-31 20:57:21 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-05-31 20:56:40 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-05-31 20:56:40 42496 ----a-w- C:\Windows\System32\drivers\usbscan.sys
2014-05-31 20:56:40 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-05-31 20:50:50 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-05-31 20:50:50 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-05-31 20:50:10 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-05-31 20:50:10 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-05-31 20:49:23 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-05-31 20:49:23 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-05-31 20:49:23 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-05-31 20:47:13 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-05-31 20:46:41 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2014-05-31 20:46:41 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2014-05-31 20:43:41 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-05-31 20:43:41 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-05-31 20:43:03 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-05-31 20:42:31 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-05-31 20:40:02 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-05-31 20:40:02 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-05-31 20:40:02 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-05-31 20:40:02 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-05-31 20:40:01 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-05-31 20:37:02 751104 ----a-w- C:\Windows\System32\win32spl.dll
2014-05-31 20:37:02 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2014-05-31 20:36:16 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-05-31 20:36:16 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-05-31 20:36:15 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-05-31 20:36:15 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-05-31 20:35:33 111448 ----a-w- C:\Windows\System32\consent.exe
2014-05-31 20:35:30 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-05-31 20:33:32 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-05-31 20:32:32 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-05-31 20:29:13 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-05-31 20:27:59 2746368 ----a-w- C:\Windows\System32\gameux.dll
2014-05-31 20:22:53 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-05-31 20:22:53 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-05-31 20:21:37 478208 ----a-w- C:\Windows\System32\dpnet.dll
2014-05-31 20:21:37 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2014-05-31 20:20:57 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-05-31 20:20:57 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-05-31 20:20:32 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-05-31 20:20:32 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-05-31 20:20:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-05-31 20:20:32 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-05-31 20:20:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-05-31 20:20:32 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-05-31 20:20:32 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-05-31 20:20:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-05-31 20:20:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-05-31 20:20:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-05-31 20:15:12 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2014-05-31 20:15:12 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2014-05-31 20:15:12 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2014-05-31 20:15:12 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2014-05-31 20:13:26 59392 ----a-w- C:\Windows\System32\browcli.dll
2014-05-31 20:13:26 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2014-05-31 20:13:26 136704 ----a-w- C:\Windows\System32\browser.dll
2014-05-31 20:13:08 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2014-05-31 20:12:51 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2014-05-31 20:12:51 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2014-05-31 20:12:31 956928 ----a-w- C:\Windows\System32\localspl.dll
2014-05-31 20:10:57 209920 ----a-w- C:\Windows\System32\profsvc.dll
2014-05-31 20:10:41 3216384 ----a-w- C:\Windows\System32\msi.dll
2014-05-31 20:10:41 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2014-05-31 20:10:12 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-05-31 20:06:42 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-05-31 20:06:42 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-05-31 20:06:42 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-05-31 20:01:33 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2014-05-31 20:01:33 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2014-05-31 20:01:23 515584 ----a-w- C:\Windows\System32\timedate.cpl
2014-05-31 20:01:23 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2014-05-31 20:01:16 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2014-05-31 20:01:16 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2014-05-31 20:01:04 395776 ----a-w- C:\Windows\System32\webio.dll
2014-05-31 20:01:04 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2014-05-31 19:51:54 -------- d-----w- C:\Windows\SysWow64\Wat
2014-05-31 19:51:54 -------- d-----w- C:\Windows\System32\Wat
2014-05-31 19:50:53 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-31 19:50:53 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-31 19:45:57 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-05-31 19:44:45 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-05-31 19:44:45 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-31 19:44:41 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-05-31 19:44:35 484864 ----a-w- C:\Windows\System32\wer.dll
2014-05-31 19:44:35 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-05-31 19:44:29 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2014-05-31 19:44:29 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-05-31 19:43:58 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-05-31 19:43:58 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-05-31 19:43:58 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-05-31 19:43:58 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-05-31 19:41:55 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-05-31 19:40:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2014-05-31 19:40:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-05-31 19:39:51 197120 ----a-w- C:\Windows\System32\credui.dll
2014-05-31 19:39:51 1930752 ----a-w- C:\Windows\System32\authui.dll
2014-05-31 19:39:51 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2014-05-31 19:39:51 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-31 19:39:51 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2014-05-31 19:39:51 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2014-05-31 19:39:32 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-05-31 19:39:32 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-05-31 19:39:23 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2014-05-31 19:39:23 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-05-31 19:38:59 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-31 19:38:53 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-05-31 19:38:53 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-05-31 19:38:53 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-05-31 19:38:53 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-05-31 19:38:53 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-05-31 19:24:27 -------- d-----w- C:\ProgramData\Geek Squad
2014-05-31 19:13:13 -------- d-----w- C:\Windows\System32\SPReview
2014-05-31 18:51:35 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2014-05-31 18:50:49 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2014-05-31 18:50:48 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2014-05-31 18:31:56 90624 ----a-w- C:\Windows\System32\KMSVC.DLL
2014-05-31 18:30:59 12288 ----a-w- C:\Windows\SysWow64\tsbyuv.dll
2014-05-31 18:27:12 -------- d-----w- C:\Windows\System32\EventProviders
2014-05-31 18:24:07 -------- d-----w- C:\ProgramData\clear.fi
2014-05-31 18:16:24 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-05-31 18:16:24 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-05-31 18:16:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-05-31 18:11:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-31 18:11:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-31 18:11:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-31 18:11:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-31 18:08:58 -------- d-----w- C:\Users\Haeji\AppData\Roaming\Intel Corporation
2014-05-31 18:08:55 -------- d-----w- C:\Users\Haeji\AppData\Local\EgisTec IPS
2014-05-31 18:07:27 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2014-05-31 18:07:12 -------- d-----w- C:\Users\Haeji\AppData\Local\Acer
2014-05-31 18:00:12 -------- d-----w- C:\Windows\NAPP_Dism_Log
2014-05-31 17:46:37 -------- d-----w- C:\Program Files (x86)\Barnes & Noble
2014-05-31 17:43:25 -------- d-----w- C:\ProgramData\CLSK
2014-05-31 17:40:55 -------- d-----w- C:\ProgramData\NTI Launcher
2014-05-31 17:39:17 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2014-05-31 17:38:37 -------- d-----w- C:\Windows\en
2014-05-31 17:38:19 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-31 17:35:38 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-05-31 17:32:34 -------- d-----w- C:\Program Files\Synaptics
2014-05-31 17:30:27 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2014-05-31 17:25:54 -------- d-----w- C:\ProgramData\EgisTec
2014-05-31 17:25:53 -------- d---a-w- C:\book
2014-05-31 17:24:46 0 ----a-w- C:\Windows\ativpsrm.bin
2014-05-31 17:23:53 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2014-05-31 17:22:07 -------- d-----w- C:\Windows\SysWow64\RTCOM
2014-05-31 17:22:00 -------- d-----w- C:\Program Files\Realtek
2014-05-31 17:20:08 -------- d-----w- C:\Program Files\ATI
2014-05-31 17:20:07 -------- d-----w- C:\Program Files (x86)\ATI Technologies
.
==================== Find3M  ====================
.
2014-06-01 00:33:36 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2014-06-01 00:33:35 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2014-06-01 00:33:34 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-05-31 21:31:30 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-31 19:07:30 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-05-31 19:07:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH:  8:26:35.80 ===============

Attached Files


Edited by rotor123, 01 June 2014 - 11:19 AM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:09 AM

Posted 01 June 2014 - 01:42 PM

Good evening. :)

 

Have you run System Restore back to a point where your system wasn't messed up?


So long, and thanks for all the fish.

 

 


#3 hoagie1ob

hoagie1ob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 01 June 2014 - 02:11 PM

Hello Noviciate,

No, I haven't tried that since my computer got re-infected.  My computer was just clean yesterday with full system restore, which wiped everything out by Best Buy Geek Squad, so I don't think there is a point where my system could go back to.  Also, because I would be importing bookmarks and backed-up documents from my back up, removable hard drive, it seems that all my files need to be disinfected... I don't have back up files from points where my computer was infected... it seems to me that my removable hard drives also need to get disinfected if I am to recover all my back-up files...

 

Thanks much for your help! 



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:09 AM

Posted 01 June 2014 - 02:38 PM

so I don't think there is a point where my system could go back to.

Have you checked?

 

Also, because I would be importing bookmarks and backed-up documents from my back up, removable hard drive, it seems that all my files need to be disinfected... I don't have back up files from points where my computer was infected... it seems to me that my removable hard drives also need to get disinfected if I am to recover all my back-up files...

First things first. Get the computer sorted and then worry about the rest.

 

Check to see if there is a usable Restore Point before ruling it out.


So long, and thanks for all the fish.

 

 


#5 hoagie1ob

hoagie1ob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 01 June 2014 - 02:44 PM

Hello Noviciate,

There are 12 restore points upon checking. 

 

Do you want me to roll the computer back?  The last restore point is shown as 5/31/14 at 9:45:27 pm (Pacific Daylight Time) for Windows update (critical update). 

 

The one immediately before that is upon installing SpyHungert. 

The one before that is upon installing Microsoft Office Professional 2010. 

These restore points are all yesterday. 

 

Let me know if you want me to restore to last restore point? 

Thank you,



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:09 AM

Posted 01 June 2014 - 04:09 PM

Find the first Restore Point before you accessed anything that you backed-up, given that it seems likely that it was this action that caused the problem to reappear.


So long, and thanks for all the fish.

 

 


#7 hoagie1ob

hoagie1ob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 01 June 2014 - 07:50 PM

Hello,

I restored back to the point where I did not reinstall anything.  Unfortunately, I had to go back to the point where Best Buy Geek Squad did not reinstall Kaspersky Internet Security 2014 either.  Right now, it appears cj.dotomi.com issue has not resurfaced but I am also trying to resolve installing Kaspersky back on so I have firewall. 

 

I also noticed that the restore point stated the documents were not affected so dds and attach txt files are still available on the desktop.  I manually deleted program files that I saw of (1) Mozilla Firefox, (2) Opera, and (3) Google since I cannot be sure that cj.dotomi.com virus is still residing there. 

 

I tested two sites for cj.dotomi.com with Internet Explorer.  I have not tried to re-download Firefox, Chrome, and Opera to test on those browsers. 

 

I emailed Kaspersky for help in re-activating my code so that I have firewall, but wanted to respond that I did restore point to what seems to resolve the problem for now.  I may not be able to check back for a day or two while Kaspersky gets back to me. 

 

Thank you!!



#8 hoagie1ob

hoagie1ob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 02 June 2014 - 08:07 AM

Hello,

I installed Webroot and Kaspersky appears to be back up and running.  Here's the log as of this morning after running dds.  I have not installed any software I need or want to use (printer driver, Microsoft Office 2010, browsers -- Firefox, Opera, Chrome, etc.)

 

I do want to be able to use Firefox bookmarks because I go to them often... that bookmark html is still residing in my backup hard drives. 

Thank you!

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Haeji at 5:59:21 on 2014-06-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.5934 [GMT -7:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C8063D0C-F9A7-4BC4-89A2-FAC1C1CC23B9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4952A88-900A-433F-A179-42314A5BC20A} : DHCPNameServer = 192.168.1.250
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2014-6-1 114176]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-8 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-14 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-14 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-14 62584]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-13 203264]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-8 214512]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-13 311376]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-14 868224]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-13 13336]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-11 257344]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-13 2656280]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-14 243232]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2014-6-1 763512]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-8 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-8 29280]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-12-13 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-29 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-29 180736]
S2 CLKMSVC10_34E30CCC;CyberLink Product - 2014/05/31 10:45:23;C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [2010-11-25 254448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-31 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-13 247400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-31 59392]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-31 1255736]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-6-1 115296]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-02 12:46:46 -------- d-----w- C:\Users\Haeji\AppData\Roaming\Local
2014-06-02 03:15:55 10395072 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2014-06-02 03:15:46 -------- d-----w- C:\Users\Haeji\AppData\Local\lptmp407866117
2014-06-02 03:15:19 152744 ----a-w- C:\Windows\SysWow64\WRusr.dll
2014-06-02 03:15:19 114176 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2014-06-02 03:15:19 103816 ----a-w- C:\Windows\System32\WRusr.dll
2014-06-02 03:15:16 -------- d-----w- C:\Program Files\Webroot
2014-06-02 03:15:10 -------- d-----w- C:\ProgramData\WRData
2014-06-02 00:16:50 110176 ----a-w- C:\Windows\System32\klfphc.dll
2014-06-02 00:16:02 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-06-02 00:15:55 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-06-02 00:07:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-06-02 00:07:56 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{637913C2-1D92-47F2-BA08-98CAAD1EA592}\mpengine.dll
2014-06-01 14:03:52 -------- d-----w- C:\Users\Haeji\AppData\Roaming\Opera Software
2014-06-01 14:03:52 -------- d-----w- C:\Users\Haeji\AppData\Local\Opera Software
2014-06-01 13:58:37 -------- d-----w- C:\Users\Haeji\AppData\Local\Google
2014-06-01 13:58:10 -------- d-----w- C:\Users\Haeji\AppData\Local\Deployment
2014-06-01 13:58:10 -------- d-----w- C:\Users\Haeji\AppData\Local\Apps
2014-06-01 13:48:23 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-01 13:38:56 -------- d-----w- C:\Users\Haeji\AppData\Local\Mozilla
2014-06-01 13:38:47 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-01 13:36:50 -------- d-----w- C:\Program Files\CCleaner
2014-06-01 04:33:38 -------- d-----w- C:\Users\Haeji\AppData\Local\FluxSoftware
2014-06-01 04:33:07 -------- d-----w- C:\Program Files (x86)\Canon
2014-06-01 04:31:37 -------- d-----w- C:\Program Files\Canon
2014-06-01 04:23:47 -------- d-----w- C:\Users\Haeji\AppData\Local\Diagnostics
2014-06-01 04:23:07 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-06-01 04:23:00 -------- d-----w- C:\sh4ldr
2014-06-01 04:23:00 -------- d-----w- C:\Program Files\Enigma Software Group
2014-06-01 04:22:33 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-01 04:18:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-01 04:18:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-01 04:04:26 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-01 04:04:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-01 04:03:44 -------- d-----w- C:\Users\Haeji\AppData\Local\Programs
2014-06-01 03:54:53 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-06-01 03:54:25 -------- d-----w- C:\Users\Haeji\AppData\Local\Microsoft Help
2014-05-31 23:56:20 -------- d-----w- C:\Windows\ELAMBKUP
2014-05-31 23:56:17 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-05-31 23:22:39 -------- d-sh--w- C:\Users\Haeji\AppData\Local\EmieUserList
2014-05-31 23:22:39 -------- d-sh--w- C:\Users\Haeji\AppData\Local\EmieSiteList
2014-05-31 22:33:58 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-31 22:33:58 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-31 22:25:57 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-31 22:19:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-31 22:19:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-31 22:16:14 2871808 ----a-w- C:\Windows\explorer.exe
2014-05-31 22:16:14 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-05-31 22:16:05 67072 ----a-w- C:\Windows\splwow64.exe
2014-05-31 22:16:05 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-05-31 22:14:55 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-05-31 22:14:55 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2014-05-31 22:14:54 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-05-31 22:14:52 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-05-31 22:14:52 2565632 ----a-w- C:\Windows\System32\esent.dll
2014-05-31 22:14:52 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2014-05-31 22:14:50 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-05-31 22:14:50 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-05-31 22:14:50 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-05-31 22:11:42 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-05-31 22:11:42 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-05-31 22:11:31 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-05-31 22:11:31 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-05-31 22:11:31 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-05-31 22:11:31 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-05-31 22:09:39 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-05-31 22:09:39 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-05-31 21:56:26 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-31 21:47:32 -------- d-----w- C:\Windows\System32\MRT
2014-05-31 21:31:30 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-31 21:13:12 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-05-31 21:13:12 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-05-31 21:13:12 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-05-31 21:13:11 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-05-31 21:07:49 -------- d-----w- C:\Windows\Migration
2014-05-31 21:02:34 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-05-31 21:02:34 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2014-05-31 21:01:45 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-05-31 21:01:45 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2014-05-31 21:01:45 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-05-31 21:01:45 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-05-31 21:01:45 102400 ----a-w- C:\Windows\System32\davclnt.dll
2014-05-31 21:00:52 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-05-31 21:00:52 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-05-31 21:00:52 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-05-31 21:00:52 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-05-31 21:00:52 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-05-31 21:00:51 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-05-31 21:00:08 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-05-31 20:58:46 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2014-05-31 20:58:46 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2014-05-31 20:58:07 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-05-31 20:57:21 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-05-31 20:57:21 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-05-31 20:56:40 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-05-31 20:56:40 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-05-31 20:50:50 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-05-31 20:50:50 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-05-31 20:50:10 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-05-31 20:50:10 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-05-31 20:49:23 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-05-31 20:49:23 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-05-31 20:49:23 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-05-31 20:47:13 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-05-31 20:46:41 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2014-05-31 20:46:41 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2014-05-31 20:43:41 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-05-31 20:43:41 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-05-31 20:43:03 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-05-31 20:42:31 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-05-31 20:40:02 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-05-31 20:40:02 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-05-31 20:40:02 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-05-31 20:40:02 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-05-31 20:40:01 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-05-31 20:37:02 751104 ----a-w- C:\Windows\System32\win32spl.dll
2014-05-31 20:37:02 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2014-05-31 20:36:16 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-05-31 20:36:16 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-05-31 20:36:15 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-05-31 20:36:15 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-05-31 20:35:33 111448 ----a-w- C:\Windows\System32\consent.exe
2014-05-31 20:35:30 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-05-31 20:33:59 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-05-31 20:33:59 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-05-31 20:33:59 158720 ----a-w- C:\Windows\System32\aaclient.dll
2014-05-31 20:33:59 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-05-31 20:33:57 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-05-31 20:33:56 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2014-05-31 20:33:32 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-05-31 20:32:32 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-05-31 20:29:13 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-05-31 20:27:59 2746368 ----a-w- C:\Windows\System32\gameux.dll
2014-05-31 20:22:53 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-05-31 20:22:53 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-05-31 20:21:37 478208 ----a-w- C:\Windows\System32\dpnet.dll
2014-05-31 20:21:37 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2014-05-31 20:20:57 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-05-31 20:20:57 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-05-31 20:20:32 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-05-31 20:20:32 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-05-31 20:20:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-05-31 20:20:32 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-05-31 20:20:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-05-31 20:20:32 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-05-31 20:20:32 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-05-31 20:20:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-05-31 20:20:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-05-31 20:20:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-05-31 20:15:12 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2014-05-31 20:15:12 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2014-05-31 20:15:12 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2014-05-31 20:15:12 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2014-05-31 20:13:26 59392 ----a-w- C:\Windows\System32\browcli.dll
2014-05-31 20:13:26 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2014-05-31 20:13:26 136704 ----a-w- C:\Windows\System32\browser.dll
2014-05-31 20:13:08 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2014-05-31 20:12:51 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2014-05-31 20:12:51 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2014-05-31 20:12:31 956928 ----a-w- C:\Windows\System32\localspl.dll
2014-05-31 20:10:57 209920 ----a-w- C:\Windows\System32\profsvc.dll
2014-05-31 20:10:41 3216384 ----a-w- C:\Windows\System32\msi.dll
2014-05-31 20:10:41 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2014-05-31 20:10:12 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-05-31 20:06:42 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-05-31 20:06:42 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-05-31 20:06:42 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-05-31 20:01:33 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2014-05-31 20:01:33 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2014-05-31 20:01:23 515584 ----a-w- C:\Windows\System32\timedate.cpl
2014-05-31 20:01:23 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2014-05-31 20:01:16 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2014-05-31 20:01:16 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2014-05-31 20:01:04 395776 ----a-w- C:\Windows\System32\webio.dll
2014-05-31 20:01:04 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2014-05-31 19:51:54 -------- d-----w- C:\Windows\SysWow64\Wat
2014-05-31 19:51:54 -------- d-----w- C:\Windows\System32\Wat
2014-05-31 19:50:53 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-31 19:50:53 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-31 19:45:57 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-05-31 19:44:45 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-05-31 19:44:45 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-31 19:44:41 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-05-31 19:44:35 484864 ----a-w- C:\Windows\System32\wer.dll
2014-05-31 19:44:35 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-05-31 19:44:29 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2014-05-31 19:44:29 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-05-31 19:43:58 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-05-31 19:43:58 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-05-31 19:43:58 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-05-31 19:43:58 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-05-31 19:41:55 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-05-31 19:40:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2014-05-31 19:40:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-05-31 19:39:51 197120 ----a-w- C:\Windows\System32\credui.dll
2014-05-31 19:39:51 1930752 ----a-w- C:\Windows\System32\authui.dll
2014-05-31 19:39:51 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2014-05-31 19:39:51 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-31 19:39:51 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2014-05-31 19:39:51 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2014-05-31 19:39:32 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-05-31 19:39:32 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-05-31 19:39:23 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2014-05-31 19:39:23 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-05-31 19:38:59 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-31 19:38:53 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-05-31 19:38:53 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-05-31 19:38:53 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-05-31 19:38:53 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-05-31 19:38:53 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-05-31 19:24:27 -------- d-----w- C:\ProgramData\Geek Squad
2014-05-31 19:13:13 -------- d-----w- C:\Windows\System32\SPReview
2014-05-31 18:51:35 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2014-05-31 18:51:33 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-05-31 18:50:49 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2014-05-31 18:50:48 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2014-05-31 18:31:56 90624 ----a-w- C:\Windows\System32\KMSVC.DLL
2014-05-31 18:30:59 12288 ----a-w- C:\Windows\SysWow64\tsbyuv.dll
2014-05-31 18:27:12 -------- d-----w- C:\Windows\System32\EventProviders
2014-05-31 18:24:07 -------- d-----w- C:\ProgramData\clear.fi
2014-05-31 18:16:24 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-05-31 18:16:24 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-05-31 18:16:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-05-31 18:11:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-31 18:11:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-31 18:11:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-31 18:11:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-31 18:08:58 -------- d-----w- C:\Users\Haeji\AppData\Roaming\Intel Corporation
2014-05-31 18:08:55 -------- d-----w- C:\Users\Haeji\AppData\Local\EgisTec IPS
2014-05-31 18:07:37 -------- d-----w- C:\Program Files (x86)\OEM
2014-05-31 18:07:27 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2014-05-31 18:07:13 -------- d-----w- C:\Program Files (x86)\Times Reader
2014-05-31 18:07:12 -------- d-----w- C:\Users\Haeji\AppData\Local\Acer
2014-05-31 18:00:12 -------- d-----w- C:\Windows\NAPP_Dism_Log
2014-05-31 17:46:37 -------- d-----w- C:\Program Files (x86)\Barnes & Noble
2014-05-31 17:43:25 -------- d-----w- C:\ProgramData\CLSK
2014-05-31 17:40:55 -------- d-----w- C:\ProgramData\NTI Launcher
2014-05-31 17:39:17 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2014-05-31 17:38:37 -------- d-----w- C:\Windows\en
2014-05-31 17:38:19 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-31 17:35:38 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-05-31 17:32:34 -------- d-----w- C:\Program Files\Synaptics
2014-05-31 17:30:27 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2014-05-31 17:25:54 -------- d-----w- C:\ProgramData\EgisTec
2014-05-31 17:25:53 -------- d---a-w- C:\book
2014-05-31 17:24:46 0 ----a-w- C:\Windows\ativpsrm.bin
2014-05-31 17:23:53 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2014-05-31 17:22:07 -------- d-----w- C:\Windows\SysWow64\RTCOM
2014-05-31 17:22:00 -------- d-----w- C:\Program Files\Realtek
2014-05-31 17:20:08 -------- d-----w- C:\Program Files\ATI
2014-05-31 17:20:07 -------- d-----w- C:\Program Files (x86)\ATI Technologies
.
==================== Find3M  ====================
.
2014-06-02 03:27:50 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2014-06-02 03:27:50 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2014-06-02 03:27:49 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-05-31 21:31:30 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-31 19:07:30 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-05-31 19:07:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH:  6:03:10.19 ===============
 



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:09 AM

Posted 02 June 2014 - 11:36 AM

Good evening. :)

Before you reinstall Firefox you need to delete the following folders, if they exist:

 

C:\Program files\Mozilla Firefox
C:\Program Files (x86)\Mozilla Firefox

C:\Documents and Settings\<username>\Local Settings\Application Data\Mozilla\Firefox
C:\Users\<username>\AppData\Local\Mozilla\Firefox
C:\Users\<username>\AppData\Local\VirtualStore\Program Files\Mozilla Firefox

 

This will ensure that nothing remains of the previous installation.

 

Make sure you download a fresh installation file rather than use one from the infected drive, just i case.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

You'll need to tell me how you backed-up your bookmarks - what application you used, assuming you used one.

 


So long, and thanks for all the fish.

 

 


#10 hoagie1ob

hoagie1ob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 02 June 2014 - 08:24 PM

Hmmm.  Well, I had already deleted the first 2 files you mentioned but there was another file called "Mozilla Maintenance Service" file in C drive that I did not see before.  I just deleted that.  My computer does not seem to have last 3 files you mentioned. 

 

I downloaded Mozilla Firefox file to desktop to install, and got it installed after 2nd try (Firefox stopped responding during the "installation" phase the first time I tried to open the .exe file). 

 

I used Mozilla Firefox in order to create the backed-up bookmarks.  In the bookmark section of Firefox, if you open all (ctrl+shift+B), then there is a button for importing and exporting bookmarks.  I created through the "export" function to create a backed-up bookmark file, which is an html file. 

 

Below are logs from dds run again..

Thank you!!

 

 

--------------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Haeji at 18:20:27 on 2014-06-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.6209 [GMT -7:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Haeji\Desktop\Firefox Setup Stub 29.0.1.exe
C:\Users\Haeji\AppData\Local\Temp\7zS56C7.tmp\setup-stub.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C8063D0C-F9A7-4BC4-89A2-FAC1C1CC23B9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4952A88-900A-433F-A179-42314A5BC20A} : DHCPNameServer = 192.168.1.250
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Haeji\AppData\Roaming\Mozilla\Firefox\Profiles\1tlzwr5z.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2014-6-1 114176]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-8 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-14 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-14 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-14 62584]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-13 203264]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-8 214512]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-13 311376]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-14 868224]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-13 13336]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-11 257344]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-13 2656280]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-14 243232]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2014-6-1 763512]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-8 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-8 29280]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-12-13 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-29 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-29 180736]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 CLKMSVC10_34E30CCC;CyberLink Product - 2014/05/31 10:45:23;C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [2010-11-25 254448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-31 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-13 247400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-31 59392]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-31 1255736]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-6-1 115296]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-03 01:18:28 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-06-03 01:18:20 275568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\to_be_deleted\nsy9093.tmp
2014-06-03 01:03:51 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{637913C2-1D92-47F2-BA08-98CAAD1EA592}\offreg.dll
2014-06-02 12:46:46 -------- d-----w- C:\Users\Haeji\AppData\Roaming\Local
2014-06-02 03:15:55 10395072 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2014-06-02 03:15:46 -------- d-----w- C:\Users\Haeji\AppData\Local\lptmp407866117
2014-06-02 03:15:19 152744 ----a-w- C:\Windows\SysWow64\WRusr.dll
2014-06-02 03:15:19 114176 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2014-06-02 03:15:19 103816 ----a-w- C:\Windows\System32\WRusr.dll
2014-06-02 03:15:16 -------- d-----w- C:\Program Files\Webroot
2014-06-02 03:15:10 -------- d-----w- C:\ProgramData\WRData
2014-06-02 00:16:50 110176 ----a-w- C:\Windows\System32\klfphc.dll
2014-06-02 00:16:02 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-06-02 00:15:55 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-06-02 00:07:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-06-02 00:07:56 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{637913C2-1D92-47F2-BA08-98CAAD1EA592}\mpengine.dll
2014-06-01 14:03:52 -------- d-----w- C:\Users\Haeji\AppData\Roaming\Opera Software
2014-06-01 14:03:52 -------- d-----w- C:\Users\Haeji\AppData\Local\Opera Software
2014-06-01 13:58:37 -------- d-----w- C:\Users\Haeji\AppData\Local\Google
2014-06-01 13:58:10 -------- d-----w- C:\Users\Haeji\AppData\Local\Deployment
2014-06-01 13:58:10 -------- d-----w- C:\Users\Haeji\AppData\Local\Apps
2014-06-01 13:48:23 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-01 13:38:56 -------- d-----w- C:\Users\Haeji\AppData\Local\Mozilla
2014-06-01 13:36:50 -------- d-----w- C:\Program Files\CCleaner
2014-06-01 04:33:38 -------- d-----w- C:\Users\Haeji\AppData\Local\FluxSoftware
2014-06-01 04:33:07 -------- d-----w- C:\Program Files (x86)\Canon
2014-06-01 04:31:37 -------- d-----w- C:\Program Files\Canon
2014-06-01 04:23:47 -------- d-----w- C:\Users\Haeji\AppData\Local\Diagnostics
2014-06-01 04:23:07 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-06-01 04:23:00 -------- d-----w- C:\sh4ldr
2014-06-01 04:23:00 -------- d-----w- C:\Program Files\Enigma Software Group
2014-06-01 04:22:33 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-01 04:18:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-01 04:18:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-01 04:04:26 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-01 04:04:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-01 04:03:44 -------- d-----w- C:\Users\Haeji\AppData\Local\Programs
2014-06-01 03:54:53 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-06-01 03:54:25 -------- d-----w- C:\Users\Haeji\AppData\Local\Microsoft Help
2014-05-31 23:56:20 -------- d-----w- C:\Windows\ELAMBKUP
2014-05-31 23:56:17 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-05-31 23:22:39 -------- d-sh--w- C:\Users\Haeji\AppData\Local\EmieUserList
2014-05-31 23:22:39 -------- d-sh--w- C:\Users\Haeji\AppData\Local\EmieSiteList
2014-05-31 22:33:58 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-31 22:33:58 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-31 22:25:57 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-31 22:19:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-31 22:19:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-31 22:16:14 2871808 ----a-w- C:\Windows\explorer.exe
2014-05-31 22:16:14 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-05-31 22:16:05 67072 ----a-w- C:\Windows\splwow64.exe
2014-05-31 22:16:05 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-05-31 22:14:55 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-05-31 22:14:55 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2014-05-31 22:14:54 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-05-31 22:14:52 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-05-31 22:14:52 2565632 ----a-w- C:\Windows\System32\esent.dll
2014-05-31 22:14:52 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2014-05-31 22:14:50 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-05-31 22:14:50 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-05-31 22:14:50 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-05-31 22:11:42 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-05-31 22:11:42 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-05-31 22:11:31 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-05-31 22:11:31 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-05-31 22:11:31 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-05-31 22:11:31 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-05-31 22:09:39 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-05-31 22:09:39 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-05-31 21:56:26 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-31 21:47:32 -------- d-----w- C:\Windows\System32\MRT
2014-05-31 21:31:30 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-31 21:13:12 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-05-31 21:13:12 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-05-31 21:13:12 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-05-31 21:13:11 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-05-31 21:07:49 -------- d-----w- C:\Windows\Migration
2014-05-31 21:02:34 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-05-31 21:02:34 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2014-05-31 21:01:45 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-05-31 21:01:45 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2014-05-31 21:01:45 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-05-31 21:01:45 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-05-31 21:01:45 102400 ----a-w- C:\Windows\System32\davclnt.dll
2014-05-31 21:00:52 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-05-31 21:00:52 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-05-31 21:00:52 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-05-31 21:00:52 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-05-31 21:00:52 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-05-31 21:00:51 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-05-31 21:00:08 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-05-31 20:58:46 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2014-05-31 20:58:46 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2014-05-31 20:58:07 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-05-31 20:57:21 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-05-31 20:57:21 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-05-31 20:56:40 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-05-31 20:56:40 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-05-31 20:50:50 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-05-31 20:50:50 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-05-31 20:50:10 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-05-31 20:50:10 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-05-31 20:49:23 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-05-31 20:49:23 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-05-31 20:49:23 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-05-31 20:47:13 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-05-31 20:46:41 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2014-05-31 20:46:41 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2014-05-31 20:43:41 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-05-31 20:43:41 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-05-31 20:43:03 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-05-31 20:42:31 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-05-31 20:40:02 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-05-31 20:40:02 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-05-31 20:40:02 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-05-31 20:40:02 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-05-31 20:40:01 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-05-31 20:37:02 751104 ----a-w- C:\Windows\System32\win32spl.dll
2014-05-31 20:37:02 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2014-05-31 20:36:16 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-05-31 20:36:16 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-05-31 20:36:15 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-05-31 20:36:15 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-05-31 20:35:33 111448 ----a-w- C:\Windows\System32\consent.exe
2014-05-31 20:35:30 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-05-31 20:33:59 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-05-31 20:33:59 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-05-31 20:33:59 158720 ----a-w- C:\Windows\System32\aaclient.dll
2014-05-31 20:33:59 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-05-31 20:33:57 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-05-31 20:33:56 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2014-05-31 20:33:32 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-05-31 20:32:32 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-05-31 20:29:13 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-05-31 20:27:59 2746368 ----a-w- C:\Windows\System32\gameux.dll
2014-05-31 20:22:53 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-05-31 20:22:53 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-05-31 20:21:37 478208 ----a-w- C:\Windows\System32\dpnet.dll
2014-05-31 20:21:37 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2014-05-31 20:20:57 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-05-31 20:20:57 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-05-31 20:20:32 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-05-31 20:20:32 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-05-31 20:20:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-05-31 20:20:32 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-05-31 20:20:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-05-31 20:20:32 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-05-31 20:20:32 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-05-31 20:20:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-05-31 20:20:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-05-31 20:20:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-05-31 20:15:12 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2014-05-31 20:15:12 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2014-05-31 20:15:12 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2014-05-31 20:15:12 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2014-05-31 20:13:26 59392 ----a-w- C:\Windows\System32\browcli.dll
2014-05-31 20:13:26 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2014-05-31 20:13:26 136704 ----a-w- C:\Windows\System32\browser.dll
2014-05-31 20:13:08 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2014-05-31 20:12:51 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2014-05-31 20:12:51 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2014-05-31 20:12:31 956928 ----a-w- C:\Windows\System32\localspl.dll
2014-05-31 20:10:57 209920 ----a-w- C:\Windows\System32\profsvc.dll
2014-05-31 20:10:41 3216384 ----a-w- C:\Windows\System32\msi.dll
2014-05-31 20:10:41 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2014-05-31 20:10:12 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-05-31 20:06:42 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-05-31 20:06:42 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-05-31 20:06:42 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-05-31 20:01:33 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2014-05-31 20:01:33 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2014-05-31 20:01:23 515584 ----a-w- C:\Windows\System32\timedate.cpl
2014-05-31 20:01:23 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2014-05-31 20:01:16 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2014-05-31 20:01:16 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2014-05-31 20:01:04 395776 ----a-w- C:\Windows\System32\webio.dll
2014-05-31 20:01:04 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2014-05-31 19:51:54 -------- d-----w- C:\Windows\SysWow64\Wat
2014-05-31 19:51:54 -------- d-----w- C:\Windows\System32\Wat
2014-05-31 19:50:53 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-31 19:50:53 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-31 19:45:57 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-05-31 19:44:45 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-05-31 19:44:45 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-31 19:44:41 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-05-31 19:44:35 484864 ----a-w- C:\Windows\System32\wer.dll
2014-05-31 19:44:35 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-05-31 19:44:29 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2014-05-31 19:44:29 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-05-31 19:43:58 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-05-31 19:43:58 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-05-31 19:43:58 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-05-31 19:43:58 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-05-31 19:41:55 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-05-31 19:40:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2014-05-31 19:40:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-05-31 19:39:51 197120 ----a-w- C:\Windows\System32\credui.dll
2014-05-31 19:39:51 1930752 ----a-w- C:\Windows\System32\authui.dll
2014-05-31 19:39:51 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2014-05-31 19:39:51 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-31 19:39:51 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2014-05-31 19:39:51 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2014-05-31 19:39:32 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-05-31 19:39:32 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-05-31 19:39:23 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2014-05-31 19:39:23 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-05-31 19:38:59 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-31 19:38:53 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-05-31 19:38:53 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-05-31 19:38:53 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-05-31 19:38:53 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-05-31 19:38:53 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-05-31 19:24:27 -------- d-----w- C:\ProgramData\Geek Squad
2014-05-31 19:13:13 -------- d-----w- C:\Windows\System32\SPReview
2014-05-31 18:51:35 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2014-05-31 18:51:33 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-05-31 18:50:49 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2014-05-31 18:50:48 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2014-05-31 18:31:56 90624 ----a-w- C:\Windows\System32\KMSVC.DLL
2014-05-31 18:30:59 12288 ----a-w- C:\Windows\SysWow64\tsbyuv.dll
2014-05-31 18:27:12 -------- d-----w- C:\Windows\System32\EventProviders
2014-05-31 18:24:07 -------- d-----w- C:\ProgramData\clear.fi
2014-05-31 18:16:24 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-05-31 18:16:24 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-05-31 18:16:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-05-31 18:11:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-31 18:11:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-31 18:11:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-31 18:11:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-31 18:08:58 -------- d-----w- C:\Users\Haeji\AppData\Roaming\Intel Corporation
2014-05-31 18:08:55 -------- d-----w- C:\Users\Haeji\AppData\Local\EgisTec IPS
2014-05-31 18:07:37 -------- d-----w- C:\Program Files (x86)\OEM
2014-05-31 18:07:27 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2014-05-31 18:07:13 -------- d-----w- C:\Program Files (x86)\Times Reader
2014-05-31 18:07:12 -------- d-----w- C:\Users\Haeji\AppData\Local\Acer
2014-05-31 18:00:12 -------- d-----w- C:\Windows\NAPP_Dism_Log
2014-05-31 17:46:37 -------- d-----w- C:\Program Files (x86)\Barnes & Noble
2014-05-31 17:43:25 -------- d-----w- C:\ProgramData\CLSK
2014-05-31 17:40:55 -------- d-----w- C:\ProgramData\NTI Launcher
2014-05-31 17:39:17 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2014-05-31 17:38:37 -------- d-----w- C:\Windows\en
2014-05-31 17:38:19 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-31 17:35:38 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-05-31 17:32:34 -------- d-----w- C:\Program Files\Synaptics
2014-05-31 17:30:27 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2014-05-31 17:25:54 -------- d-----w- C:\ProgramData\EgisTec
2014-05-31 17:25:53 -------- d---a-w- C:\book
2014-05-31 17:24:46 0 ----a-w- C:\Windows\ativpsrm.bin
2014-05-31 17:23:53 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2014-05-31 17:22:07 -------- d-----w- C:\Windows\SysWow64\RTCOM
2014-05-31 17:22:00 -------- d-----w- C:\Program Files\Realtek
2014-05-31 17:20:08 -------- d-----w- C:\Program Files\ATI
2014-05-31 17:20:07 -------- d-----w- C:\Program Files (x86)\ATI Technologies
.
==================== Find3M  ====================
.
2014-06-02 03:27:50 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2014-06-02 03:27:50 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2014-06-02 03:27:49 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-05-31 21:31:30 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-31 19:07:30 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-05-31 19:07:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 18:21:15.32 ===============

 

 



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:09 AM

Posted 03 June 2014 - 11:34 AM

Good evening. :)

I don't see that importing a bookmark file will cause your PC to become infected, but clicking a link to a site that houses an infection could very well do so. This isn't something that I can do anything about - you will have to try to only use the links that you can trust, and hope that you don't pick a wrong 'un.

 

I suggest that you connect the drive to your PC and have your anti-virus scan it before you do anything else. Then transfer the bookmarks over, import them and go to a few trusted sites that way. If all goes well you can then move some other files over. Each step you take where all goes well will tell you that this part wasn't responsible for the infection returning.

 

You also need to be careful what programs you install as some will come with bundled surprises - even legitimate applications can offer unwanted software if you aren't cautious.


So long, and thanks for all the fish.

 

 


#12 hoagie1ob

hoagie1ob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 03 June 2014 - 11:56 AM

OK I will try to import bookmark when I get home tonight from work and post the result. If you don't mind keeping the thread open until I can figure out whether bookmark file is infected or not, I would appreciate it. Thank you! =)

#13 hoagie1ob

hoagie1ob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 04 June 2014 - 08:09 AM

Hello,

I did as you instructed, and so far, it doesn't look like the virus is back!  I have a site I am wondering if that's the infected one but I cannot tell.  Can you tell?  It is:  www.fillaseatsandiego.com.

 

Just so you know, I downloaded Firefox, Chrome, and Opera.  I have my homepages set as Yahoo mail, gmail, live email, hotmail, Yahoo news, LA times, wsj.com, dramafever.com, and youtube.  So far, everything is ok.  I also downloaded and installed all the spyware/malware I mentioned before -- Spyhunter, Spybot, Malwarebytes, and CCleaner.  I also downloaded and installed f.lux.  I also added WOT (Web of Trust) as add on extension for all the browsers.  It seems for the fililaseatsandiego.com, it could not tell if it was safe or not, which leads me to wonder if that's the site I visited that was infected -- it is one of my bookmarked sites. 

 

I have not yet moved any of my backed-up files into my C drive.  I am thinking of keeping them in my removable drives.  BUT I did set my desktop picture as picture from a folder in one of the removable hard drive, and my screen saver from that folder as well.  So far, it doesn't seem that the virus has infected. 

 

Below is DDS text file.  Thank you very much!  And if you have ability to tell if one site I suspect is infected, I would appreciate knowing.  I have subscription with them and would tell them that they need to fix the site. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Haeji at 6:06:35 on 2014-06-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.4849 [GMT -7:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Users\Haeji\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mail.google.com/mail/u/0/?pli=1#inbox
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [f.lux] "C:\Users\Haeji\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C8063D0C-F9A7-4BC4-89A2-FAC1C1CC23B9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4952A88-900A-433F-A179-42314A5BC20A} : DHCPNameServer = 192.168.1.250
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Haeji\AppData\Roaming\Mozilla\Firefox\Profiles\1tlzwr5z.default\
FF - prefs.js: browser.startup.homepage - hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=52junr7sah8qv|https://mail.google.com/mail/u/0/#inbox|https://bay174.mail.live.com/default.aspx?id=64855|https://my.yahoo.com/|http://news.yahoo.com/|http://www.kusc.org/|http://www.latimes.com/|http://online.wsj.com/home-page?cb=logged0.938989207804875|http://www.kpbs.org/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2014-6-1 114176]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-8 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-14 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-14 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-14 62584]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-13 203264]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-8 214512]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-13 311376]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-14 868224]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-13 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-11 257344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-3 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-3 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-3 171928]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-1-9 1025408]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-13 2656280]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-14 243232]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2014-6-1 763512]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-8 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-8 29280]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-12-13 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-29 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-29 180736]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 CLKMSVC10_34E30CCC;CyberLink Product - 2014/05/31 10:45:23;C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [2010-11-25 254448]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2014-6-3 22704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-31 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\7D290D35.sys [2014-6-3 122584]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-13 247400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-31 59392]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-31 1255736]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-6-1 115296]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-04 02:54:25    --------    d-----w-    C:\Program Files (x86)\Canon
2014-06-04 02:52:58    --------    d--h--w-    C:\Windows\System32\CanonMF Uninstaller Information
2014-06-04 02:52:53    66048    ----a-w-    C:\Windows\System32\CNAS0MMK.DLL
2014-06-04 02:52:50    98816    ----a-w-    C:\Windows\System32\CNCLSC34a.DLL
2014-06-04 02:52:50    244736    ----a-w-    C:\Windows\System32\CNCLSU34a.DLL
2014-06-04 02:52:50    153600    ----a-w-    C:\Windows\System32\CNCLSD34a.DLL
2014-06-04 02:52:50    124416    ----a-w-    C:\Windows\System32\CNCLST34a.DLL
2014-06-04 02:52:50    109056    ----a-w-    C:\Windows\System32\CNCLSI34a.DLL
2014-06-04 02:52:49    83456    ----a-w-    C:\Windows\System32\CNCI4360.DLL
2014-06-04 02:52:49    49664    ----a-w-    C:\Windows\System32\CNCLSO34a.dll
2014-06-04 02:52:49    142848    ----a-w-    C:\Windows\System32\CNCL4360.DLL
2014-06-04 02:52:48    308736    ----a-w-    C:\Windows\System32\CNCC4360.DLL
2014-06-04 02:30:45    22704    ----a-w-    C:\Windows\System32\drivers\EsgScanner.sys
2014-06-04 02:30:39    110080    ----a-r-    C:\Users\Haeji\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconF7A21AF7.exe
2014-06-04 02:30:39    110080    ----a-r-    C:\Users\Haeji\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconD7F16134.exe
2014-06-04 02:30:39    110080    ----a-r-    C:\Users\Haeji\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\Icon1226A4C5.exe
2014-06-04 02:29:46    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-06-04 02:22:04    --------    d-----w-    C:\Program Files\WOT
2014-06-04 02:22:04    --------    d-----w-    C:\Program Files (x86)\WOT
2014-06-04 01:55:07    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2014-06-04 01:55:02    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-04 01:10:16    122584    ----a-w-    C:\Windows\System32\drivers\7D290D35.sys
2014-06-04 01:09:35    122584    ----a-w-    C:\Windows\System32\drivers\48230029.sys
2014-06-04 01:08:01    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-04 01:07:41    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-04 01:07:41    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-06-04 01:07:41    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-06-04 01:07:41    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 01:02:26    --------    d-----w-    C:\Users\Haeji\AppData\Local\Macromedia
2014-06-04 00:13:46    10702536    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-06-04 00:13:44    10702536    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{44CF4A36-1452-4E05-9E0A-E3B555150EEC}\mpengine.dll
2014-06-03 01:18:28    46704    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-06-02 12:46:46    --------    d-----w-    C:\Users\Haeji\AppData\Roaming\Local
2014-06-02 03:15:55    10395072    ----a-w-    C:\Program Files (x86)\Common Files\wruninstall.exe
2014-06-02 03:15:46    --------    d-----w-    C:\Users\Haeji\AppData\Local\lptmp407866117
2014-06-02 03:15:19    152744    ----a-w-    C:\Windows\SysWow64\WRusr.dll
2014-06-02 03:15:19    114176    ----a-w-    C:\Windows\System32\drivers\WRkrn.sys
2014-06-02 03:15:19    103816    ----a-w-    C:\Windows\System32\WRusr.dll
2014-06-02 03:15:16    --------    d-----w-    C:\Program Files\Webroot
2014-06-02 03:15:10    --------    d-----w-    C:\ProgramData\WRData
2014-06-02 00:16:50    110176    ----a-w-    C:\Windows\System32\klfphc.dll
2014-06-02 00:16:02    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2014-06-02 00:15:55    115296    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2014-06-02 00:07:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-06-01 14:03:52    --------    d-----w-    C:\Users\Haeji\AppData\Roaming\Opera Software
2014-06-01 14:03:52    --------    d-----w-    C:\Users\Haeji\AppData\Local\Opera Software
2014-06-01 13:58:37    --------    d-----w-    C:\Users\Haeji\AppData\Local\Google
2014-06-01 13:58:10    --------    d-----w-    C:\Users\Haeji\AppData\Local\Deployment
2014-06-01 13:58:10    --------    d-----w-    C:\Users\Haeji\AppData\Local\Apps
2014-06-01 13:48:23    163504    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-01 13:38:56    --------    d-----w-    C:\Users\Haeji\AppData\Local\Mozilla
2014-06-01 13:36:50    --------    d-----w-    C:\Program Files\CCleaner
2014-06-01 04:33:38    --------    d-----w-    C:\Users\Haeji\AppData\Local\FluxSoftware
2014-06-01 04:31:37    --------    d-----w-    C:\Program Files\Canon
2014-06-01 04:23:47    --------    d-----w-    C:\Users\Haeji\AppData\Local\Diagnostics
2014-06-01 04:23:00    --------    d-----w-    C:\sh4ldr
2014-06-01 04:23:00    --------    d-----w-    C:\Program Files\Enigma Software Group
2014-06-01 04:22:33    --------    d-----w-    C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-01 04:18:40    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-06-01 04:04:26    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-06-01 04:03:44    --------    d-----w-    C:\Users\Haeji\AppData\Local\Programs
2014-06-01 03:54:53    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2014-06-01 03:54:25    --------    d-----w-    C:\Users\Haeji\AppData\Local\Microsoft Help
2014-05-31 23:56:20    --------    d-----w-    C:\Windows\ELAMBKUP
2014-05-31 23:56:17    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-05-31 23:22:39    --------    d-sh--w-    C:\Users\Haeji\AppData\Local\EmieUserList
2014-05-31 23:22:39    --------    d-sh--w-    C:\Users\Haeji\AppData\Local\EmieSiteList
2014-05-31 22:33:58    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-31 22:33:58    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-31 22:25:57    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-31 22:19:37    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-31 22:19:37    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-31 22:16:14    2871808    ----a-w-    C:\Windows\explorer.exe
2014-05-31 22:16:14    2616320    ----a-w-    C:\Windows\SysWow64\explorer.exe
2014-05-31 22:16:05    67072    ----a-w-    C:\Windows\splwow64.exe
2014-05-31 22:16:05    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2014-05-31 22:14:55    96768    ----a-w-    C:\Windows\System32\fsutil.exe
2014-05-31 22:14:55    74240    ----a-w-    C:\Windows\SysWow64\fsutil.exe
2014-05-31 22:14:54    107904    ----a-w-    C:\Windows\System32\drivers\amdsata.sys
2014-05-31 22:14:52    27008    ----a-w-    C:\Windows\System32\drivers\amdxata.sys
2014-05-31 22:14:52    2565632    ----a-w-    C:\Windows\System32\esent.dll
2014-05-31 22:14:52    1699328    ----a-w-    C:\Windows\SysWow64\esent.dll
2014-05-31 22:14:50    410496    ----a-w-    C:\Windows\System32\drivers\iaStorV.sys
2014-05-31 22:14:50    166272    ----a-w-    C:\Windows\System32\drivers\nvstor.sys
2014-05-31 22:14:50    148352    ----a-w-    C:\Windows\System32\drivers\nvraid.sys
2014-05-31 22:11:42    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-05-31 22:11:42    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-05-31 22:11:31    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-05-31 22:11:31    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-05-31 22:11:31    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-05-31 22:11:31    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-05-31 22:09:39    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2014-05-31 22:09:39    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2014-05-31 21:56:26    --------    d-s---w-    C:\Windows\System32\CompatTel
2014-05-31 21:47:32    --------    d-----w-    C:\Windows\System32\MRT
2014-05-31 21:31:30    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-31 21:13:12    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2014-05-31 21:13:12    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-05-31 21:13:12    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2014-05-31 21:13:11    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2014-05-31 21:07:49    --------    d-----w-    C:\Windows\Migration
2014-05-31 21:02:34    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2014-05-31 21:02:34    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2014-05-31 21:01:45    81920    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2014-05-31 21:01:45    259584    ----a-w-    C:\Windows\System32\WebClnt.dll
2014-05-31 21:01:45    205824    ----a-w-    C:\Windows\SysWow64\WebClnt.dll
2014-05-31 21:01:45    140800    ----a-w-    C:\Windows\System32\drivers\mrxdav.sys
2014-05-31 21:01:45    102400    ----a-w-    C:\Windows\System32\davclnt.dll
2014-05-31 21:00:52    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2014-05-31 21:00:52    859648    ----a-w-    C:\Windows\System32\tdh.dll
2014-05-31 21:00:52    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2014-05-31 21:00:52    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2014-05-31 21:00:52    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2014-05-31 21:00:51    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2014-05-31 21:00:08    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2014-05-31 20:58:46    185344    ----a-w-    C:\Windows\System32\drivers\usbvideo.sys
2014-05-31 20:58:46    100864    ----a-w-    C:\Windows\System32\drivers\usbcir.sys
2014-05-31 20:58:07    785624    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2014-05-31 20:57:21    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2014-05-31 20:57:21    530432    ----a-w-    C:\Windows\SysWow64\comctl32.dll
2014-05-31 20:56:40    76800    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
2014-05-31 20:56:40    42496    ----a-w-    C:\Windows\System32\drivers\usbscan.sys
2014-05-31 20:56:40    32896    ----a-w-    C:\Windows\System32\drivers\hidparse.sys
2014-05-31 20:50:50    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-05-31 20:50:50    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-05-31 20:50:10    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2014-05-31 20:50:10    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2014-05-31 20:49:23    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2014-05-31 20:49:23    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2014-05-31 20:49:23    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-05-31 20:47:13    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2014-05-31 20:46:41    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2014-05-31 20:46:41    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2014-05-31 20:43:41    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-05-31 20:43:41    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-05-31 20:43:03    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-05-31 20:42:31    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2014-05-31 20:40:02    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-05-31 20:40:02    1402880    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2014-05-31 20:40:02    1393152    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2014-05-31 20:40:02    1367040    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-05-31 20:40:01    1732608    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-05-31 20:37:02    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2014-05-31 20:37:02    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2014-05-31 20:36:16    52224    ----a-w-    C:\Windows\System32\certenc.dll
2014-05-31 20:36:16    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2014-05-31 20:36:15    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2014-05-31 20:36:15    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2014-05-31 20:35:33    111448    ----a-w-    C:\Windows\System32\consent.exe
2014-05-31 20:35:30    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2014-05-31 20:33:59    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2014-05-31 20:33:59    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2014-05-31 20:33:59    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2014-05-31 20:33:59    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2014-05-31 20:33:57    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-05-31 20:33:56    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2014-05-31 20:33:32    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2014-05-31 20:32:32    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2014-05-31 20:29:13    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2014-05-31 20:27:59    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2014-05-31 20:22:53    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2014-05-31 20:22:53    1389568    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2014-05-31 20:21:37    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2014-05-31 20:21:37    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2014-05-31 20:20:57    95744    ----a-w-    C:\Windows\System32\synceng.dll
2014-05-31 20:20:57    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2014-05-31 20:20:32    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2014-05-31 20:20:32    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2014-05-31 20:20:32    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2014-05-31 20:20:32    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2014-05-31 20:20:32    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2014-05-31 20:20:32    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2014-05-31 20:20:32    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2014-05-31 20:20:07    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2014-05-31 20:20:07    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2014-05-31 20:20:07    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-05-31 20:15:12    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2014-05-31 20:15:12    44032    ----a-w-    C:\Windows\SysWow64\dhcpcsvc6.dll
2014-05-31 20:15:12    226816    ----a-w-    C:\Windows\System32\dhcpcore6.dll
2014-05-31 20:15:12    193536    ----a-w-    C:\Windows\SysWow64\dhcpcore6.dll
2014-05-31 20:13:26    59392    ----a-w-    C:\Windows\System32\browcli.dll
2014-05-31 20:13:26    41984    ----a-w-    C:\Windows\SysWow64\browcli.dll
2014-05-31 20:13:26    136704    ----a-w-    C:\Windows\System32\browser.dll
2014-05-31 20:13:08    245760    ----a-w-    C:\Windows\System32\OxpsConverter.exe
2014-05-31 20:12:51    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2014-05-31 20:12:51    41472    ----a-w-    C:\Windows\System32\drivers\RNDISMP.sys
2014-05-31 20:12:31    956928    ----a-w-    C:\Windows\System32\localspl.dll
2014-05-31 20:10:57    209920    ----a-w-    C:\Windows\System32\profsvc.dll
2014-05-31 20:10:41    3216384    ----a-w-    C:\Windows\System32\msi.dll
2014-05-31 20:10:41    2342400    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-05-31 20:10:12    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2014-05-31 20:06:42    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2014-05-31 20:06:42    5120    ----a-w-    C:\Windows\System32\wmi.dll
2014-05-31 20:06:42    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2014-05-31 20:01:33    509952    ----a-w-    C:\Windows\System32\ntshrui.dll
2014-05-31 20:01:33    442880    ----a-w-    C:\Windows\SysWow64\ntshrui.dll
2014-05-31 20:01:23    515584    ----a-w-    C:\Windows\System32\timedate.cpl
2014-05-31 20:01:23    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
2014-05-31 20:01:16    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
2014-05-31 20:01:16    634880    ----a-w-    C:\Windows\System32\msvcrt.dll
2014-05-31 20:01:04    395776    ----a-w-    C:\Windows\System32\webio.dll
2014-05-31 20:01:04    314880    ----a-w-    C:\Windows\SysWow64\webio.dll
2014-05-31 19:51:54    --------    d-----w-    C:\Windows\SysWow64\Wat
2014-05-31 19:51:54    --------    d-----w-    C:\Windows\System32\Wat
2014-05-31 19:50:53    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-31 19:50:53    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-05-31 19:45:57    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-05-31 19:44:45    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-05-31 19:44:45    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-05-31 19:44:41    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-05-31 19:44:35    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-05-31 19:44:35    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-05-31 19:44:29    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2014-05-31 19:44:29    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-05-31 19:43:58    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-05-31 19:43:58    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-05-31 19:43:58    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-05-31 19:43:58    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-05-31 19:41:55    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2014-05-31 19:40:59    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2014-05-31 19:40:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2014-05-31 19:39:51    197120    ----a-w-    C:\Windows\System32\credui.dll
2014-05-31 19:39:51    1930752    ----a-w-    C:\Windows\System32\authui.dll
2014-05-31 19:39:51    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2014-05-31 19:39:51    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2014-05-31 19:39:51    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2014-05-31 19:39:51    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2014-05-31 19:39:32    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-05-31 19:39:32    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-05-31 19:39:23    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2014-05-31 19:39:23    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2014-05-31 19:38:59    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-31 19:38:53    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2014-05-31 19:38:53    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2014-05-31 19:38:53    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2014-05-31 19:38:53    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2014-05-31 19:38:53    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2014-05-31 19:24:27    --------    d-----w-    C:\ProgramData\Geek Squad
2014-05-31 19:13:13    --------    d-----w-    C:\Windows\System32\SPReview
2014-05-31 18:51:35    2560    ----a-w-    C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2014-05-31 18:51:33    3072    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-05-31 18:50:49    6144    ----a-w-    C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2014-05-31 18:50:48    4608    ----a-w-    C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2014-05-31 18:31:56    90624    ----a-w-    C:\Windows\System32\KMSVC.DLL
2014-05-31 18:30:59    12288    ----a-w-    C:\Windows\SysWow64\tsbyuv.dll
2014-05-31 18:27:12    --------    d-----w-    C:\Windows\System32\EventProviders
2014-05-31 18:24:07    --------    d-----w-    C:\ProgramData\clear.fi
2014-05-31 18:16:24    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2014-05-31 18:16:24    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2014-05-31 18:16:24    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2014-05-31 18:11:59    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2014-05-31 18:11:54    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2014-05-31 18:11:41    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-05-31 18:11:41    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-05-31 18:08:58    --------    d-----w-    C:\Users\Haeji\AppData\Roaming\Intel Corporation
2014-05-31 18:08:55    --------    d-----w-    C:\Users\Haeji\AppData\Local\EgisTec IPS
2014-05-31 18:07:37    --------    d-----w-    C:\Program Files (x86)\OEM
2014-05-31 18:07:27    --------    d-----w-    C:\ProgramData\OEM_E471269A730D
2014-05-31 18:07:12    --------    d-----w-    C:\Users\Haeji\AppData\Local\Acer
2014-05-31 18:00:12    --------    d-----w-    C:\Windows\NAPP_Dism_Log
2014-05-31 17:43:25    --------    d-----w-    C:\ProgramData\CLSK
2014-05-31 17:40:55    --------    d-----w-    C:\ProgramData\NTI Launcher
2014-05-31 17:39:17    --------    d-----w-    C:\Program Files (x86)\Common Files\Macrovision Shared
2014-05-31 17:38:37    --------    d-----w-    C:\Windows\en
2014-05-31 17:38:19    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-31 17:36:33    1819648    ----a-w-    C:\ProgramData\Microsoft\OEMOffice14\Office14\Word.en-us\WordMUI.msi
2014-05-31 17:35:38    --------    d-----w-    C:\Program Files (x86)\Microsoft
2014-05-31 17:32:34    --------    d-----w-    C:\Program Files\Synaptics
2014-05-31 17:30:27    --------    d-----w-    C:\Program Files (x86)\Renesas Electronics
2014-05-31 17:25:54    --------    d-----w-    C:\ProgramData\EgisTec
2014-05-31 17:25:53    --------    d---a-w-    C:\book
2014-05-31 17:24:46    0    ----a-w-    C:\Windows\ativpsrm.bin
2014-05-31 17:23:53    3    ----a-w-    C:\Windows\System32\PLD_Framework.cmd
2014-05-31 17:22:07    --------    d-----w-    C:\Windows\SysWow64\RTCOM
2014-05-31 17:22:00    --------    d-----w-    C:\Program Files\Realtek
2014-05-31 17:20:08    --------    d-----w-    C:\Program Files\ATI
2014-05-31 17:20:07    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
.
==================== Find3M  ====================
.
2014-06-02 03:27:50    29280    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
2014-06-02 03:27:50    178272    ----a-w-    C:\Windows\System32\drivers\kneps.sys
2014-06-02 03:27:49    458336    ----a-w-    C:\Windows\System32\drivers\kl1.sys
2014-05-31 21:31:30    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-31 19:07:30    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2014-05-31 19:07:30    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
.
============= FINISH:  6:07:11.86 ===============
 



#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:09 AM

Posted 04 June 2014 - 11:50 AM

Good evening. :)

You have two anti-virus programs showing as installed, Webroot SecureAnywhere and Kaspersky Internet Security. The rule is one resident scanner in stalled at any one time, so you need to uninstall one of them.

 

And if you have ability to tell if one site I suspect is infected, I would appreciate knowing.

Unfortunately I don't.

 

Other than the AV, if you're happy with the system i'd say you were done.


So long, and thanks for all the fish.

 

 


#15 hoagie1ob

hoagie1ob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 05 June 2014 - 03:43 PM

Thank you. So far, I haven't revisited the site and my computer seems fine. I did find a couple of sites where you can put in website address to see if it is infected or not, so I may try that.

Thanks again for your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users