Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Background Audio Ad, vmhost.exe


  • This topic is locked This topic is locked
9 replies to this topic

#1 silvergo

silvergo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 18 June 2014 - 04:39 PM

Please let us know if im not on the right page. 

 

I don't know what happened, but when I turn on my computer a program starts 3-5 minutes later (Vmhost.exe or vm file module) in Program data folder Update Task. 

 

The program takes up about 100-800,000k Memory and everything that I ran cannot find anything. Please help. Already tried malwarebyte, TSSKiller etc. This is my work computer so I might be in trouble. Also my cc got compromised. 



BC AdBot (Login to Remove)

 


#2 silvergo

silvergo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 18 June 2014 - 04:42 PM

Also, I ended the process. Very laggy. Thank you!



#3 silvergo

silvergo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 18 June 2014 - 05:08 PM

I added hijack this to see if this helps. It continuously starts itself again,

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 PM

Posted 18 June 2014 - 05:58 PM

Please do the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 silvergo

silvergo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 19 June 2014 - 12:44 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Red Dragon (administrator) on REDDRAGON on 18-06-2014 22:38:41
Running from C:\Users\Red Dragon\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
() C:\Program Files (x86)\DesktopCoral\DesktopCoral.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Forty One Ltd.) C:\Users\Red Dragon\Desktop\AudioSwitcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3501088 2014-05-26] (Fitbit, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000\...\Run: [GoogleChromeAutoLaunch_76D0880A51D6FC6318ECBFBF4E8C1AE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-24] (Electronic Arts)
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000\...\Run: [Desktop Coral] => C:\Program Files (x86)\DesktopCoral\DesktopCoral.exe [2487296 2013-03-25] ()
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000\...\Run: [AudioSwitcher] => C:\Users\Red Dragon\Desktop\AudioSwitcher.exe [356352 2013-10-30] (Forty One Ltd.)
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000\...\Run: [Google Update] => C:\Users\Red Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-08] (Google Inc.)
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3501088 2014-05-26] (Fitbit, Inc.)
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_76D0880A51D6FC6318ECBFBF4E8C1AE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-24] (Electronic Arts)
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Desktop Coral] => C:\Program Files (x86)\DesktopCoral\DesktopCoral.exe [2487296 2013-03-25] ()
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AudioSwitcher] => C:\Users\Red Dragon\Desktop\AudioSwitcher.exe [356352 2013-10-30] (Forty One Ltd.)
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Red Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-08] (Google Inc.)
HKU\S-1-5-21-3351530137-1583588058-1140563851-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3501088 2014-05-26] (Fitbit, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM-x32 - DefaultScope {90D2045A-E009-4CB5-BB96-4C54C0003ADC} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689 URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\j4kslnj6.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Red Dragon\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Red Dragon\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: BitComet Video Downloader - C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\j4kslnj6.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2013-12-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-13]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/", "https://isearch.avg.com/?cid={B426747E-492E-451C-85DD-63B284D7E5CE}&mid=702b3d3f238a47d0b33ac1f60eda1f2f-c9e371a727e5bb462b858676187d18128f433462&lang=en&ds=tc011&pr=sa&d=2012-08-23 16:14:25&v=12.2.0.5&sap=hp", "hxxp://www.bbc.co.uk/news/science_and_environment/", "hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=48&CUI=UN38388749153145117&UM=2", "https://www.google.com/search?q=x+new+tab+page&oq=x+new+&aqs=chrome.4.69i57j69i60l3j0l2&sourceid=chrome&ie=UTF-8", "hxxp://search.conduit.com/?ctid=CT3288691&SearchSource=48&CUI=UN41873375651842123&UM=2", "hxxp://search.conduit.com/?ctid=CT3288691&SearchSource=48&CUI=UN80201480622732500&UM=2"
CHR Extension: (Google Docs) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (iCloud) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2013-12-13]
CHR Extension: (YouTube) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Honey) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2013-12-13]
CHR Extension: (Adblock Plus) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-13]
CHR Extension: (TypingWeb Typing Tutor) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcgempicojkfhpnepfecmklndooebjk [2013-12-13]
CHR Extension: (Google Search) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Speed Dial) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2013-12-13]
CHR Extension: (Gmail Offline) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-13]
CHR Extension: (Google Calendar) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-13]
CHR Extension: (AdBlock) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-13]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2013-12-13]
CHR Extension: (Save to Google Drive) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2013-12-13]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-12-13]
CHR Extension: (New Tab Page for FVD Speed Dial) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2013-12-13]
CHR Extension: (Chrome to Mobile) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2014-02-09]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-12-13]
CHR Extension: (Dropbox) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-12-13]
CHR Extension: (Speed Dial 2) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2013-12-13]
CHR Extension: (WorkFlowy) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2013-12-13]
CHR Extension: (Google Maps) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-12-13]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2013-12-13]
CHR Extension: (Planner 5D) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-12-13]
CHR Extension: (Onlive Clock) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\moddbcckaikhdnigidfcmaeelcobchpm [2013-12-13]
CHR Extension: (Google Wallet) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-13]
CHR Extension: (Any.do) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2013-12-13]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2013-12-13]
CHR Extension: (iCloud) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfjiepcafjlmaopmmdfcmdjldjfhlki [2013-12-13]
CHR Extension: (Gmail) - C:\Users\Red Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKCU\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\Red Dragon\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-24]
CHR HKLM-x32\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\Red Dragon\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [2013-12-11]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-24] (AVAST Software)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5482528 2014-05-26] (Fitbit, Inc.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [686592 2013-11-13] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-24] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
U0 jnnekb; C:\Windows\System32\drivers\ptacsl.sys [79064 2014-06-18] (Malwarebytes Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-18 22:38 - 2014-06-18 22:38 - 02082304 _____ (Farbar) C:\Users\Red Dragon\Downloads\FRST64.exe
2014-06-18 22:38 - 2014-06-18 22:38 - 00023526 _____ () C:\Users\Red Dragon\Downloads\FRST.txt
2014-06-18 22:38 - 2014-06-18 22:38 - 00000000 ____D () C:\FRST
2014-06-18 22:29 - 2014-06-18 22:30 - 05185536 _____ (AVAST Software) C:\Users\Red Dragon\Downloads\aswMBR.exe
2014-06-18 20:00 - 2014-06-18 20:00 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\ptacsl.sys
2014-06-18 19:49 - 2014-06-18 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 19:48 - 2014-06-18 19:48 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-18 19:48 - 2014-06-18 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-18 19:48 - 2014-06-18 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 19:48 - 2014-06-18 19:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-18 19:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-18 19:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-18 19:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-18 19:47 - 2014-06-18 19:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Red Dragon\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-13 00:29 - 2014-06-13 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2014-06-13 00:29 - 2014-06-13 00:29 - 00000000 ____D () C:\ProgramData\FitbitConnect
2014-06-13 00:29 - 2014-06-13 00:29 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
2014-06-13 00:27 - 2014-06-13 00:27 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-06-13 00:26 - 2014-06-13 00:26 - 08343263 _____ () C:\Users\Red Dragon\Downloads\[Win]FitbitConnect-v1.0.2.5865-JSPrototype-2014-05-26 (1).zip
2014-06-12 00:36 - 2014-06-12 00:36 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-12 00:35 - 2014-06-12 00:35 - 08343263 _____ () C:\Users\Red Dragon\Downloads\[Win]FitbitConnect-v1.0.2.5865-JSPrototype-2014-05-26.zip
2014-06-11 22:29 - 2014-06-11 22:29 - 00000000 ____D () C:\Users\mathew\AppData\Roaming\Realtime Soft
2014-06-10 19:14 - 2014-06-10 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-10 19:13 - 2014-06-10 19:14 - 17312072 _____ (Google Inc.) C:\Users\Red Dragon\Downloads\picasa39-setup.exe
2014-06-08 17:15 - 2014-06-08 17:15 - 00998808 _____ () C:\Users\Red Dragon\Downloads\Player.exe
2014-06-08 15:11 - 2014-06-18 19:44 - 00003830 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1386992933
2014-06-08 12:25 - 2014-06-08 12:25 - 00211813 _____ () C:\Users\Red Dragon\Downloads\unencrypted (2).txt
2014-06-08 12:24 - 2014-06-08 12:24 - 00354594 _____ () C:\Users\Red Dragon\Downloads\Fitbit Log 20140604-1427.zip
2014-06-08 10:26 - 2014-06-08 10:26 - 00029139 _____ () C:\Users\Red Dragon\Downloads\unencrypted (1).txt
2014-06-08 10:23 - 2014-06-08 10:23 - 00525320 _____ () C:\Users\Red Dragon\Downloads\Fitbit Log 20140606-1332.zip
2014-06-08 09:15 - 2014-06-08 09:15 - 00000000 ____D () C:\Users\Red Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary
2014-06-08 09:11 - 2014-06-08 09:11 - 00918672 _____ (Google Inc.) C:\Users\Red Dragon\Downloads\ChromeSetup.exe
2014-06-06 03:47 - 2014-06-06 03:47 - 04558848 _____ (Google Inc.) C:\WINDOWS\SysWOW64\GPhotos.scr
2014-06-01 09:12 - 2014-06-01 09:12 - 00209059 _____ () C:\Users\Red Dragon\Downloads\FW__Scanned_on_the_Xerox_in_Suite_550.zip
2014-06-01 08:58 - 2014-06-01 08:58 - 00000000 ____D () C:\Users\Red Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HipChat
2014-06-01 08:58 - 2014-06-01 08:58 - 00000000 ____D () C:\Program Files (x86)\Atlassian
2014-06-01 00:34 - 2014-06-01 00:34 - 00233232 _____ () C:\Users\Red Dragon\Downloads\attachments.zip
2014-06-01 00:30 - 2014-06-01 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-01 00:29 - 2014-06-01 00:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 00:29 - 2014-06-01 00:29 - 00000000 ____D () C:\Program Files\iTunes
2014-06-01 00:29 - 2014-06-01 00:29 - 00000000 ____D () C:\Program Files\iPod
2014-06-01 00:29 - 2014-06-01 00:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-30 18:54 - 2014-05-30 18:54 - 00001159 _____ () C:\Users\Red Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Public Videos.lnk
2014-05-30 17:11 - 2014-05-30 17:11 - 00000000 ____D () C:\Users\Red Dragon\AppData\Roaming\library_dir
2014-05-30 11:24 - 2014-05-30 11:27 - 269338400 _____ (AMD Inc.) C:\Users\Red Dragon\Downloads\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
2014-05-30 11:21 - 2014-05-30 11:21 - 00791552 _____ (AMD) C:\Users\Red Dragon\Downloads\amddriverdownloader.exe
2014-05-29 22:25 - 2014-05-29 22:25 - 00168062 _____ () C:\Users\Red Dragon\Downloads\Verification.jpeg
2014-05-29 22:25 - 2014-05-29 22:25 - 00168062 _____ () C:\Users\Red Dragon\Downloads\Verification (1).jpeg
2014-05-26 17:40 - 2014-05-26 17:40 - 01139282 _____ () C:\Users\Red Dragon\Downloads\Open returns Fitbit (4).xlsx
2014-05-26 16:42 - 2014-05-26 16:42 - 04130956 _____ () C:\Users\Red Dragon\Downloads\Scan 3.tiff
2014-05-25 18:22 - 2014-05-25 18:22 - 01051477 _____ () C:\Users\Red Dragon\Downloads\Open returns Fitbit (3).xlsx
2014-05-25 18:22 - 2014-05-25 18:22 - 01051477 _____ () C:\Users\Red Dragon\Downloads\Open returns Fitbit (2).xlsx
2014-05-24 20:04 - 2014-05-24 20:04 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-24 20:04 - 2014-05-24 20:04 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
 
==================== One Month Modified Files and Folders =======
 
2014-06-18 22:38 - 2014-06-18 22:38 - 02082304 _____ (Farbar) C:\Users\Red Dragon\Downloads\FRST64.exe
2014-06-18 22:38 - 2014-06-18 22:38 - 00023526 _____ () C:\Users\Red Dragon\Downloads\FRST.txt
2014-06-18 22:38 - 2014-06-18 22:38 - 00000000 ____D () C:\FRST
2014-06-18 22:37 - 2014-06-18 19:49 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 22:35 - 2013-10-07 23:03 - 00000000 ____D () C:\Users\Red Dragon\Documents\FIFA 14
2014-06-18 22:30 - 2014-06-18 22:29 - 05185536 _____ (AVAST Software) C:\Users\Red Dragon\Downloads\aswMBR.exe
2014-06-18 22:20 - 2014-03-23 09:24 - 00000948 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3351530137-1583588058-1140563851-1000UA.job
2014-06-18 22:17 - 2013-12-13 08:48 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 22:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-18 21:55 - 2013-12-13 21:47 - 00004982 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for REDDRAGON-Red Dragon RedDragon
2014-06-18 21:54 - 2013-12-13 08:24 - 01360532 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-18 21:50 - 2013-12-13 20:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-18 21:22 - 2013-12-13 08:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3351530137-1583588058-1140563851-1000
2014-06-18 21:17 - 2013-12-13 08:48 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 20:19 - 2013-12-13 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-18 20:00 - 2014-06-18 20:00 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\ptacsl.sys
2014-06-18 20:00 - 2013-12-13 20:43 - 00000000 ____D () C:\ProgramData\Conduit
2014-06-18 20:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-06-18 19:48 - 2014-06-18 19:48 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-18 19:48 - 2014-06-18 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-18 19:48 - 2014-06-18 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 19:48 - 2014-06-18 19:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-18 19:47 - 2014-06-18 19:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Red Dragon\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-18 19:44 - 2014-06-08 15:11 - 00003830 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1386992933
2014-06-18 19:44 - 2013-12-13 20:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-18 19:41 - 2014-05-02 05:44 - 00000424 _____ () C:\Users\Red Dragon\Desktop\AudioSwitcher.ini
2014-06-18 19:41 - 2013-12-13 20:52 - 00000046 _____ () C:\Users\Red Dragon\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
2014-06-18 19:41 - 2013-12-13 20:42 - 00000000 ____D () C:\ProgramData\Origin
2014-06-18 19:41 - 2013-12-13 20:42 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-17 23:52 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-06-17 23:12 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-16 23:06 - 2013-12-13 20:50 - 00000000 ____D () C:\Users\Red Dragon\AppData\Roaming\vlc
2014-06-16 20:32 - 2013-12-13 20:49 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-06-16 20:16 - 2013-12-13 00:08 - 00974848 ___SH () C:\Users\Red Dragon\Desktop\Thumbs.db
2014-06-15 13:35 - 2013-12-10 20:49 - 00000000 ____D () C:\Users\Red Dragon\AppData\Local\Packages
2014-06-15 09:20 - 2014-03-23 09:24 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3351530137-1583588058-1140563851-1000Core.job
2014-06-13 00:29 - 2014-06-13 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2014-06-13 00:29 - 2014-06-13 00:29 - 00000000 ____D () C:\ProgramData\FitbitConnect
2014-06-13 00:29 - 2014-06-13 00:29 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
2014-06-13 00:27 - 2014-06-13 00:27 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-06-13 00:26 - 2014-06-13 00:26 - 08343263 _____ () C:\Users\Red Dragon\Downloads\[Win]FitbitConnect-v1.0.2.5865-JSPrototype-2014-05-26 (1).zip
2014-06-12 22:45 - 2013-08-22 08:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-12 00:41 - 2014-04-06 13:30 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3351530137-1583588058-1140563851-1049
2014-06-12 00:36 - 2014-06-12 00:36 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-12 00:35 - 2014-06-12 00:35 - 08343263 _____ () C:\Users\Red Dragon\Downloads\[Win]FitbitConnect-v1.0.2.5865-JSPrototype-2014-05-26.zip
2014-06-11 22:33 - 2013-12-13 21:08 - 00000000 ____D () C:\Program Files\KMSpico
2014-06-11 22:29 - 2014-06-11 22:29 - 00000000 ____D () C:\Users\mathew\AppData\Roaming\Realtime Soft
2014-06-11 22:29 - 2013-12-13 01:38 - 00000000 __RDO () C:\Users\mathew\SkyDrive
2014-06-10 19:15 - 2013-12-13 08:48 - 00000000 ____D () C:\Users\Red Dragon\AppData\Local\Google
2014-06-10 19:14 - 2014-06-10 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-10 19:14 - 2014-06-10 19:13 - 17312072 _____ (Google Inc.) C:\Users\Red Dragon\Downloads\picasa39-setup.exe
2014-06-10 19:14 - 2013-12-13 08:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-10 19:14 - 2013-12-12 01:18 - 01117696 ___SH () C:\Users\Red Dragon\Downloads\Thumbs.db
2014-06-08 17:15 - 2014-06-08 17:15 - 00998808 _____ () C:\Users\Red Dragon\Downloads\Player.exe
2014-06-08 12:25 - 2014-06-08 12:25 - 00211813 _____ () C:\Users\Red Dragon\Downloads\unencrypted (2).txt
2014-06-08 12:24 - 2014-06-08 12:24 - 00354594 _____ () C:\Users\Red Dragon\Downloads\Fitbit Log 20140604-1427.zip
2014-06-08 10:26 - 2014-06-08 10:26 - 00029139 _____ () C:\Users\Red Dragon\Downloads\unencrypted (1).txt
2014-06-08 10:23 - 2014-06-08 10:23 - 00525320 _____ () C:\Users\Red Dragon\Downloads\Fitbit Log 20140606-1332.zip
2014-06-08 09:15 - 2014-06-08 09:15 - 00000000 ____D () C:\Users\Red Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary
2014-06-08 09:15 - 2014-03-23 09:24 - 00003904 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3351530137-1583588058-1140563851-1000UA
2014-06-08 09:15 - 2014-03-23 09:24 - 00003524 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3351530137-1583588058-1140563851-1000Core
2014-06-08 09:11 - 2014-06-08 09:11 - 00918672 _____ (Google Inc.) C:\Users\Red Dragon\Downloads\ChromeSetup.exe
2014-06-07 23:50 - 2013-12-13 20:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-07 23:50 - 2013-12-13 20:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-07 23:03 - 2013-12-13 20:52 - 00000000 ____D () C:\Users\Red Dragon\AppData\Roaming\BitComet
2014-06-06 03:47 - 2014-06-06 03:47 - 04558848 _____ (Google Inc.) C:\WINDOWS\SysWOW64\GPhotos.scr
2014-06-04 19:56 - 2013-12-21 13:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-04 19:56 - 2013-12-13 08:22 - 00000000 ___DC () C:\WINDOWS\Panther
2014-06-01 15:17 - 2014-06-01 15:17 - 05088996 _____ () C:\Users\Red Dragon\Downloads\Fitbit Log 20140530-0907.zip
2014-06-01 09:12 - 2014-06-01 09:12 - 00209059 _____ () C:\Users\Red Dragon\Downloads\FW__Scanned_on_the_Xerox_in_Suite_550.zip
2014-06-01 08:58 - 2014-06-01 08:58 - 00000000 ____D () C:\Users\Red Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HipChat
2014-06-01 08:58 - 2014-06-01 08:58 - 00000000 ____D () C:\Program Files (x86)\Atlassian
2014-06-01 00:34 - 2014-06-01 00:34 - 00233232 _____ () C:\Users\Red Dragon\Downloads\attachments.zip
2014-06-01 00:30 - 2014-06-01 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-01 00:29 - 2014-06-01 00:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 00:29 - 2014-06-01 00:29 - 00000000 ____D () C:\Program Files\iTunes
2014-06-01 00:29 - 2014-06-01 00:29 - 00000000 ____D () C:\Program Files\iPod
2014-06-01 00:29 - 2014-06-01 00:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-30 19:13 - 2013-12-13 08:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-30 19:06 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-30 19:06 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-30 18:54 - 2014-05-30 18:54 - 00001159 _____ () C:\Users\Red Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Public Videos.lnk
2014-05-30 18:52 - 2013-12-13 20:45 - 00000000 ____D () C:\Users\Red Dragon\AppData\Roaming\DivX
2014-05-30 17:11 - 2014-05-30 17:11 - 00000000 ____D () C:\Users\Red Dragon\AppData\Roaming\library_dir
2014-05-30 11:27 - 2014-05-30 11:24 - 269338400 _____ (AMD Inc.) C:\Users\Red Dragon\Downloads\14-4-win7-win8-win8.1-64-dd-ccc-whql.exe
2014-05-30 11:21 - 2014-05-30 11:21 - 00791552 _____ (AMD) C:\Users\Red Dragon\Downloads\amddriverdownloader.exe
2014-05-29 22:25 - 2014-05-29 22:25 - 00168062 _____ () C:\Users\Red Dragon\Downloads\Verification.jpeg
2014-05-29 22:25 - 2014-05-29 22:25 - 00168062 _____ () C:\Users\Red Dragon\Downloads\Verification (1).jpeg
2014-05-28 21:48 - 2014-05-28 21:48 - 00018390 _____ () C:\Users\Red Dragon\Downloads\commitment_english-878835.zip
2014-05-26 18:20 - 2014-05-26 18:20 - 00039847 _____ () C:\Users\Red Dragon\Downloads\the-suspect-yong-eui-ja_english-892108 (1).zip
2014-05-26 17:40 - 2014-05-26 17:40 - 01139282 _____ () C:\Users\Red Dragon\Downloads\Open returns Fitbit (4).xlsx
2014-05-26 16:42 - 2014-05-26 16:42 - 04130956 _____ () C:\Users\Red Dragon\Downloads\Scan 3.tiff
2014-05-25 18:22 - 2014-05-25 18:22 - 01051477 _____ () C:\Users\Red Dragon\Downloads\Open returns Fitbit (3).xlsx
2014-05-25 18:22 - 2014-05-25 18:22 - 01051477 _____ () C:\Users\Red Dragon\Downloads\Open returns Fitbit (2).xlsx
2014-05-24 20:04 - 2014-05-24 20:04 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-24 20:04 - 2014-05-24 20:04 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-24 20:04 - 2014-01-08 20:54 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-05-24 20:04 - 2013-12-13 20:45 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-05-24 20:04 - 2013-12-13 20:45 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-05-24 20:04 - 2013-12-13 20:45 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-05-24 20:04 - 2013-12-13 20:45 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-05-24 20:04 - 2013-12-13 20:45 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-05-24 20:04 - 2013-12-13 20:45 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-05-24 20:04 - 2013-12-13 20:45 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-05-24 20:04 - 2013-12-13 20:45 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-05-24 20:04 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-22 19:50 - 2014-03-16 22:13 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 23:16 - 2013-12-13 20:42 - 00000000 ____D () C:\ProgramData\DivX
2014-05-19 23:16 - 2013-12-13 20:42 - 00000000 ____D () C:\Program Files (x86)\DivX
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-09 21:14
 
==================== End Of Log ============================

Attached Files



#6 silvergo

silvergo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 19 June 2014 - 12:58 AM

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-18 22:46:49
-----------------------------
22:46:49.245    OS Version: Windows x64 6.2.9200 
22:46:49.245    Number of processors: 4 586 0x403
22:46:49.246    ComputerName: REDDRAGON  UserName: 
22:46:49.583    Initialize success
22:46:49.584    VM: initialized successfully
22:46:49.587    VM: outdated driver version !
22:46:52.570    AVAST engine defs: 14061701
22:47:42.021    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000029
22:47:42.023    Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 122104MB BusType: 11
22:47:42.026    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000002a
22:47:42.028    Disk 1 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 11
22:47:42.036    Disk 0 MBR read successfully
22:47:42.038    Disk 0 MBR scan
22:47:42.042    Disk 0 Windows 7 default MBR code
22:47:42.045    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:47:42.049    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
22:47:42.058    Disk 0 scanning C:\WINDOWS\system32\drivers
22:47:44.460    Service scanning
22:47:49.652    Modules scanning
22:47:49.676    Disk 0 trace - called modules:
22:47:49.684    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys 
22:47:49.690    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0000105d060]
22:47:49.695    3 CLASSPNP.SYS[fffff80000ba8abb] -> nt!IofCallDriver -> \Device\00000029[0xffffe00000e4f7f0]
22:47:49.981    AVAST engine scan C:\WINDOWS
22:47:50.195    AVAST engine scan C:\WINDOWS\system32
22:48:39.354    AVAST engine scan C:\WINDOWS\system32\drivers
22:48:44.708    AVAST engine scan C:\Users\Red Dragon
22:49:03.314    Disk 0 MBR has been saved successfully to "C:\Users\Red Dragon\Desktop\MBR.dat"
22:49:03.321    The log file has been saved successfully to "C:\Users\Red Dragon\Desktop\aswMBR.txt"
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-18 22:50:14
-----------------------------
22:50:14.538    OS Version: Windows x64 6.2.9200 
22:50:14.538    Number of processors: 4 586 0x403
22:50:14.540    ComputerName: REDDRAGON  UserName: 
22:50:14.937    Initialize success
22:50:14.937    VM: initialized successfully
22:50:14.946    VM: outdated driver version !
22:50:17.846    AVAST engine defs: 14061701
22:50:20.041    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000029
22:50:20.044    Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 122104MB BusType: 11
22:50:20.047    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000002a
22:50:20.050    Disk 1 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 11
22:50:20.078    Disk 0 MBR read successfully
22:50:20.081    Disk 0 MBR scan
22:50:20.085    Disk 0 Windows 7 default MBR code
22:50:20.089    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:50:20.094    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
22:50:20.124    Disk 0 scanning C:\WINDOWS\system32\drivers
22:50:24.664    Service scanning
22:50:29.924    Modules scanning
22:50:29.957    Disk 0 trace - called modules:
22:50:29.972    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys 
22:50:29.978    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0000105d060]
22:50:29.984    3 CLASSPNP.SYS[fffff80000ba8abb] -> nt!IofCallDriver -> \Device\00000029[0xffffe00000e4f7f0]
22:50:30.371    AVAST engine scan C:\WINDOWS
22:50:31.338    AVAST engine scan C:\WINDOWS\system32
22:51:30.669    AVAST engine scan C:\WINDOWS\system32\drivers
22:51:35.889    AVAST engine scan C:\Users\Red Dragon
22:55:08.780    AVAST engine scan C:\ProgramData
22:55:16.061    Scan finished successfully
22:56:36.625    Disk 0 MBR has been saved successfully to "C:\Users\Red Dragon\Desktop\MBR.dat"
22:56:36.630    The log file has been saved successfully to "C:\Users\Red Dragon\Desktop\aswMBR.txt"
 
 

Thank you so much for your time! Also the IT guy came buy but I'm not sure if what he did actually fixed it. Thanks

Attached Files

  • Attached File  MBR.zip   559bytes   0 downloads


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 PM

Posted 19 June 2014 - 11:31 AM

Download the attached fixlist.txt file and save it to your downloads folder as that is where FRST64.exe is saved.

Attached File  FixList.txt   1.12KB   3 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

NEXT

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 silvergo

silvergo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 19 June 2014 - 11:17 PM

Hey Bleepin' Tiger, I just want to say thank you so much for the time you spent on this, I feel really awful wasting your time but the IT guy decided to reformat. Couldn't afford to have me wait. Thank you and if I can donate lmk. 

 

- Matthew 



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 PM

Posted 20 June 2014 - 01:11 PM

No worries, probably a reformat was for the best anyway.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 PM

Posted 20 June 2014 - 01:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users