Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop critical errors / too many temp files


  • Please log in to reply
5 replies to this topic

#1 inherentpowe

inherentpowe

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 09 July 2014 - 03:58 AM

So this began when I purchased GrimeFighter from avast! after receiving a message that I had "grime" that was slowing down my computer. After purchasing, I noticed nothing had popped up. I called customer support and soon after, I was asked if she could have temporary access to my laptop to see what was wrong. She looked around and told me that there were a series of critical errors that had occured to my computer over the past couple months, starting April 12th, which I could not remember what I did. If I remember correctly, that was when my previous hard drive had failed and I brought it in for warranty repair where they replaced it. She then looked through my temp folder and said I should have 10 files inside when I have 198 files. After a chat about how these problems were blocking GrimeFighter from functioning, she offered to have my computer fixed at a certain price, which I declined and began searching online for solutions to my temp problem. I found a forum where someone commented 
 
I am an IT service professional and use them all of the time. If something has gotten onto your system, those three in combination will get it. [/size]
 
My personal cleanup regimen for the worst of infected machines is:
 
1. TDSSKiller (do not use if on an I3 system with Interaction Client. It can break it)
2. MalwareBytes
3. ComboFix
4. SecurityCheck
5. ADWCleaner (Great scanner, growing quickly in popularity)
6. OTL
 
I followed by going through the list and have now just finished the ComboFIx scan. the TDSSKiller and MalwareBytes scans showed no threats. 
I have the diagnostics for ComboFix, but have no clue how to analyze this. If anyone is able to take a look and tell me what is going on, that would be a great help.
 
V: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Z@!-091c954d-5596-4684-b8e3-01fe714d873b.tmp
c:\users\Tommy\AppData\Local\Z@!-42b2278b-60a2-4ad0-9fe7-a836078c85ec.tmp
c:\users\Tommy\AppData\Local\Z@S!-965c17eb-36a0-4839-8608-d6c29740accb.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-09 to 2014-07-09  )))))))))))))))))))))))))))))))
.
.
2014-07-09 08:29 . 2014-07-09 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-09 01:46 . 2014-07-09 01:46 43152 ----a-w- c:\windows\avastSS.scr
2014-07-09 01:31 . 2014-07-08 18:35 -------- d-----w- C:\Jumpshot
2014-07-09 01:15 . 2014-07-08 18:35 -------- d-----w- c:\windows\jumpshot.com
2014-07-09 01:13 . 2014-06-17 09:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85F64069-2845-4955-A109-E997F669FACF}\mpengine.dll
2014-07-03 01:43 . 2014-07-03 01:43 -------- d-----w- c:\program files\RStudio
2014-06-25 23:03 . 2014-06-25 23:03 -------- d-----w- c:\users\Tommy\AppData\Local\My Games
2014-06-25 08:49 . 2014-06-25 08:49 -------- d-----w- c:\program files\HitmanPro
2014-06-25 06:34 . 2014-06-25 06:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-06-25 05:58 . 2014-06-25 06:34 -------- d-----w- c:\programdata\HitmanPro
2014-06-23 10:27 . 2012-09-07 02:13 2212688 ----a-w- c:\windows\ETDUninst.dll
2014-06-23 10:21 . 2014-06-23 10:24 -------- d-----w- c:\programdata\Yahoo!
2014-06-10 22:49 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-06-10 22:49 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-06-10 22:49 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-10 22:49 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 01:46 . 2014-04-13 03:22 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-09 01:46 . 2014-05-05 06:40 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-09 01:46 . 2014-04-13 03:22 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-09 01:46 . 2014-04-13 03:22 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-09 01:46 . 2014-04-13 03:22 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-09 01:46 . 2014-04-13 03:22 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-09 01:46 . 2014-04-13 03:22 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-09 01:46 . 2014-04-13 03:22 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-09 01:46 . 2014-04-13 03:22 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-06-24 18:56 . 2014-04-13 03:24 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-12 10:03 . 2014-04-13 00:03 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-20 02:44 . 2014-05-26 23:42 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-05-26 23:42 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-05-26 23:42 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-05-26 23:42 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-05-26 23:42 895776 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-05-26 23:42 892704 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-05-26 23:42 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-05-26 23:42 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-05-26 23:42 492376 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-05-26 23:42 416712 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-05-26 23:42 382240 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-26 23:42 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-05-26 23:42 335704 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-26 23:42 32544 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2014-05-20 02:44 . 2014-05-26 23:42 3141976 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-05-26 23:42 31387936 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-05-26 23:42 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-05-26 23:42 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-05-26 23:42 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-26 23:42 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-26 23:42 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-05-26 23:42 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-26 23:42 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-05-26 23:42 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-05-26 23:42 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-05-26 23:42 11644928 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-05-26 23:42 11599072 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-05-26 23:42 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-05-26 23:42 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-04-14 09:22 837056 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2014-04-14 09:22 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2014-04-14 09:22 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2014-04-13 00:21 952952 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2014-04-13 00:21 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2014-04-13 00:21 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-05-20 02:44 . 2014-04-13 00:21 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 01:25 . 2014-04-13 00:22 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2014-04-13 00:22 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2014-04-13 00:22 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2014-04-13 00:22 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2014-05-20 01:25 . 2014-04-13 00:22 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2014-04-13 00:22 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2014-04-13 00:22 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-20 01:25 . 2014-04-13 00:22 1078616 ----a-w- c:\windows\system32\nv3dappshext.dll
2014-05-14 23:49 . 2014-04-13 00:22 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-05-12 14:26 . 2014-04-13 03:24 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 14:26 . 2014-04-13 03:24 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 14:25 . 2014-04-13 03:24 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-16 03:02 . 2014-04-16 03:02 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-04-12 02:22 . 2014-05-14 07:44 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:22 . 2014-05-14 07:44 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:19 . 2014-05-14 07:44 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 07:44 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 07:44 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 07:44 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 07:44 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 07:44 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 07:44 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD18858498205"="rd" [X]
"Spotify Web Helper"="c:\users\Tommy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-06-28 1176632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-09 4086432]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2013-8-2 5073920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys;c:\windows\SYSNATIVE\drivers\VMfilt64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97645731
*Deregistered* - 97645731
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-11 21:43 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3925938639-2170358025-1242149302-1000Core.job
- c:\users\Tommy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-21 06:03]
.
2014-07-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3925938639-2170358025-1242149302-1000UA.job
- c:\users\Tommy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-21 06:03]
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13 00:53]
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13 00:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-09 01:46 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-07-03 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-07-03 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-07-03 444400]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-05-10 5675184]
"CECAPLF"="c:\program files (x86)\ChiconyCam\CECAPLF.exe" [2011-07-06 121456]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-09  01:32:58
ComboFix-quarantined-files.txt  2014-07-09 08:32
.
Pre-Run: 661,629,444,096 bytes free
Post-Run: 661,528,322,048 bytes free
.
- - End Of File - - E27B5CB0F726457AB3EB1B1ED094E888
A36C5E4F47E84449FF07ED3517B43A31

Edit: Moved topic from General Security to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 13 July 2014 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Please post the logs and wait for further instructions.

#3 inherentpowe

inherentpowe
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 14 July 2014 - 03:10 AM

Thank you so much for the assistance!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014
Ran by Tommy (administrator) on TOMMY-PC on 14-07-2014 01:01:32
Running from C:\Users\Tommy\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Tommy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5675184 2013-05-09] (VIA)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-08] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3925938639-2170358025-1242149302-1000\...\Run: [Spotify Web Helper] => C:\Users\Tommy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-09] (Spotify Ltd)
HKU\S-1-5-21-3925938639-2170358025-1242149302-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-05-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-19] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xECBE4C95B256CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Tommy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-12]

Chrome:
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-12]
CHR Extension: (Google Drive) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Google Search) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (AdBlock) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-12]
CHR Extension: (avast! Online Security) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-13]
CHR Extension: (Isoball 3) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-04-12]
CHR Extension: (Google Wallet) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]
CHR Extension: (Sinuous) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2014-04-12]
CHR Extension: (Gmail) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
CHR Extension: (Secure Shell) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhechapfaindjhompbnflcldabbghjo [2014-04-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-07] (SurfRight B.V.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46592 2013-05-29] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2967768 2013-07-22] (Realtek Semiconductor Corporation )
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-14 01:01 - 2014-07-14 01:02 - 00013029 _____ () C:\Users\Tommy\Desktop\FRST.txt
2014-07-14 01:01 - 2014-07-14 01:01 - 00854390 _____ () C:\Users\Tommy\Desktop\SecurityCheck.exe
2014-07-14 01:00 - 2014-07-14 01:01 - 00000000 ____D () C:\FRST
2014-07-14 01:00 - 2014-07-14 01:00 - 02086912 _____ (Farbar) C:\Users\Tommy\Desktop\FRST64.exe
2014-07-13 17:19 - 2014-07-13 17:19 - 00000220 _____ () C:\Users\Tommy\Desktop\BioShock Infinite.url
2014-07-13 04:12 - 2014-07-13 04:12 - 00000222 _____ () C:\Users\Tommy\Desktop\XCOM Enemy Unknown.url
2014-07-12 14:42 - 2014-07-12 14:42 - 00039919 _____ () C:\Users\Tommy\Desktop\energy-report.html
2014-07-12 04:36 - 2014-07-12 04:36 - 00000221 _____ () C:\Users\Tommy\Desktop\The Bureau XCOM Declassified.url
2014-07-12 03:42 - 2014-07-12 03:42 - 00000220 _____ () C:\Users\Tommy\Desktop\BioShock.url
2014-07-09 22:06 - 2014-07-13 18:22 - 00000000 ____D () C:\Users\Tommy\Desktop\Exam 1 - 7
2014-07-09 12:34 - 2014-07-09 12:35 - 00000000 ____D () C:\Users\Tommy\Desktop\New folder
2014-07-09 03:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-09 03:18 - 2014-07-09 03:27 - 00000000 ____D () C:\AdwCleaner
2014-07-09 01:32 - 2014-07-09 01:32 - 00018884 _____ () C:\ComboFix.txt
2014-07-09 01:18 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-09 01:18 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-09 01:18 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-09 01:18 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-09 01:18 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-09 01:18 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-09 01:18 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-09 01:18 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-09 01:16 - 2014-07-09 01:33 - 00000000 ____D () C:\Qoobox
2014-07-09 01:16 - 2014-07-09 01:30 - 00000000 ____D () C:\Windows\erdnt
2014-07-08 18:46 - 2014-07-08 18:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 18:31 - 2014-07-08 11:35 - 00000000 ____D () C:\Jumpshot
2014-07-08 18:30 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 18:30 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 18:30 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 18:30 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 18:30 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 18:30 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 18:30 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 18:30 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 18:30 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 18:30 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 18:30 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 18:30 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 18:30 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 18:30 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 18:30 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 18:30 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 18:30 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 18:30 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 18:30 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 18:30 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 18:30 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 18:30 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 18:30 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 18:30 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 18:30 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 18:30 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 18:30 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 18:30 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 18:30 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 18:30 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 18:30 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 18:30 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 18:30 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 18:30 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 18:30 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 18:30 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 18:30 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 18:30 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 18:30 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 18:30 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 18:30 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 18:30 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 18:30 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 18:30 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 18:30 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 18:30 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 18:30 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 18:30 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 18:30 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 18:30 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 18:30 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 18:30 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 18:30 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 18:30 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 18:30 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 18:30 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 18:17 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 18:17 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 18:17 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 18:17 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 18:17 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 18:17 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 18:15 - 2014-07-08 11:35 - 00000000 ____D () C:\Windows\jumpshot.com
2014-07-08 18:12 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 18:12 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 18:12 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-02 18:43 - 2014-07-02 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-02 18:43 - 2014-07-02 18:43 - 00000000 ____D () C:\Program Files\RStudio
2014-06-29 11:23 - 2014-06-29 11:23 - 00000000 ____D () C:\Users\Tommy\Desktop\FM Practice Exams
2014-06-25 16:03 - 2014-06-25 16:03 - 00000000 ____D () C:\Users\Tommy\AppData\Local\My Games
2014-06-25 01:49 - 2014-06-25 01:49 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-24 23:34 - 2014-06-24 23:34 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-06-24 22:58 - 2014-06-24 23:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-23 03:29 - 2014-06-23 03:29 - 00000000 ____D () C:\ProgramData\Real
2014-06-23 03:27 - 2012-09-06 19:13 - 02212688 _____ (ELAN Microelectronics Corp.) C:\Windows\ETDUninst.dll
2014-06-23 03:21 - 2014-06-23 03:24 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-06-20 22:06 - 2014-06-20 22:06 - 00003106 _____ () C:\Windows\System32\Tasks\{1056DA31-C0E3-48C9-8D64-CA1537726D63}

==================== One Month Modified Files and Folders =======

2014-07-14 01:02 - 2014-07-14 01:01 - 00013029 _____ () C:\Users\Tommy\Desktop\FRST.txt
2014-07-14 01:01 - 2014-07-14 01:01 - 00854390 _____ () C:\Users\Tommy\Desktop\SecurityCheck.exe
2014-07-14 01:01 - 2014-07-14 01:00 - 00000000 ____D () C:\FRST
2014-07-14 01:01 - 2014-04-12 17:59 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\Skype
2014-07-14 01:00 - 2014-07-14 01:00 - 02086912 _____ (Farbar) C:\Users\Tommy\Desktop\FRST64.exe
2014-07-14 00:55 - 2009-07-13 21:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 00:55 - 2009-07-13 21:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 00:34 - 2014-04-12 17:54 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 23:54 - 2014-04-12 15:57 - 01862833 _____ () C:\Windows\WindowsUpdate.log
2014-07-13 23:24 - 2014-04-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-13 23:08 - 2014-04-20 23:03 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3925938639-2170358025-1242149302-1000UA.job
2014-07-13 23:08 - 2014-04-20 23:03 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3925938639-2170358025-1242149302-1000Core.job
2014-07-13 18:22 - 2014-07-09 22:06 - 00000000 ____D () C:\Users\Tommy\Desktop\Exam 1 - 7
2014-07-13 17:19 - 2014-07-13 17:19 - 00000220 _____ () C:\Users\Tommy\Desktop\BioShock Infinite.url
2014-07-13 15:48 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-13 04:34 - 2014-04-12 17:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 04:12 - 2014-07-13 04:12 - 00000222 _____ () C:\Users\Tommy\Desktop\XCOM Enemy Unknown.url
2014-07-12 14:42 - 2014-07-12 14:42 - 00039919 _____ () C:\Users\Tommy\Desktop\energy-report.html
2014-07-12 04:36 - 2014-07-12 04:36 - 00000221 _____ () C:\Users\Tommy\Desktop\The Bureau XCOM Declassified.url
2014-07-12 03:42 - 2014-07-12 03:42 - 00000220 _____ () C:\Users\Tommy\Desktop\BioShock.url
2014-07-11 21:46 - 2014-04-12 20:04 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\Spotify
2014-07-11 16:42 - 2014-04-12 20:05 - 00000000 ____D () C:\Users\Tommy\AppData\Local\Spotify
2014-07-09 22:06 - 2014-04-12 20:09 - 00000000 ____D () C:\Users\Tommy\Desktop\ACTUARY STUFF
2014-07-09 12:35 - 2014-07-09 12:34 - 00000000 ____D () C:\Users\Tommy\Desktop\New folder
2014-07-09 11:46 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-09 11:46 - 2009-07-13 21:51 - 00041427 _____ () C:\Windows\setupact.log
2014-07-09 03:55 - 2014-04-12 17:36 - 00000086 _____ () C:\setup.log
2014-07-09 03:55 - 2014-04-12 17:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-09 03:55 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media
2014-07-09 03:54 - 2014-05-27 01:34 - 00000000 ____D () C:\ProgramData\DivX
2014-07-09 03:28 - 2010-11-20 20:47 - 00049652 _____ () C:\Windows\PFRO.log
2014-07-09 03:27 - 2014-07-09 03:18 - 00000000 ____D () C:\AdwCleaner
2014-07-09 03:26 - 2009-07-13 22:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 03:22 - 2014-04-12 20:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-09 03:20 - 2009-07-13 21:45 - 00294592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:19 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:03 - 2014-04-14 02:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:02 - 2014-04-12 17:03 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 01:33 - 2014-07-09 01:16 - 00000000 ____D () C:\Qoobox
2014-07-09 01:33 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-07-09 01:32 - 2014-07-09 01:32 - 00018884 _____ () C:\ComboFix.txt
2014-07-09 01:30 - 2014-07-09 01:16 - 00000000 ____D () C:\Windows\erdnt
2014-07-09 01:29 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-08 18:46 - 2014-07-08 18:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 18:46 - 2014-05-04 23:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-08 18:46 - 2014-04-12 20:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-08 18:46 - 2014-04-12 20:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-08 18:46 - 2014-04-12 20:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-08 18:46 - 2014-04-12 20:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-08 18:46 - 2014-04-12 20:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-08 18:46 - 2014-04-12 20:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-08 18:46 - 2014-04-12 20:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-08 18:46 - 2014-04-12 20:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-08 11:35 - 2014-07-08 18:31 - 00000000 ____D () C:\Jumpshot
2014-07-08 11:35 - 2014-07-08 18:15 - 00000000 ____D () C:\Windows\jumpshot.com
2014-07-02 18:43 - 2014-07-02 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-02 18:43 - 2014-07-02 18:43 - 00000000 ____D () C:\Program Files\RStudio
2014-06-29 11:23 - 2014-06-29 11:23 - 00000000 ____D () C:\Users\Tommy\Desktop\FM Practice Exams
2014-06-27 01:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-06-25 16:03 - 2014-06-25 16:03 - 00000000 ____D () C:\Users\Tommy\AppData\Local\My Games
2014-06-25 16:03 - 2014-05-12 13:01 - 00000000 ____D () C:\Users\Tommy\Documents\My Games
2014-06-25 16:00 - 2014-05-12 12:57 - 00045035 _____ () C:\Windows\DirectX.log
2014-06-25 01:49 - 2014-06-25 01:49 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-24 23:34 - 2014-06-24 23:34 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-06-24 23:34 - 2014-06-24 22:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-24 22:43 - 2014-05-12 12:55 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-24 11:56 - 2014-04-12 20:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 11:55 - 2014-04-12 20:24 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-24 11:55 - 2014-04-12 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 11:55 - 2014-04-12 20:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-23 03:29 - 2014-06-23 03:29 - 00000000 ____D () C:\ProgramData\Real
2014-06-23 03:24 - 2014-06-23 03:21 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-06-20 22:06 - 2014-06-20 22:06 - 00003106 _____ () C:\Windows\System32\Tasks\{1056DA31-C0E3-48C9-8D64-CA1537726D63}
2014-06-20 13:14 - 2014-07-08 18:30 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 12:39 - 2014-07-08 18:30 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-18 18:39 - 2014-07-08 18:30 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 18:06 - 2014-07-08 18:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 18:06 - 2014-07-08 18:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 17:48 - 2014-07-08 18:30 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 17:42 - 2014-07-08 18:30 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 17:42 - 2014-07-08 18:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 17:41 - 2014-07-08 18:30 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 17:41 - 2014-07-08 18:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 17:32 - 2014-07-08 18:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 17:31 - 2014-07-08 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 17:26 - 2014-07-08 18:30 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 17:24 - 2014-07-08 18:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 17:24 - 2014-07-08 18:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 17:23 - 2014-07-08 18:30 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 17:16 - 2014-07-08 18:30 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 17:14 - 2014-07-08 18:30 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 17:09 - 2014-07-08 18:30 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 16:59 - 2014-07-08 18:30 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 16:56 - 2014-07-08 18:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 16:53 - 2014-07-08 18:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 16:51 - 2014-07-08 18:30 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 16:50 - 2014-07-08 18:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 16:48 - 2014-07-08 18:30 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 16:39 - 2014-07-08 18:30 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 16:38 - 2014-07-08 18:30 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 16:37 - 2014-07-08 18:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 16:36 - 2014-07-08 18:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 16:35 - 2014-07-08 18:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 16:33 - 2014-07-08 18:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 16:32 - 2014-07-08 18:30 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 16:28 - 2014-07-08 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 16:28 - 2014-07-08 18:30 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 16:27 - 2014-07-08 18:30 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 16:27 - 2014-07-08 18:30 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 16:25 - 2014-07-08 18:30 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 16:23 - 2014-07-08 18:30 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 16:22 - 2014-07-08 18:30 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 16:12 - 2014-07-08 18:30 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 16:06 - 2014-07-08 18:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 16:01 - 2014-07-08 18:30 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 15:59 - 2014-07-08 18:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 15:58 - 2014-07-08 18:30 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 15:58 - 2014-07-08 18:30 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 15:52 - 2014-07-08 18:30 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 15:51 - 2014-07-08 18:30 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 15:49 - 2014-07-08 18:30 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 15:46 - 2014-07-08 18:30 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 15:45 - 2014-07-08 18:30 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 15:35 - 2014-07-08 18:30 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 15:34 - 2014-07-08 18:30 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 15:15 - 2014-07-08 18:30 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 15:13 - 2014-07-08 18:30 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 15:09 - 2014-07-08 18:30 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 15:07 - 2014-07-08 18:30 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 04:29 - 2014-04-12 17:54 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 04:29 - 2014-04-12 17:54 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 23:59 - 2014-04-12 20:09 - 00000000 ____D () C:\Users\Tommy\Desktop\ACTUARY LESSONS
2014-06-17 19:18 - 2014-07-08 18:17 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 18:51 - 2014-07-08 18:17 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 18:10 - 2014-07-08 18:17 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-14 17:42 - 2014-05-12 22:13 - 00000000 ____D () C:\Users\Tommy\Documents\My Digital Editions
2014-06-14 17:42 - 2014-04-12 20:12 - 00000000 ____D () C:\Program Files (x86)\Adobe

Some content of TEMP:
====================
C:\Users\Tommy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 13:19

Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
[b][u]````````````````````End of Log

==================== End Of Log ============================

Attached Files


Edited by nasdaq, 14 July 2014 - 07:45 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 14 July 2014 - 07:48 AM

Your logs are clean.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

How is the computer performing?

#5 inherentpowe

inherentpowe
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 16 July 2014 - 04:45 PM

The computer works fine, but the screen with the firmware problem pops up every time i startup the next day from sleep mode.

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 17 July 2014 - 07:43 AM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If the problem persists continue.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

===

Internet Explorer > Menu > Internet Options > Advanced tab.
Click the Reset button on the bottom of the pane.
Click the Apply button and restart the browser.

How is it now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users