Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with vbs/jenxcus!ink


  • This topic is locked This topic is locked
8 replies to this topic

#1 d_win_d

d_win_d

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 20 June 2014 - 11:04 PM

Hi,

 

I just did a full scan on my computer with MSE and it found that my machine is infected with the vbs/jenxcus!Ink worm. I have since quarantined it but I figured it would be better to remove it entirely from my computer. I found a thread here on the same problem posted by another user but that thread is dead.

 

Please help me out. My dds.txt file is as follows.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Jin at 10:51:42 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8074.5058 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_monitor.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tecplot\RLM\rlm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\lmgrd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Tecplot\RLM\rlm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Jin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansyslmd.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %SYSTEMROOT%\system32\BfLLR.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {B46FA8BD-AE41-4821-AFF4-D4FFE4F3D390} - hxxp://presentur.ntu.edu.sg/aculearn-idm/dlls/acuviewer.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{98A55DE7-A6A1-4CDB-83F8-DFC54BC5B029} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AFFBFB80-B9DD-4273-9216-0FD3427FDC73} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AFFBFB80-B9DD-4273-9216-0FD3427FDC73}\3594D4F53547574656E647F2143737F63696164756 : DHCPNameServer = 10.20.50.26 10.20.50.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jin\AppData\Roaming\Mozilla\Firefox\Profiles\ejf4g7m7.default-1377252059151\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-9 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-3-17 33736]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-30 56208]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-8-9 22128]
R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2012-7-23 66928]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-26 283200]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-10-13 31136]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2014-3-17 300320]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-6-15 14704]
R2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [2012-10-24 4954112]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-13 106144]
R2 CtHdaSvc;Sound Core3D Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2012-8-9 122880]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-9 2439272]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-9 161560]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 133928]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-7-23 490496]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-17 411936]
R2 teclmd;teclmd;C:\Program Files (x86)\Tecplot\RLM\rlm.exe [2013-3-18 1536000]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-9 363800]
R2 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-6-23 87040]
R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\drivers\Ak27x64.sys [2012-7-23 3364720]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-13 30368]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-8-9 176096]
R3 cthda;Sound Core3D(CtHda.sys);C:\Windows\System32\drivers\CtHda.sys [2012-8-9 1052760]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-9 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-9 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-9 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-8-9 108656]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-8-9 340584]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2012-8-9 67184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-13 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-13 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-13 110752]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-13 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-13 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-13 280992]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-13 550560]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-8-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-8-9 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-2-27 108800]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-24 1315592]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-20 37344]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-9-26 14448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-16 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-16 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-2-27 206080]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-14 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-06-20 20:23:33    10779000    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{228DDC69-5C78-47A2-8F62-E5483A4F4C04}\mpengine.dll
2014-06-20 13:19:19    10779000    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-13 14:44:22    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A66C74FE-AC44-4EAF-8788-1890C11CCBCA}\gapaengine.dll
2014-06-11 11:51:59    752640    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2014-06-11 11:49:56    506368    ----a-w-    C:\Windows\System32\aepdu.dll
2014-06-11 11:49:55    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-06-07 11:25:28    --------    d-----w-    C:\Users\Jin\AppData\Local\DOSBox
2014-06-07 11:25:18    --------    d-----w-    C:\Program Files (x86)\DOSBox-0.74
2014-06-07 11:18:32    --------    d-----w-    C:\Games
2014-06-05 17:53:37    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8407B36C-6C35-4C86-85D6-E4951CE83CCF}\gapaengine.dll
2014-05-28 07:13:50    --------    d-----w-    C:\Users\Jin\AppData\Local\EA Games
2014-05-28 07:13:35    --------    d-----w-    C:\ProgramData\Solidshield
.
==================== Find3M  ====================
.
2014-05-30 10:02:37    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22    5782528    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-30 07:56:50    4244992    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10    1790976    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-14 13:26:23    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 13:26:23    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-14 13:26:12    17938608    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-05-08 09:32:11    3178496    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09    288192    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-31 14:46:48    130712    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2014-03-31 14:46:48    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-26 14:44:48    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39    2048    ----a-w-    C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50    1389056    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14    2048    ----a-w-    C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 10:52:12.66 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 d_win_d

d_win_d
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 24 June 2014 - 06:11 AM

any help, please?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 25 June 2014 - 08:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log.

Lets continue.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#4 d_win_d

d_win_d
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 28 June 2014 - 06:40 AM

hi nasdaq, thanks for helping me out. i have followed your instructions and the logs are as follows:

 

My AdwCleaner log:

 

# AdwCleaner v3.213 - Report created 28/06/2014 at 19:27:24
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jin - JIN-PC
# Running from : C:\Users\Jin\Desktop\adwcleaner_3.213.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Jin\AppData\LocalLow\SkwConfig.bin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\BillP Studios
Key Found : HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\BillP Studios
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : HKLM\Software\BillP Studios
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\Software\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Key Found : HKLM\Software\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
Key Found : HKLM\Software\Myfree Codec
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{84481A87-2316-4923-8FAB-3BA8CA29323D}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Jin\AppData\Roaming\Mozilla\Firefox\Profiles\ejf4g7m7.default-1377252059151\prefs.js ]


*************************

AdwCleaner[R0].txt - [3069 octets] - [24/08/2013 00:29:30]
AdwCleaner[R1].txt - [899 octets] - [24/08/2013 00:35:30]
AdwCleaner[R2].txt - [1017 octets] - [24/08/2013 00:38:30]
AdwCleaner[R3].txt - [1138 octets] - [24/08/2013 03:27:32]
AdwCleaner[R4].txt - [2931 octets] - [28/06/2014 19:27:24]
AdwCleaner[S0].txt - [2806 octets] - [24/08/2013 00:32:35]
AdwCleaner[S1].txt - [959 octets] - [24/08/2013 00:36:10]
AdwCleaner[S2].txt - [1078 octets] - [24/08/2013 00:39:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [3170 octets] ##########

 

 

My FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by Jin (administrator) on JIN-PC on 28-06-2014 19:32:03
Running from C:\Users\Jin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_monitor.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Reprise Software Inc.) C:\Program Files (x86)\Tecplot\RLM\rlm.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
(Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\lmgrd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Reprise Software Inc.) C:\Program Files (x86)\Tecplot\RLM\rlm.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Dropbox, Inc.) C:\Users\Jin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansyslmd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-19] (Intel Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1546096 2011-11-03] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-453376142-1037845945-4060115038-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-453376142-1037845945-4060115038-1000\...\Run: [DellSystemDetect] => C:\Users\Jin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-453376142-1037845945-4060115038-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-453376142-1037845945-4060115038-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-453376142-1037845945-4060115038-1000\...\MountPoints2: {10e43e77-bd80-11e3-b082-e006e611b15b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-453376142-1037845945-4060115038-1000\...\MountPoints2: {1efbc0dc-eaab-11e1-bb3d-d4bed93ca177} - F:\LaunchU3.exe -a
HKU\S-1-5-21-453376142-1037845945-4060115038-1000\...\MountPoints2: {1f9195aa-24c3-11e3-9778-d4bed93ca177} - F:\Startme.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {B46FA8BD-AE41-4821-AFF4-D4FFE4F3D390} http://presentur.ntu.edu.sg/aculearn-idm/dlls/acuviewer.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 05 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 06 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 18 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jin\AppData\Roaming\Mozilla\Firefox\Profiles\ejf4g7m7.default-1377252059151
FF NetworkProxy: "http", "157.7.143.89"
FF NetworkProxy: "http_port", 8888
FF NetworkProxy: "socks_version", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: YouTube High Definition - C:\Users\Jin\AppData\Roaming\Mozilla\Firefox\Profiles\ejf4g7m7.default-1377252059151\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-01-25]
FF Extension: Adblock Plus - C:\Users\Jin\AppData\Roaming\Mozilla\Firefox\Profiles\ejf4g7m7.default-1377252059151\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-23]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-30]
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox

==================== Services (Whitelisted) =================

R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [4954112 2011-10-18] (ANSYS, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-09] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-27] (Creative Technology Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-07-23] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-10-24] (SolidWorks) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 teclmd; C:\Program Files (x86)\Tecplot\RLM\rlm.exe [1536000 2011-05-15] (Reprise Software Inc.) [File not signed]
R2 XMouseButton Launcher; C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [87040 2012-06-23] (Highresolution Enterprises) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [3364720 2012-07-23] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2012-07-23] (Qualcomm Atheros, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-27] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-26] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-10-13] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2014-03-04] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2011-02-16] (Western Digital Technologies) [File not signed]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-28 19:32 - 2014-06-28 19:32 - 00019103 _____ () C:\Users\Jin\Downloads\FRST.txt
2014-06-28 19:31 - 2014-06-28 19:32 - 00000000 ____D () C:\FRST
2014-06-28 19:30 - 2014-06-28 19:31 - 02083328 _____ (Farbar) C:\Users\Jin\Downloads\FRST64.exe
2014-06-28 19:25 - 2014-06-28 19:26 - 01342659 _____ () C:\Users\Jin\Desktop\adwcleaner_3.213.exe
2014-06-28 01:25 - 2014-06-21 13:46 - 00000000 ____D () C:\Users\Jin\Downloads\NAOP - SEX ADDICTION
2014-06-28 01:20 - 2014-06-28 01:24 - 11661239 _____ () C:\Users\Jin\Downloads\NAOP - SEX ADDICTION.rar
2014-06-21 10:52 - 2014-06-21 10:52 - 00023382 _____ () C:\Users\Jin\Desktop\dds.txt
2014-06-21 10:52 - 2014-06-21 10:52 - 00009246 _____ () C:\Users\Jin\Desktop\attach.txt
2014-06-21 10:44 - 2014-06-21 10:44 - 00688992 ____R (Swearware) C:\Users\Jin\Downloads\dds.com
2014-06-18 22:55 - 2014-06-18 22:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 20:41 - 2014-06-15 20:41 - 00018905 _____ () C:\Users\Jin\Downloads\Ghost_In_The_Shell_Manga_Collection_(PDF).8699606.TPB.torrent
2014-06-13 23:14 - 2014-06-13 23:14 - 00089942 _____ () C:\Users\Jin\Downloads\[o] [COAT] Sports Boy GANG - The Third (体育会の超絶輪姦 - 勇武 MASAKI 桜井柊真.torrent
2014-06-13 23:07 - 2014-06-13 23:07 - 00014399 _____ () C:\Users\Jin\Downloads\[GayHoopla.com] Three Friends_ Suck'n'Cum (Dmitry Dickov, Jaden Storm and JJ Swift).mp4.torrent
2014-06-11 19:52 - 2014-05-30 18:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 19:52 - 2014-05-30 18:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 19:52 - 2014-05-30 17:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 19:52 - 2014-05-30 17:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 19:52 - 2014-05-30 17:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 19:52 - 2014-05-30 17:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 19:52 - 2014-05-30 17:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 19:52 - 2014-05-30 17:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 19:52 - 2014-05-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 19:52 - 2014-05-30 16:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 19:52 - 2014-05-30 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 19:52 - 2014-05-30 16:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 19:52 - 2014-05-30 16:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 19:52 - 2014-05-30 16:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 19:52 - 2014-05-30 16:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 19:52 - 2014-05-30 16:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 19:52 - 2014-05-30 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 19:52 - 2014-05-30 16:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 19:52 - 2014-05-30 16:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 19:52 - 2014-05-30 16:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 19:52 - 2014-05-30 16:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 19:52 - 2014-05-30 16:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 19:52 - 2014-05-30 16:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 19:52 - 2014-05-30 16:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 19:52 - 2014-05-30 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 19:52 - 2014-05-30 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 19:52 - 2014-05-30 15:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 19:52 - 2014-05-30 15:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 19:52 - 2014-05-30 15:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 19:52 - 2014-05-30 15:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 19:52 - 2014-05-08 17:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 19:52 - 2014-05-08 17:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 19:52 - 2014-04-25 10:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 19:52 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 19:52 - 2014-04-05 10:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 19:52 - 2014-04-05 10:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 19:52 - 2014-03-26 22:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 19:52 - 2014-03-26 22:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 19:52 - 2014-03-26 22:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 19:52 - 2014-03-26 22:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 19:52 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 19:52 - 2014-03-26 22:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 19:52 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 19:52 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 19:51 - 2014-05-30 18:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 19:51 - 2014-05-30 17:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 19:51 - 2014-05-30 17:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 19:51 - 2014-05-30 17:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 19:51 - 2014-05-30 17:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 19:51 - 2014-05-30 17:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 19:51 - 2014-05-30 17:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 19:51 - 2014-05-30 17:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 19:51 - 2014-05-30 17:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 19:51 - 2014-05-30 16:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 19:51 - 2014-05-30 16:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 19:51 - 2014-05-30 16:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 19:51 - 2014-05-30 16:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 19:51 - 2014-05-30 16:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 19:51 - 2014-05-30 16:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 19:51 - 2014-05-30 16:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 19:51 - 2014-05-30 15:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 19:51 - 2014-05-30 15:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 19:51 - 2014-05-30 15:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 19:51 - 2014-05-30 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 19:51 - 2014-05-30 15:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 19:51 - 2014-05-30 15:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 19:49 - 2014-06-08 17:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 19:49 - 2014-06-08 17:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 19:25 - 2014-06-07 19:25 - 00001918 _____ () C:\Users\Public\Desktop\DOSBox 0.74.lnk
2014-06-07 19:25 - 2014-06-07 19:25 - 00000000 ____D () C:\Users\Jin\AppData\Local\DOSBox
2014-06-07 19:25 - 2014-06-07 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2014-06-07 19:25 - 2014-06-07 19:25 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-06-07 19:24 - 2014-06-07 19:25 - 01448809 _____ (DOSBox Team) C:\Users\Jin\Downloads\DOSBox0.74-win32-installer.exe
2014-06-07 19:18 - 2014-06-07 19:28 - 00000000 ____D () C:\Games
2014-06-07 19:14 - 2014-06-07 19:15 - 04347392 _____ () C:\Users\Jin\Downloads\Dune2.exe
2014-06-04 00:01 - 2014-06-04 00:01 - 00000000 ____D () C:\Users\Jin\Downloads\sonicthehedgeho
2014-06-03 23:28 - 2014-06-03 23:28 - 00406512 _____ () C:\Users\Jin\Downloads\sonicthehedgeho.zip
2014-06-03 23:21 - 2014-06-03 23:21 - 00605470 _____ () C:\Users\Jin\Downloads\dune.zip
2014-06-03 23:21 - 2014-06-03 23:21 - 00000000 ____D () C:\Users\Jin\Downloads\dune
2014-06-03 23:19 - 2014-06-03 23:19 - 00624872 _____ () C:\Users\Jin\Downloads\CR_Downloader_for_dune---the-battle-for-arrakis.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00392734 _____ () C:\Users\Jin\Downloads\Fusion364.zip
2014-06-03 23:16 - 2014-06-03 23:16 - 00000000 ____D () C:\Users\Jin\Downloads\Fusion364
2014-06-03 21:30 - 2014-06-03 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-06-03 21:29 - 2014-06-03 21:29 - 02638704 _____ () C:\Users\Jin\Downloads\mp3tagv259asetup.exe
2014-06-02 23:21 - 2014-06-28 15:07 - 01113529 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 23:16 - 2014-06-02 23:16 - 04748896 _____ (Piriform Ltd) C:\Users\Jin\Downloads\ccsetup414.exe
2014-05-31 18:13 - 2014-05-31 18:13 - 00000221 _____ () C:\Users\Jin\Desktop\Dead Space 2.url

==================== One Month Modified Files and Folders =======

2014-06-28 19:32 - 2014-06-28 19:32 - 00019103 _____ () C:\Users\Jin\Downloads\FRST.txt
2014-06-28 19:32 - 2014-06-28 19:31 - 00000000 ____D () C:\FRST
2014-06-28 19:31 - 2014-06-28 19:30 - 02083328 _____ (Farbar) C:\Users\Jin\Downloads\FRST64.exe
2014-06-28 19:27 - 2013-08-24 00:28 - 00000000 ____D () C:\AdwCleaner
2014-06-28 19:26 - 2014-06-28 19:25 - 01342659 _____ () C:\Users\Jin\Desktop\adwcleaner_3.213.exe
2014-06-28 19:26 - 2012-08-13 18:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 19:24 - 2013-02-19 15:31 - 00000000 ____D () C:\Users\Jin\AppData\Roaming\tixati
2014-06-28 15:07 - 2014-06-02 23:21 - 01113529 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 12:37 - 2013-08-05 19:52 - 00000000 ____D () C:\Users\Jin\AppData\Roaming\vlc
2014-06-28 12:37 - 2013-07-29 14:15 - 00000000 ____D () C:\Users\Jin\AppData\Roaming\mIRC
2014-06-28 10:31 - 2012-08-30 10:56 - 00000000 ____D () C:\Users\Jin\AppData\Local\Adobe
2014-06-28 01:25 - 2012-08-17 19:40 - 00000000 ____D () C:\Users\Jin\AppData\Roaming\Skype
2014-06-28 01:24 - 2014-06-28 01:20 - 11661239 _____ () C:\Users\Jin\Downloads\NAOP - SEX ADDICTION.rar
2014-06-27 23:01 - 2012-08-21 18:27 - 00000000 ____D () C:\Users\Jin\Desktop\Stuff
2014-06-27 20:34 - 2013-09-07 13:07 - 00000000 ___RD () C:\Users\Jin\Dropbox
2014-06-27 20:34 - 2013-09-07 13:03 - 00000000 ____D () C:\Users\Jin\AppData\Roaming\Dropbox
2014-06-21 13:46 - 2014-06-28 01:25 - 00000000 ____D () C:\Users\Jin\Downloads\NAOP - SEX ADDICTION
2014-06-21 10:52 - 2014-06-21 10:52 - 00023382 _____ () C:\Users\Jin\Desktop\dds.txt
2014-06-21 10:52 - 2014-06-21 10:52 - 00009246 _____ () C:\Users\Jin\Desktop\attach.txt
2014-06-21 10:44 - 2014-06-21 10:44 - 00688992 ____R (Swearware) C:\Users\Jin\Downloads\dds.com
2014-06-20 21:26 - 2013-01-06 03:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-20 21:26 - 2012-08-14 14:44 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-20 21:26 - 2012-08-14 14:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-19 21:09 - 2013-07-24 00:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 22:55 - 2014-06-18 22:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 23:25 - 2014-02-19 21:23 - 00000000 ____D () C:\Users\Jin\Desktop\Cover
2014-06-16 21:41 - 2014-04-09 22:35 - 00000000 ____D () C:\Users\Jin\AppData\Roaming\DropboxMaster
2014-06-15 20:41 - 2014-06-15 20:41 - 00018905 _____ () C:\Users\Jin\Downloads\Ghost_In_The_Shell_Manga_Collection_(PDF).8699606.TPB.torrent
2014-06-15 20:23 - 2009-07-14 12:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 20:23 - 2009-07-14 12:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-15 17:08 - 2014-03-08 13:07 - 00001969 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-06-13 23:14 - 2014-06-13 23:14 - 00089942 _____ () C:\Users\Jin\Downloads\[o] [COAT] Sports Boy GANG - The Third (体育会の超絶輪姦 - 勇武 MASAKI 桜井柊真.torrent
2014-06-13 23:07 - 2014-06-13 23:07 - 00014399 _____ () C:\Users\Jin\Downloads\[GayHoopla.com] Three Friends_ Suck'n'Cum (Dmitry Dickov, Jaden Storm and JJ Swift).mp4.torrent
2014-06-13 22:32 - 2014-03-17 23:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-13 22:32 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 20:13 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 18:45 - 2013-07-14 14:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 18:41 - 2012-08-29 23:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 18:41 - 2012-08-09 20:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 18:39 - 2014-05-10 11:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-09 21:19 - 2014-01-12 15:26 - 00000000 ____D () C:\Users\Jin\Desktop\SIAEC Materials
2014-06-08 17:13 - 2014-06-11 19:49 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 17:08 - 2014-06-11 19:49 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 19:28 - 2014-06-07 19:18 - 00000000 ____D () C:\Games
2014-06-07 19:25 - 2014-06-07 19:25 - 00001918 _____ () C:\Users\Public\Desktop\DOSBox 0.74.lnk
2014-06-07 19:25 - 2014-06-07 19:25 - 00000000 ____D () C:\Users\Jin\AppData\Local\DOSBox
2014-06-07 19:25 - 2014-06-07 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2014-06-07 19:25 - 2014-06-07 19:25 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-06-07 19:25 - 2014-06-07 19:24 - 01448809 _____ (DOSBox Team) C:\Users\Jin\Downloads\DOSBox0.74-win32-installer.exe
2014-06-07 19:15 - 2014-06-07 19:14 - 04347392 _____ () C:\Users\Jin\Downloads\Dune2.exe
2014-06-04 22:12 - 2014-02-06 23:02 - 00000000 ____D () C:\Users\Jin\AppData\Roaming\Mp3tag
2014-06-04 00:01 - 2014-06-04 00:01 - 00000000 ____D () C:\Users\Jin\Downloads\sonicthehedgeho
2014-06-03 23:28 - 2014-06-03 23:28 - 00406512 _____ () C:\Users\Jin\Downloads\sonicthehedgeho.zip
2014-06-03 23:21 - 2014-06-03 23:21 - 00605470 _____ () C:\Users\Jin\Downloads\dune.zip
2014-06-03 23:21 - 2014-06-03 23:21 - 00000000 ____D () C:\Users\Jin\Downloads\dune
2014-06-03 23:19 - 2014-06-03 23:19 - 00624872 _____ () C:\Users\Jin\Downloads\CR_Downloader_for_dune---the-battle-for-arrakis.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00392734 _____ () C:\Users\Jin\Downloads\Fusion364.zip
2014-06-03 23:16 - 2014-06-03 23:16 - 00000000 ____D () C:\Users\Jin\Downloads\Fusion364
2014-06-03 21:30 - 2014-06-03 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-06-03 21:30 - 2014-02-06 23:01 - 00000979 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-06-03 21:30 - 2014-02-06 23:01 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-06-03 21:29 - 2014-06-03 21:29 - 02638704 _____ () C:\Users\Jin\Downloads\mp3tagv259asetup.exe
2014-06-02 23:21 - 2012-10-30 10:48 - 00000000 ____D () C:\Users\Jin\AppData\Local\CrashDumps
2014-06-02 23:17 - 2012-08-14 15:29 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-02 23:17 - 2012-08-14 15:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-02 23:16 - 2014-06-02 23:16 - 04748896 _____ (Piriform Ltd) C:\Users\Jin\Downloads\ccsetup414.exe
2014-05-31 18:13 - 2014-05-31 18:13 - 00000221 _____ () C:\Users\Jin\Desktop\Dead Space 2.url
2014-05-30 18:21 - 2014-06-11 19:51 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 18:02 - 2014-06-11 19:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 18:02 - 2014-06-11 19:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 17:45 - 2014-06-11 19:52 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 17:39 - 2014-06-11 19:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 17:39 - 2014-06-11 19:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 17:38 - 2014-06-11 19:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 17:28 - 2014-06-11 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 17:27 - 2014-06-11 19:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 17:24 - 2014-06-11 19:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 17:21 - 2014-06-11 19:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 17:21 - 2014-06-11 19:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 17:20 - 2014-06-11 19:51 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 17:18 - 2014-06-11 19:52 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 17:11 - 2014-06-11 19:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 17:08 - 2014-06-11 19:51 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 17:06 - 2014-06-11 19:52 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 17:02 - 2014-06-11 19:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 16:55 - 2014-06-11 19:52 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 16:49 - 2014-06-11 19:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 16:46 - 2014-06-11 19:51 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 16:44 - 2014-06-11 19:51 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 16:44 - 2014-06-11 19:51 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 16:43 - 2014-06-11 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 16:42 - 2014-06-11 19:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 16:38 - 2014-06-11 19:52 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 16:35 - 2014-06-11 19:52 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 16:34 - 2014-06-11 19:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 16:33 - 2014-06-11 19:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 16:30 - 2014-06-11 19:52 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 16:29 - 2014-06-11 19:52 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 16:28 - 2014-06-11 19:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 16:27 - 2014-06-11 19:52 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 16:24 - 2014-06-11 19:51 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 16:23 - 2014-06-11 19:52 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 16:16 - 2014-06-11 19:52 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 16:10 - 2014-06-11 19:52 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 16:06 - 2014-06-11 19:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 16:04 - 2014-06-11 19:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 16:02 - 2014-06-11 19:52 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 15:56 - 2014-06-11 19:51 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 15:56 - 2014-06-11 19:51 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 15:54 - 2014-06-11 19:52 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 15:50 - 2014-06-11 19:52 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 15:49 - 2014-06-11 19:52 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 15:43 - 2014-06-11 19:51 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 15:40 - 2014-06-11 19:52 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 15:30 - 2014-06-11 19:52 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 15:21 - 2014-06-11 19:51 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 15:15 - 2014-06-11 19:52 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 15:13 - 2014-06-11 19:51 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 15:13 - 2014-06-11 19:51 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Jin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnqbzun.dll
C:\Users\Jin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwn0g5n.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 13:09

==================== End Of Log ============================
 

 

And then I have attached my addition log as well.

Hope i did everything correctly.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 28 June 2014 - 07:33 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-453376142-1037845945-4060115038-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Jin\AppData\Local\DdKRhXsmO:aGP1uvJVEry1Ua5X5Vn62zHfK
AlternateDataStreams: C:\Users\Jin\AppData\Local\KudXeIjPuQK6No:9SdTCIejaC6t0yC6FStn
AlternateDataStreams: C:\Users\Jin\AppData\Local\Temp:bHSKZje70BrKQ5iSHycq5h
C:\Users\Jin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnqbzun.dll
C:\Users\Jin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwn0g5n.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If not already done run the AdwCleaner tool and run the clean option.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

Let me know of any problems with this computer.

#6 d_win_d

d_win_d
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 30 June 2014 - 10:36 AM

Hi nasdaq, I have carried out your instructions.

 

My fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02
Ran by Jin at 2014-06-30 23:02:54 Run:1
Running from C:\Users\Jin\Desktop\New folder (2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-453376142-1037845945-4060115038-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Jin\AppData\Local\DdKRhXsmO:aGP1uvJVEry1Ua5X5Vn62zHfK
AlternateDataStreams: C:\Users\Jin\AppData\Local\KudXeIjPuQK6No:9SdTCIejaC6t0yC6FStn
AlternateDataStreams: C:\Users\Jin\AppData\Local\Temp:bHSKZje70BrKQ5iSHycq5h
C:\Users\Jin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnqbzun.dll
C:\Users\Jin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwn0g5n.dll

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-453376142-1037845945-4060115038-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => value deleted successfully.
NVHDA => Service deleted successfully.
pccsmcfd => Service deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\Users\Jin\AppData\Local\DdKRhXsmO => ":aGP1uvJVEry1Ua5X5Vn62zHfK" ADS removed successfully.
C:\Users\Jin\AppData\Local\KudXeIjPuQK6No => ":9SdTCIejaC6t0yC6FStn" ADS removed successfully.
C:\Users\Jin\AppData\Local\Temp => ":bHSKZje70BrKQ5iSHycq5h" ADS removed successfully.
"C:\Users\Jin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnqbzun.dll" => File/Directory not found.
C:\Users\Jin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwn0g5n.dll => Moved successfully.

==== End of Fixlog ====

 

 

 

My checkup.txt:

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
  Adobe Flash Player 13.0.0.214 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (30.0)
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 30 June 2014 - 01:17 PM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>


Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===
If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#8 d_win_d

d_win_d
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 01 July 2014 - 09:51 AM

nasdaq, thanks for your help. have a great day! :D

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 01 July 2014 - 10:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users