Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Small.CA - Action center prompts to remove Win32/Small.CA


  • Please log in to reply
6 replies to this topic

#1 ronllat

ronllat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 05 July 2014 - 09:11 PM

This happened 4 days ago, I checked what kind of malware it is and it looked very dangerous and serious. I use avast!free antivirus and spybot - search and destroy but they didn't help at all. I also tried the manual cleaning using safe mode but did not find any associated files with win32 malware at all. Just new to the forums, saw it recommended by people on other forum sites when I searched on how to get rid of win32 malware. Please help me. Thanks. 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 10 July 2014 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 ronllat

ronllat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 11 July 2014 - 11:44 AM

Thanks for responding.I've gone through every single step that you mentioned and everything went smoothly. Here's the contents of FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Aaron (administrator) on RON on 11-07-2014 11:35:46
Running from C:\Users\Aaron\Downloads
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Scarlet.Crush Productions) C:\Program Files\ScpServer\bin\ScpService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-05] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1570383345-2772976363-3873454603-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-10] (Valve Corporation)
HKU\S-1-5-21-1570383345-2772976363-3873454603-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1570383345-2772976363-3873454603-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1570383345-2772976363-3873454603-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-1570383345-2772976363-3873454603-1002\...\MountPoints2: {54f839b5-4712-11e2-be6b-84a6c8be82f4} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = dnf.neople.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {E76B4BAF-F7D1-49EB-AFAF-334CC1B8900C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {E76B4BAF-F7D1-49EB-AFAF-334CC1B8900C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {E76B4BAF-F7D1-49EB-AFAF-334CC1B8900C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - {E76B4BAF-F7D1-49EB-AFAF-334CC1B8900C} URL = 
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://acadvpn.rrc.ca/CACHE/stc/1/binaries/vpnweb.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.254
 
FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @Webzen.com/NPBrowserExt - C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: ColorZilla - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2014-01-21]
FF Extension: Auto Reload - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\autoreload@yz.com.xpi [2014-01-21]
FF Extension: Firebug - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\firebug@software.joehewitt.com.xpi [2013-10-25]
FF Extension: Ghostery - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\firefox@ghostery.com.xpi [2014-01-21]
FF Extension: Google translate https - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\jid1-vhLR6vkMUx9csw@jetpack.xpi [2014-05-20]
FF Extension: Validator - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\validator@spaghetticoder.org.xpi [2014-01-21]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-01-21]
FF Extension: MeasureIt - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-01-21]
FF Extension: YouTube High Definition - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-01-29]
FF Extension: GridFox - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B}.xpi [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: hxxp://dell13.msn.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-25]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-15]
CHR Extension: (Youtube HD Enabler) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdiejhidnbholnbhiahjbbogcgmlihke [2014-02-25]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-15]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-15]
CHR Extension: (AdBlock) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-25]
CHR Extension: (Black Rock Shooter 3) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hagbconanlohocojnhkkeefflohaecch [2014-02-25]
CHR Extension: (Google Wallet) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-05]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 Ds3Service; C:\Program Files\ScpServer\bin\ScpService.exe [388352 2014-05-02] (Scarlet.Crush Productions)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5434008 2013-08-25] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-06-17] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-25] (SoftThinks SAS)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
S3 Tomcat5; C:\Program Files (x86)\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [102400 2005-09-23] (Apache Software Foundation) [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2012-12-03] (VMware, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-05] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2014-04-29] (Scarlet.Crush Productions)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [159160 2013-12-12] (TENCENT) [File not signed]
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Aaron\AppData\Local\Temp\ALSysIO64.sys [X]
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X]
S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 iBtFltCoex; \SystemRoot\system32\DRIVERS\iBtFltCoex.sys [X]
S3 TDKLIB; \??\C:\Users\Aaron\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-11 11:35 - 2014-07-11 11:36 - 00024454 _____ () C:\Users\Aaron\Downloads\FRST.txt
2014-07-11 11:35 - 2014-07-11 11:35 - 00000000 ____D () C:\FRST
2014-07-11 11:34 - 2014-07-11 11:34 - 02084864 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe
2014-07-11 11:33 - 2014-07-11 11:33 - 00001983 _____ () C:\Users\Aaron\Desktop\july2014scan2.txt
2014-07-11 11:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-11 11:09 - 2014-07-11 11:18 - 00000000 ____D () C:\AdwCleaner
2014-07-11 10:56 - 2014-07-11 10:56 - 00004307 _____ () C:\Users\Aaron\Desktop\july2014scan.txt
2014-07-11 04:35 - 2014-07-11 04:36 - 01348263 _____ () C:\Users\Aaron\Downloads\adwcleaner_3.215.exe
2014-07-11 04:30 - 2014-07-11 04:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 04:30 - 2014-07-11 04:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-11 04:30 - 2014-07-11 04:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-11 04:30 - 2014-07-11 04:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-11 04:30 - 2014-07-11 04:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-11 04:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-11 04:30 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-11 04:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-11 04:28 - 2014-07-11 04:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aaron\Downloads\mbam-setup-2-0-2-1012.exe
2014-07-09 16:51 - 2014-07-09 16:52 - 00367840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 16:34 - 2014-06-26 15:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 16:34 - 2014-06-26 15:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 23:33 - 2014-06-17 18:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 23:33 - 2014-06-17 18:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 23:33 - 2014-06-10 23:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 23:33 - 2014-06-02 17:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-08 23:33 - 2014-05-29 18:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-08 23:33 - 2014-05-29 18:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-08 23:33 - 2014-05-29 18:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 23:33 - 2014-05-03 01:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-08 23:33 - 2014-05-03 01:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-08 23:33 - 2014-05-02 23:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-08 23:33 - 2014-05-01 17:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-08 23:33 - 2014-04-29 17:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-08 23:33 - 2014-04-29 17:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-08 23:33 - 2014-04-23 18:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-08 23:33 - 2014-04-23 18:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 23:33 - 2014-04-23 18:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-08 23:33 - 2014-04-23 18:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 23:33 - 2014-02-07 23:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-08 23:32 - 2014-05-29 18:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-08 23:31 - 2014-06-18 21:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 23:31 - 2014-06-18 19:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 23:30 - 2014-06-18 21:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 23:30 - 2014-06-18 21:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 23:30 - 2014-06-18 21:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-08 23:30 - 2014-06-18 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-08 23:30 - 2014-06-18 21:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 23:30 - 2014-06-18 21:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 23:30 - 2014-06-18 21:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 23:30 - 2014-06-18 21:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 23:30 - 2014-06-18 21:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 23:30 - 2014-06-18 19:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 23:30 - 2014-06-18 19:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 23:30 - 2014-06-18 19:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 23:30 - 2014-06-18 19:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 23:30 - 2014-06-18 19:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 23:30 - 2014-06-18 19:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 23:30 - 2014-06-18 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 23:30 - 2014-06-18 19:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 23:30 - 2014-06-18 19:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 23:30 - 2014-06-18 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 23:30 - 2014-06-18 17:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-08 23:30 - 2014-06-06 09:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 23:30 - 2014-06-06 05:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 23:30 - 2014-05-29 17:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-05 21:00 - 2014-07-05 21:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-05 21:00 - 2014-07-05 21:00 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-05 20:59 - 2014-07-05 20:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-05 20:50 - 2014-07-05 20:54 - 221072528 _____ () C:\Users\Aaron\Downloads\EmsisoftEmergencyKit.exe
2014-07-05 20:18 - 2014-07-05 20:18 - 00000000 ____D () C:\Windows\pss
2014-07-05 20:02 - 2012-07-26 00:26 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140705-200227.backup
2014-07-05 19:50 - 2014-07-05 19:50 - 00138584 _____ (Kaspersky Lab ZAO) C:\Users\Aaron\Downloads\virutkiller.exe
2014-07-05 19:50 - 2014-07-05 19:50 - 00138584 _____ (Kaspersky Lab ZAO) C:\Users\Aaron\Downloads\virutkiller (1).exe
2014-07-03 01:56 - 2014-07-04 01:16 - 00000000 ____D () C:\Users\Aaron\AppData\Local\PAYDAY 2
2014-07-01 01:35 - 2014-07-01 01:35 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Adobe
2014-06-27 23:17 - 2014-06-27 23:17 - 00000224 _____ () C:\Users\Aaron\BullseyeCoverageError.txt
2014-06-27 11:34 - 2014-06-27 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-27 11:34 - 2014-06-27 11:34 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-06-26 10:05 - 2014-06-26 10:05 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-06-19 15:04 - 2014-06-19 23:41 - 00000000 ____D () C:\Users\Aaron\Desktop\dota 2
2014-06-18 19:09 - 2014-06-18 19:09 - 06114253 _____ () C:\Users\Aaron\Downloads\contest_template.zip
2014-06-16 01:45 - 2014-06-16 01:46 - 03968163 _____ () C:\Users\Aaron\Desktop\SHEEP1402857108.jpeg
2014-06-13 12:24 - 2014-06-13 12:24 - 00171965 _____ () C:\Users\Aaron\Desktop\Agon1382578282.jpeg
2014-06-12 00:52 - 2014-05-03 00:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 00:52 - 2014-05-02 22:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-12 00:50 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-12 00:50 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-12 00:50 - 2014-03-31 17:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-06-12 00:50 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-06-12 00:50 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-12 00:49 - 2014-04-29 17:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-12 00:49 - 2014-04-29 17:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-12 00:47 - 2014-04-03 06:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 00:47 - 2014-03-06 19:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 00:47 - 2014-03-06 19:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
 
==================== One Month Modified Files and Folders =======
 
2014-07-11 11:36 - 2014-07-11 11:35 - 00024454 _____ () C:\Users\Aaron\Downloads\FRST.txt
2014-07-11 11:35 - 2014-07-11 11:35 - 00000000 ____D () C:\FRST
2014-07-11 11:34 - 2014-07-11 11:34 - 02084864 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe
2014-07-11 11:33 - 2014-07-11 11:33 - 00001983 _____ () C:\Users\Aaron\Desktop\july2014scan2.txt
2014-07-11 11:32 - 2014-02-25 15:22 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-11 11:22 - 2012-10-20 07:49 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-11 11:20 - 2013-01-02 13:42 - 00000000 ____D () C:\ProgramData\VMware
2014-07-11 11:19 - 2012-10-20 09:17 - 01721512 _____ () C:\Windows\PFRO.log
2014-07-11 11:19 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-11 11:19 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-11 11:18 - 2014-07-11 11:09 - 00000000 ____D () C:\AdwCleaner
2014-07-11 11:14 - 2013-04-16 13:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-11 11:11 - 2013-10-12 21:41 - 00000000 ____D () C:\Users\Aaron\AppData\Local\LogMeIn Hamachi
2014-07-11 11:02 - 2013-10-03 16:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-11 10:56 - 2014-07-11 10:56 - 00004307 _____ () C:\Users\Aaron\Desktop\july2014scan.txt
2014-07-11 10:43 - 2014-02-25 15:23 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-11 10:32 - 2012-12-15 19:01 - 01877300 _____ () C:\Windows\WindowsUpdate.log
2014-07-11 10:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-11 04:54 - 2013-08-03 02:45 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Skype
2014-07-11 04:51 - 2013-03-12 13:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-11 04:36 - 2014-07-11 04:35 - 01348263 _____ () C:\Users\Aaron\Downloads\adwcleaner_3.215.exe
2014-07-11 04:32 - 2014-07-11 04:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 04:30 - 2014-07-11 04:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-11 04:30 - 2014-07-11 04:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-11 04:30 - 2014-07-11 04:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-11 04:30 - 2014-07-11 04:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-11 04:28 - 2014-07-11 04:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aaron\Downloads\mbam-setup-2-0-2-1012.exe
2014-07-10 14:21 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-07-09 16:52 - 2014-07-09 16:51 - 00367840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 16:39 - 2012-07-26 02:28 - 00854194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 16:30 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 16:30 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 16:30 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 16:30 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 16:20 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-09 16:19 - 2012-12-15 20:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 16:18 - 2013-08-15 18:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:16 - 2012-12-17 14:05 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 16:16 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-08 13:14 - 2013-04-16 13:13 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 01:21 - 2012-12-21 16:18 - 09358848 ___SH () C:\Users\Aaron\Desktop\Thumbs.db
2014-07-05 21:00 - 2014-07-05 21:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-05 21:00 - 2014-07-05 21:00 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-05 21:00 - 2014-01-17 01:49 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-05 21:00 - 2013-10-03 16:39 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-05 21:00 - 2013-10-03 16:39 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-05 21:00 - 2013-10-03 16:38 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-05 21:00 - 2013-10-03 16:38 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-05 21:00 - 2013-10-03 16:38 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-05 21:00 - 2013-10-03 16:38 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-05 21:00 - 2013-10-03 16:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-05 20:59 - 2014-07-05 20:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-05 20:54 - 2014-07-05 20:50 - 221072528 _____ () C:\Users\Aaron\Downloads\EmsisoftEmergencyKit.exe
2014-07-05 20:18 - 2014-07-05 20:18 - 00000000 ____D () C:\Windows\pss
2014-07-05 19:50 - 2014-07-05 19:50 - 00138584 _____ (Kaspersky Lab ZAO) C:\Users\Aaron\Downloads\virutkiller.exe
2014-07-05 19:50 - 2014-07-05 19:50 - 00138584 _____ (Kaspersky Lab ZAO) C:\Users\Aaron\Downloads\virutkiller (1).exe
2014-07-05 19:45 - 2013-02-06 10:12 - 00000000 ____D () C:\Program Files (x86)\TERA
2014-07-04 01:16 - 2014-07-03 01:56 - 00000000 ____D () C:\Users\Aaron\AppData\Local\PAYDAY 2
2014-07-01 04:00 - 2013-01-17 23:34 - 00000157 _____ () C:\Windows\SysWOW64\SystemPreferences.xml
2014-07-01 01:35 - 2014-07-01 01:35 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Adobe
2014-06-30 10:07 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-27 23:17 - 2014-06-27 23:17 - 00000224 _____ () C:\Users\Aaron\BullseyeCoverageError.txt
2014-06-27 23:17 - 2012-12-15 19:01 - 00000000 ____D () C:\Users\Aaron
2014-06-27 11:34 - 2014-06-27 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-27 11:34 - 2014-06-27 11:34 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-06-26 15:53 - 2014-07-09 16:34 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 15:53 - 2014-07-09 16:34 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 11:29 - 2013-04-24 11:32 - 00000000 ____D () C:\Users\Aaron\Documents\My Games
2014-06-26 11:28 - 2012-10-20 07:51 - 00354450 _____ () C:\Windows\DirectX.log
2014-06-26 10:05 - 2014-06-26 10:05 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-06-26 10:05 - 2012-10-20 07:45 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-22 17:38 - 2014-02-25 15:23 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 17:38 - 2014-02-25 15:22 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 23:41 - 2014-06-19 15:04 - 00000000 ____D () C:\Users\Aaron\Desktop\dota 2
2014-06-18 21:12 - 2014-07-08 23:30 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 21:12 - 2014-07-08 23:30 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 21:12 - 2014-07-08 23:30 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-18 21:12 - 2014-07-08 23:30 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-18 21:12 - 2014-07-08 23:30 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 21:11 - 2014-07-08 23:31 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:11 - 2014-07-08 23:30 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 21:11 - 2014-07-08 23:30 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 21:10 - 2014-07-08 23:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 21:09 - 2014-07-08 23:30 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:53 - 2014-07-08 23:31 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 19:53 - 2014-07-08 23:30 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 19:53 - 2014-07-08 23:30 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 19:53 - 2014-07-08 23:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 19:53 - 2014-07-08 23:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 19:53 - 2014-07-08 23:30 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 19:53 - 2014-07-08 23:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 19:52 - 2014-07-08 23:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:52 - 2014-07-08 23:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:33 - 2014-07-08 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 19:30 - 2014-07-08 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:09 - 2014-06-18 19:09 - 06114253 _____ () C:\Users\Aaron\Downloads\contest_template.zip
2014-06-18 17:05 - 2014-07-08 23:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-06-17 18:27 - 2014-07-08 23:33 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 18:24 - 2014-07-08 23:33 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-16 01:46 - 2014-06-16 01:45 - 03968163 _____ () C:\Users\Aaron\Desktop\SHEEP1402857108.jpeg
2014-06-13 22:53 - 2012-08-25 18:39 - 00000000 ___RD () C:\Users\Aaron\Desktop\mp3
2014-06-13 12:24 - 2014-06-13 12:24 - 00171965 _____ () C:\Users\Aaron\Desktop\Agon1382578282.jpeg
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\Quarantine.exe
C:\Users\Aaron\AppData\Local\Temp\TsuEA28A326.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-07 03:00
 
==================== End Of Log ============================

Attached Files



#4 ronllat

ronllat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 11 July 2014 - 12:00 PM

On the side note, my action centre is still telling me to get rid of Win32/Small.CA virus



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 11 July 2014 - 12:35 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {E76B4BAF-F7D1-49EB-AFAF-334CC1B8900C} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Extension: Validator - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\validator@spaghetticoder.org.xpi [2014-01-21]
S3 ALSysIO; \??\C:\Users\Aaron\AppData\Local\Temp\ALSysIO64.sys [X]
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X]
S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 iBtFltCoex; \SystemRoot\system32\DRIVERS\iBtFltCoex.sys [X]
S3 TDKLIB; \??\C:\Users\Aaron\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Aaron\AppData\Local\Temp\TsuEA28A326.dll
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is it now?

#6 ronllat

ronllat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 11 July 2014 - 01:52 PM

HERE'S THE FIX LOG
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
Ran by Aaron at 2014-07-11 13:23:35 Run:1
Running from C:\Users\Aaron\Desktop\frst
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {E76B4BAF-F7D1-49EB-AFAF-334CC1B8900C} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Extension: Validator - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\validator@spaghetticoder.org.xpi [2014-01-21]
S3 ALSysIO; \??\C:\Users\Aaron\AppData\Local\Temp\ALSysIO64.sys [X]
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X]
S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 iBtFltCoex; \SystemRoot\system32\DRIVERS\iBtFltCoex.sys [X]
S3 TDKLIB; \??\C:\Users\Aaron\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Aaron\AppData\Local\Temp\TsuEA28A326.dll
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
 
End
*****************
 
'HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon' => Key deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E76B4BAF-F7D1-49EB-AFAF-334CC1B8900C}' => Key deleted successfully.
'HKCR\CLSID\{E76B4BAF-F7D1-49EB-AFAF-334CC1B8900C}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\7c7z54mf.default\Extensions\validator@spaghetticoder.org.xpi => Moved successfully.
ALSysIO => Service deleted successfully.
btmaux => Service deleted successfully.
btmhsf => Service deleted successfully.
EagleX64 => Service deleted successfully.
hxsyol => Service deleted successfully.
iBtFltCoex => Service deleted successfully.
TDKLIB => Service deleted successfully.
X6va012 => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va017 => Service deleted successfully.
X6va021 => Service deleted successfully.
xhunter1 => Service deleted successfully.
C:\Users\Aaron\AppData\Local\Temp\TsuEA28A326.dll => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall Helper 2.0.1.0\\SystemComponent => Value not found.
 
==== End of Fixlog ====
 
 
HERE'S THE CHECKUP
 

 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java 7 Update 55  
 Java SE Development Kit 7 Update 45 
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox 27.0.1 Firefox out of Date!  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

 

 

 

P.S.

I restarted my PC after applying the fixlog and I'm still getting the message from Action Centre. 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 12 July 2014 - 07:12 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 55
Java SE Development Kit 7 Update 45


===

my action centre is still telling me to get rid of Win32/Small.CA virus

Search this string Win32/Small.CA with Google and you will find many indications that this is a false positive.

I did not find any conclusive solutions to this problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users