Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log: Please help interpret


  • This topic is locked This topic is locked
12 replies to this topic

#1 Hajduk

Hajduk

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:07:32 PM

Posted 10 June 2014 - 03:31 PM

I'm running Windows 7 in a Dell Optiplex 320, more info in my profile. It's very sluggish and flashes a lot of "Not Responding" notices. I will shortly install more RAM and a more adequate hard drive, which I hope will improve performance a lot, but I want to check with you to see if there is anything I should do to prevent problems from carrying over. I hope this is the right place to post. If you want a DDS log or anything of the sort, please e-mail me. 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:12:11 PM, on 6/10/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17041)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files\Common Files\microsoft shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3685397210-3945488285-3899510509-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3685397210-3945488285-3899510509-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 7] "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 7] "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto (User 'Default user')

O4 - Global Startup: SystemExplorerDisabled

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files\System Explorer\service\SystemExplorerService.exe

 

--

End of file - 6888 bytes

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 12 June 2014 - 10:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 18 June 2014 - 09:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 27 June 2014 - 06:50 AM

This topic has been re-opened at the request of the person who originally posted.

#5 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:07:32 PM

Posted 27 June 2014 - 10:07 AM

ADW Cleaner Log 2014.06.26

 

# AdwCleaner v3.213 - Report created 26/06/2014 at 16:41:19
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Administrator - DELL5-PC
# Running from : C:\Users\Administrator\Desktop\adwcleaner_3.213.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Administrator\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Administrator\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Administrator\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\DELL5\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbicckmeogemnamjhgbfbhelblnkjlp
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\invalidprefs.js
File Deleted : C:\Windows\Tasks\Driver Booster Update.job
File Deleted : C:\Windows\System32\Tasks\Driver Booster Update
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
File Deleted : C:\Windows\System32\Tasks\LaunchApp
File Deleted : C:\Windows\System32\Tasks\VisualBeeRecovery
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jhbicckmeogemnamjhgbfbhelblnkjlp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D85B3A73-E4A6-48D6-9154-8566341270E3}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D85B3A73-E4A6-48D6-9154-8566341270E3}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A6150C7-81D3-4E13-9783-1AA55486CFA0}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A6150C7-81D3-4E13-9783-1AA55486CFA0}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3711D7B8-D013-48CD-8F20-3ED48070CFA2}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3711D7B8-D013-48CD-8F20-3ED48070CFA2}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBB68D35-E714-4555-8307-A5FC18FF2BB5}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C254E664-AE7D-44CD-A014-B4CBAB2A5133}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C254E664-AE7D-44CD-A014-B4CBAB2A5133}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\visualbee
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\prefs.js ]
 
 
[ File : C:\Users\DELL5\AppData\Roaming\Mozilla\Firefox\Profiles\5w9pgej7.default\prefs.js ]
 
Line Deleted : user_pref("extensions.enabledAddons", "%7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68,%7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.4,%7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9,%7B987311C6-B504-[...]
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : glmfgahfleepmdfffonfckpmkondpdkg
Deleted [Extension] : jhbicckmeogemnamjhgbfbhelblnkjlp
 
[ File : C:\Users\DELL5\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={FC53530B-2BD9-487B-A814-7E287B2906E0}&mid=28988a8352f447d08132d151cd9b8cf8-5cc957e7cd7c232392af2090a3c8197fcefa4ae6&lang=en&ds=bm011&pr=sa&d=2013-01-12 11:27:24&v=13.2.0.4&sap=dsp&q={searchTerms}
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : jhbicckmeogemnamjhgbfbhelblnkjlp
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : pgafcinpmmpklohkojmllohdhomoefph
 
[ File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=b8a4c73e00000000000000188b541675
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : pgafcinpmmpklohkojmllohdhomoefph
 
*************************
 
AdwCleaner[R0].txt - [6594 octets] - [26/06/2014 16:23:57]
AdwCleaner[S0].txt - [6687 octets] - [26/06/2014 16:41:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6747 octets] ##########


#6 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:07:32 PM

Posted 27 June 2014 - 10:10 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by Administrator (administrator) on DELL5-PC on 26-06-2014 16:59:53
Running from C:\Users\Administrator\Desktop\FarBar
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft® Corporation) C:\Program Files\Common Files\microsoft shared\Works Shared\WkUFind.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-26] (AVAST Software)
HKLM\...\Run: [Microsoft Works Update Detection] => C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [50688 2003-06-03] (Microsoft® Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-3685397210-3945488285-3899510509-500\...\Run: [TClockEx] => C:\Program Files\TClockEx\TCLOCKEX.EXE [89088 2000-03-09] (Dale Nurden)
HKU\S-1-5-21-3685397210-3945488285-3899510509-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3685397210-3945488285-3899510509-500\...\MountPoints2: {6c46b598-691c-11e3-93d3-00188b7f650b} - G:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1AMPCBOK -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} =>  No File
ShellIconOverlayIdentifiers: 1AMPCBSyncing -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
SearchScopes: HKCU - {593CBEC3-23DA-4879-A484-239932CDBD88} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SearchEngineOrder.2: Google
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDFXViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDFXViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDFXViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\searchplugins\yahoo-avast.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\ascsurfingprotection@iobit.com [2014-06-14]
FF Extension: AD Block - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\searchads@instair.net [2014-03-04]
FF Extension: LastPass - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\support@lastpass.com [2014-03-22]
FF Extension: Webmail Ad Blocker - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\gmailnoads@mywebber.com.xpi [2013-05-13]
FF Extension: Lightbeam - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-10-27]
FF Extension: Social Fixer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\socialfixer@mattkruse.com.xpi [2014-03-04]
FF Extension: rather - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\www.getrather.com@jetpack.xpi [2014-03-04]
FF Extension: Flagfox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-07]
FF Extension: Print/Print Preview - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2013-05-13]
FF Extension: ImTranslator - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-10-09]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-05-13]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-06]
FF Extension: Trueblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\{e10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-13]
FF Extension: Google Privacy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2013-05-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-12]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-08]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-08]
 
Chrome: 
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-09]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-14]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-14]
CHR Extension: (Advanced Font Settings) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2014-05-15]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-14]
CHR Extension: (RealDownloader) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-05]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-05-15]
CHR Extension: (Google Mail Checker) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-14]
CHR Extension: (ImTranslator: Google Translate) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2014-05-15]
CHR Extension: (Adblock Pro) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-05-15]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-25]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
S4 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-25] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567256 2012-11-25] (Mister Group)
 
==================== Drivers (Whitelisted) ====================
 
S4 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-03-26] (Emsisoft GmbH)
S4 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-25] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-03-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-25] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270240 2014-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-25] ()
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1092160 2011-04-19] (Broadcom Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-02-25] (Glarysoft Ltd)
S4 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [28016 2011-08-26] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17136 2003-05-01] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys F79E7E05CC2BE06DE8D87F46E237C97A
C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys B0CC0B50441372157F31C4C023D43A3E
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 4D6C6E0505A8E5A0656DCB223497D37C
C:\Windows\system32\drivers\aswKbd.sys 903CAF22AEA9D84B0191FEA5F5D483A4
C:\Windows\system32\drivers\aswMonFlt.sys 1A2CC93BBD77C2D95A7567938D7D7239
C:\Windows\System32\DRIVERS\aswNdisFlt.sys 6F37391013357B542900EF69E9D18D7E
C:\Windows\system32\drivers\aswRdr2.sys 9A646294396BBCDF29CF1CB4B1B0D68B
C:\Windows\system32\Drivers\aswRvrt.sys 24B3BDA01DB3A704E33A5266C7B52DAF
C:\Windows\system32\drivers\aswSnx.sys D13182758BAC9B4996D592E7684C9267
C:\Windows\system32\drivers\aswSP.sys D1A68A33B082FA1C7087CE54A7923D90
C:\Windows\system32\drivers\aswStm.sys 8B54399E3EC1150FA461837E60816812
C:\Windows\system32\Drivers\aswVmm.sys B2D7EE52633CA8831DDAFCA81C2D46C3
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcm4sbxp.sys 82DD21BFA8BBE0A3A3833A1BD8E86158
C:\Windows\System32\DRIVERS\bcmwlhigh6.sys E0E8890117E701EA6D787C1D0624D6B7
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\BootDefragDriver.sys 9D3719BCB5E78CCAFF5A2B192C0F5B81
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys DBC8CDAFC84E96E894C3BAAED9B30F47
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys 2491A4DDB3F7A6688669831969B47669
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E
C:\Windows\System32\Drivers\ksecpkg.sys D3964885F0A11ACF51DA3AAA776973B2
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys E77DC03DD3C8E5A388BF9EED2A28F3D1
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 9A77B1C13BCCEDDF78DFD7AFC25B4F5E
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PxHelp20.sys FAA729E2E2FD3AFB8DF7A45DE8769CC3
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys BF302072DC8374CF4E118FD88AA817A2
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-26 16:59 - 2014-06-26 17:00 - 00000000 ____D () C:\FRST
2014-06-26 16:58 - 2014-06-26 16:59 - 00000000 ____D () C:\Users\Administrator\Desktop\FarBar
2014-06-26 16:58 - 2014-06-26 16:56 - 01073152 _____ (Farbar) C:\Users\Administrator\Documents\FRST.exe
2014-06-26 15:52 - 2014-06-26 15:52 - 01342659 _____ () C:\Users\Administrator\Desktop\adwcleaner_3.213.exe
2014-06-26 12:15 - 2014-06-26 12:20 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 12:15 - 2014-06-26 12:15 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 12:15 - 2014-06-26 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 12:15 - 2014-06-26 12:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 12:15 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 12:15 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 11:43 - 2014-06-26 11:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-26 10:13 - 2014-06-26 16:46 - 00061110 _____ () C:\Windows\PFRO.log
2014-06-26 10:13 - 2014-06-26 16:46 - 00000168 _____ () C:\Windows\setupact.log
2014-06-26 10:13 - 2014-06-26 10:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-25 15:06 - 2014-06-25 15:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Zoner
2014-06-25 15:06 - 2014-06-25 15:06 - 00000000 ____D () C:\Users\Administrator\Documents\ZPS15
2014-06-17 13:25 - 2014-06-17 13:25 - 00013511 _____ () C:\Users\Administrator\Desktop\charmap.exe - Shortcut.lnk
2014-06-16 15:37 - 2014-06-16 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-16 15:37 - 2014-06-16 15:37 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-16 15:37 - 2014-06-16 15:36 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-16 15:37 - 2014-06-16 15:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-16 15:37 - 2014-06-16 15:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-16 15:37 - 2014-06-16 15:36 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-14 16:01 - 2014-06-14 16:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-06-14 15:56 - 2014-06-14 15:56 - 38671824 _____ (IObit ) C:\Users\Administrator\Downloads\asc7-setup-aff.exe
2014-06-14 15:55 - 2014-06-14 15:55 - 37355512 _____ (IObit ) C:\Users\Administrator\Downloads\Advanced-SystemCare.exe
2014-06-12 08:49 - 2014-06-12 08:49 - 00008387 _____ () C:\Users\Administrator\Downloads\can_psal.zip
2014-06-11 14:59 - 2014-06-08 01:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 14:59 - 2014-06-08 01:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 14:19 - 2014-06-10 14:19 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 14:19 - 2014-06-10 14:19 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 14:18 - 2014-06-10 14:18 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 14:18 - 2014-06-10 14:18 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 14:18 - 2014-06-10 14:18 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 14:18 - 2014-06-10 14:18 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 14:18 - 2014-06-10 14:18 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 14:18 - 2014-06-10 14:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 14:18 - 2014-06-10 14:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 14:16 - 2014-06-10 14:16 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 14:16 - 2014-06-10 14:16 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 14:16 - 2014-06-10 14:16 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 14:16 - 2014-06-10 14:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 14:16 - 2014-06-10 14:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 14:16 - 2014-06-10 14:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 13:02 - 2014-06-10 13:02 - 00688992 ____R (Swearware) C:\Users\Administrator\Downloads\dds.com
2014-06-10 12:06 - 2014-06-10 12:06 - 00003023 _____ () C:\Users\Administrator\Desktop\HiJackThis.lnk
2014-06-10 12:06 - 2014-06-10 12:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-10 12:06 - 2014-06-10 12:06 - 00000000 ____D () C:\Program Files\Hijack This
2014-06-09 15:21 - 2014-06-09 15:21 - 00054016 _____ () C:\Windows\system32\Drivers\bxgscd.sys
2014-06-09 11:48 - 2014-06-09 11:49 - 10689696 _____ (Irfan Skiljan) C:\Users\Administrator\Downloads\irfanview_plugins_437_setup.exe
2014-06-09 11:48 - 2014-06-09 11:49 - 10689696 _____ (Irfan Skiljan) C:\Users\Administrator\Downloads\irfanview_plugins_437_setup (1).exe
2014-06-09 10:03 - 2014-06-09 10:03 - 00653914 _____ () C:\Users\Administrator\Downloads\Asea_RBIJ.zip
2014-06-09 10:03 - 2014-06-09 10:03 - 00119692 _____ () C:\Users\Administrator\Downloads\Musica.ttf
2014-06-09 10:02 - 2014-06-09 10:02 - 00590848 _____ () C:\Users\Administrator\Downloads\Unidings.ttf
2014-06-09 10:01 - 2014-06-09 10:01 - 00083524 _____ () C:\Users\Administrator\Downloads\Analecta.otf
2014-06-03 12:01 - 2014-06-03 12:01 - 00000246 _____ () C:\Users\Administrator\AppData\Local\F8C7EC15DFCD4937AD1BBCA7D1FD2657.CalcTape1.calc
 
==================== One Month Modified Files and Folders =======
 
2014-06-26 17:00 - 2014-06-26 16:59 - 00000000 ____D () C:\FRST
2014-06-26 16:59 - 2014-06-26 16:58 - 00000000 ____D () C:\Users\Administrator\Desktop\FarBar
2014-06-26 16:56 - 2014-06-26 16:58 - 01073152 _____ (Farbar) C:\Users\Administrator\Documents\FRST.exe
2014-06-26 16:54 - 2009-07-13 21:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 16:54 - 2009-07-13 21:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-26 16:50 - 2013-03-26 07:24 - 01507089 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 16:48 - 2013-10-06 23:31 - 00000000 ____D () C:\AdwCleaner
2014-06-26 16:46 - 2014-06-26 10:13 - 00061110 _____ () C:\Windows\PFRO.log
2014-06-26 16:46 - 2014-06-26 10:13 - 00000168 _____ () C:\Windows\setupact.log
2014-06-26 16:46 - 2012-12-11 13:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-26 16:46 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 16:18 - 2012-09-29 20:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-26 15:52 - 2014-06-26 15:52 - 01342659 _____ () C:\Users\Administrator\Desktop\adwcleaner_3.213.exe
2014-06-26 15:39 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Web
2014-06-26 12:20 - 2014-06-26 12:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 12:15 - 2014-06-26 12:15 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 12:15 - 2014-06-26 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 12:15 - 2014-06-26 12:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 12:15 - 2013-02-14 08:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-06-26 12:15 - 2012-09-29 21:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 12:14 - 2012-09-29 21:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-06-26 11:44 - 2014-06-26 11:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-26 10:25 - 2009-07-13 21:53 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-26 10:13 - 2014-06-26 10:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-25 15:07 - 2014-06-25 15:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Zoner
2014-06-25 15:06 - 2014-06-25 15:06 - 00000000 ____D () C:\Users\Administrator\Documents\ZPS15
2014-06-25 15:06 - 2013-02-09 20:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\XnView
2014-06-25 09:07 - 2013-11-22 12:00 - 53686272 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-06-25 09:07 - 2013-11-22 12:00 - 00241664 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-06-25 09:07 - 2013-11-22 12:00 - 00061440 _____ () C:\Windows\system32\config\SAM.iobit
2014-06-25 09:07 - 2013-11-22 12:00 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-06-25 09:07 - 2013-02-08 21:33 - 00000000 ____D () C:\Users\Administrator
2014-06-23 06:27 - 2013-11-22 11:48 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-20 19:59 - 2013-04-07 01:05 - 00000000 ____D () C:\Windows\Minidump
2014-06-19 10:53 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\tracing
2014-06-19 10:50 - 2013-10-07 07:02 - 00000000 ____D () C:\Program Files\IObit
2014-06-18 06:10 - 2013-10-13 21:23 - 00000000 ____D () C:\Users\Administrator\Desktop\Maintenance
2014-06-17 18:15 - 2013-04-09 14:27 - 00000000 ____D () C:\Program Files\Mozilla Sunbird
2014-06-17 13:25 - 2014-06-17 13:25 - 00013511 _____ () C:\Users\Administrator\Desktop\charmap.exe - Shortcut.lnk
2014-06-16 15:37 - 2014-06-16 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-16 15:37 - 2014-06-16 15:37 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-16 15:36 - 2014-06-16 15:37 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-16 15:36 - 2014-06-16 15:37 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-16 15:36 - 2014-06-16 15:37 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-16 15:36 - 2014-06-16 15:37 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-16 15:36 - 2013-09-19 09:57 - 00000000 ____D () C:\Program Files\Java
2014-06-14 16:09 - 2012-10-24 15:32 - 00000000 ____D () C:\Users\DELL5\Documents\Dock
2014-06-14 16:01 - 2014-06-14 16:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-06-14 15:59 - 2013-11-22 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-06-14 15:56 - 2014-06-14 15:56 - 38671824 _____ (IObit ) C:\Users\Administrator\Downloads\asc7-setup-aff.exe
2014-06-14 15:55 - 2014-06-14 15:55 - 37355512 _____ (IObit ) C:\Users\Administrator\Downloads\Advanced-SystemCare.exe
2014-06-12 08:49 - 2014-06-12 08:49 - 00008387 _____ () C:\Users\Administrator\Downloads\can_psal.zip
2014-06-12 07:49 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-12 07:39 - 2012-10-24 15:35 - 00104448 ____H () C:\Users\DELL5\Documents\~WRL4050.tmp
2014-06-12 06:33 - 2012-09-30 09:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 06:32 - 2013-08-15 03:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 06:28 - 2014-04-28 07:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 06:28 - 2012-09-29 17:59 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 23:03 - 2012-09-29 16:38 - 00000000 ____D () C:\Users\DELL5
2014-06-11 22:02 - 2012-09-29 16:41 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 15:11 - 2012-09-29 20:59 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-11 15:11 - 2012-09-29 20:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-10 19:50 - 2012-12-11 13:33 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-10 19:02 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-06-10 14:19 - 2014-06-10 14:19 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 14:19 - 2014-06-10 14:19 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 14:18 - 2014-06-10 14:18 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 14:18 - 2014-06-10 14:18 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 14:18 - 2014-06-10 14:18 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 14:18 - 2014-06-10 14:18 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 14:18 - 2014-06-10 14:18 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 14:18 - 2014-06-10 14:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 14:18 - 2014-06-10 14:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 14:16 - 2014-06-10 14:16 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 14:16 - 2014-06-10 14:16 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 14:16 - 2014-06-10 14:16 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 14:16 - 2014-06-10 14:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 14:16 - 2014-06-10 14:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 14:16 - 2014-06-10 14:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 14:16 - 2014-06-10 14:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 13:02 - 2014-06-10 13:02 - 00688992 ____R (Swearware) C:\Users\Administrator\Downloads\dds.com
2014-06-10 12:06 - 2014-06-10 12:06 - 00003023 _____ () C:\Users\Administrator\Desktop\HiJackThis.lnk
2014-06-10 12:06 - 2014-06-10 12:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-10 12:06 - 2014-06-10 12:06 - 00000000 ____D () C:\Program Files\Hijack This
2014-06-09 15:21 - 2014-06-09 15:21 - 00054016 _____ () C:\Windows\system32\Drivers\bxgscd.sys
2014-06-09 15:21 - 2014-04-15 22:24 - 00000000 ____D () C:\Windows\jumpshot.com
2014-06-09 11:50 - 2013-12-18 20:41 - 00000000 ____D () C:\Program Files\IrfanView 4.37
2014-06-09 11:49 - 2014-06-09 11:48 - 10689696 _____ (Irfan Skiljan) C:\Users\Administrator\Downloads\irfanview_plugins_437_setup.exe
2014-06-09 11:49 - 2014-06-09 11:48 - 10689696 _____ (Irfan Skiljan) C:\Users\Administrator\Downloads\irfanview_plugins_437_setup (1).exe
2014-06-09 10:03 - 2014-06-09 10:03 - 00653914 _____ () C:\Users\Administrator\Downloads\Asea_RBIJ.zip
2014-06-09 10:03 - 2014-06-09 10:03 - 00119692 _____ () C:\Users\Administrator\Downloads\Musica.ttf
2014-06-09 10:02 - 2014-06-09 10:02 - 00590848 _____ () C:\Users\Administrator\Downloads\Unidings.ttf
2014-06-09 10:01 - 2014-06-09 10:01 - 00083524 _____ () C:\Users\Administrator\Downloads\Analecta.otf
2014-06-08 01:48 - 2014-06-11 14:59 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 01:43 - 2014-06-11 14:59 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-03 12:01 - 2014-06-03 12:01 - 00000246 _____ () C:\Users\Administrator\AppData\Local\F8C7EC15DFCD4937AD1BBCA7D1FD2657.CalcTape1.calc
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\DELL5\AppData\Local\Temp\conduitinstaller.exe
C:\Users\DELL5\AppData\Local\Temp\couponamazing.exe
C:\Users\DELL5\AppData\Local\Temp\tbSomo.dll
C:\Users\Martin\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {a2eb1a15-0a94-11e2-b12e-9158b5a46122}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {a2eb1a17-0a94-11e2-b12e-9158b5a46122}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {a2eb1a15-0a94-11e2-b12e-9158b5a46122}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {a2eb1a17-0a94-11e2-b12e-9158b5a46122}
device                  ramdisk=[C:]\Recovery\a2eb1a17-0a94-11e2-b12e-9158b5a46122\Winre.wim,{a2eb1a18-0a94-11e2-b12e-9158b5a46122}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\a2eb1a17-0a94-11e2-b12e-9158b5a46122\Winre.wim,{a2eb1a18-0a94-11e2-b12e-9158b5a46122}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {a2eb1a15-0a94-11e2-b12e-9158b5a46122}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows
 
Real-mode Boot Sector
---------------------
identifier              {a2eb1a1d-0a94-11e2-b12e-9158b5a46122}
device                  partition=C:
path                    \Jumpshot\stage0
description             Run GrimeFighter
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {a2eb1a18-0a94-11e2-b12e-9158b5a46122}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\a2eb1a17-0a94-11e2-b12e-9158b5a46122\boot.sdi
 
 
 
LastRegBack: 2014-06-18 13:45
 
==================== End Of Log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 27 June 2014 - 01:03 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
ShellIconOverlayIdentifiers: 1AMPCBOK -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} =>  No File
ShellIconOverlayIdentifiers: 1AMPCBSyncing -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} =>  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL =
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Extension: AD Block - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\searchads@instair.net [2014-03-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\DELL5\AppData\Local\Temp\conduitinstaller.exe
C:\Users\DELL5\AppData\Local\Temp\couponamazing.exe
C:\Users\DELL5\AppData\Local\Temp\tbSomo.dll
C:\Users\Martin\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

Let me know what problem persists.

#8 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:07:32 PM

Posted 28 June 2014 - 04:32 PM

Hi Nasdaq! 

 

Here is fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Administrator at 2014-06-28 13:38:22 Run:1
Running from C:\Users\Administrator\Desktop\FarBar
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: 1AMPCBOK -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} =>  No File
ShellIconOverlayIdentifiers: 1AMPCBSyncing -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} =>  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL =
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Extension: AD Block - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\searchads@instair.net [2014-03-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\DELL5\AppData\Local\Temp\conduitinstaller.exe
C:\Users\DELL5\AppData\Local\Temp\couponamazing.exe
C:\Users\DELL5\AppData\Local\Temp\tbSomo.dll
C:\Users\Martin\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
 
End
*****************
 
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1AMPCBOK' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1AMPCBSyncing' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{4d87b7a7-23f1-470c-aa45-96b25b9bd138}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5x7hmdxw.default\Extensions\searchads@instair.net => Moved successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
"C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
C:\Users\DELL5\AppData\Local\Temp\conduitinstaller.exe => Moved successfully.
C:\Users\DELL5\AppData\Local\Temp\couponamazing.exe => Moved successfully.
C:\Users\DELL5\AppData\Local\Temp\tbSomo.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
 
==== End of Fixlog ====


#9 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:07:32 PM

Posted 28 June 2014 - 04:33 PM

And here is checkup:

Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
avast! Antivirus                
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 CCleaner     
 Wise Registry Cleaner 7.86  
 NirSoft RegScanner    
 Java 7 Update 60  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
 Mozilla Thunderbird (24.2.0) 
 Google Chrome 32.0.1700.107  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#10 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:07:32 PM

Posted 28 June 2014 - 04:38 PM

Nasdaq, it appears that Farbar has removed conduitinstaller. A while back I did the most thorough search I could and thought I had removed everything connected with that bloody conduit nuisance, but apparently not. Does bleepingcomputer have a program that will get rid of those damned search engine hijackers? 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 29 June 2014 - 06:25 AM

AdwCleaner does a good job but we cannot keep up with the new registry and file entries.

The Farbar fix removed everything that is bad.

Are you still getting signs that you have some issues with it?

Your Security Check log is clean.

#12 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:07:32 PM

Posted 03 July 2014 - 10:51 AM

OK, thanks. I have given it a bit of time to evaluate performance after the cleanup. I still have to contend with slow operation and too much "not responding," but the new hard drive and added RAM should fix that. 

 

Thanks for your help.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 04 July 2014 - 08:05 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users