Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FF has fake hyperlinks, lots of ads and popups..


  • This topic is locked This topic is locked
8 replies to this topic

#1 jesseagten

jesseagten

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 09 July 2014 - 08:59 AM

Hi!

I ran into problems by downloading a keygen. I use a legit and update Windows 8.
All problems are in Firefox:
- A lot of advertisement on places there usually isn't
- New tabs open by themselves, filled with Ad's
- All text on websites had obvious fake hyperlinks, generally in Caps and underlined. They also have this weird green logo....

example:
"We now need to save the two log files that were created. First click on the DDS.txt window and click on the Filearrow-10x10.png menu and then select Savearrow-10x10.png As... menu option. You will now be presented with a screen similar to Figure 9 below asking where you would like to save the file."

 

Many thansk for saving me!

DDS....

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17028
Run by Jesse at 15:43:15 on 2014-07-09
Microsoft Windows 8  6.2.9200.0.1252.32.1043.18.6022.3816 [GMT 1:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\ProgramData\banda larga tmn\OnlineUpdate\ouc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
C:\Windows\system32\dashost.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\Explorer.EXE
c:\programdata\trusted publisher\sw-booster\SW-Booster.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\calc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adblocker: {A8295E1A-855D-826B-D4C0-C4339E6D468F} - C:\Program Files (x86)\Adblocker\hQgj.dll
BHO: priceCihop: {AFD0B1C2-DFB7-D963-E6D2-B34489222DE3} - C:\Program Files (x86)\priceCihop\CwOIIS0A.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
uRun: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [AdobeBridge] <no file>
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
mRun: [VodafoneMobileWiFi] C:\Program Files (x86)\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\DUSUPE~1.LNK - C:\Program Files (x86)\DU Super Controler\DUSuperControler.exe
mPolicies-System: DisableCAD = dword:1
IE: Download alle links met IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download met IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{409ECCD1-B84E-4C45-ABB9-92159BEF99F2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{409ECCD1-B84E-4C45-ABB9-92159BEF99F2}\14C616D62696175756D277C416E6 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{409ECCD1-B84E-4C45-ABB9-92159BEF99F2}\45D4E402D4F62696C65675966496D226235363 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{409ECCD1-B84E-4C45-ABB9-92159BEF99F2}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{409ECCD1-B84E-4C45-ABB9-92159BEF99F2}\6516C6C61646F6C6964675966496 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{409ECCD1-B84E-4C45-ABB9-92159BEF99F2}\8464455554C41405F42545F4 : DHCPNameServer = 62.28.40.173 62.28.116.41
TCP: Interfaces\{409ECCD1-B84E-4C45-ABB9-92159BEF99F2}\84F44554C4F554E4142514 : DHCPNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{409ECCD1-B84E-4C45-ABB9-92159BEF99F2}\C496675626F687D243135646 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{925DB977-992C-4F41-A633-4B3BE2E74C35} : NameServer = 88.214.182.2 88.214.178.1
TCP: Interfaces\{9ABF7F00-5C62-49CB-A96C-B86BC3635290} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A42AC2A1-F715-4F4D-9F90-9102412CE03D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C176D732-2A25-49D5-9F4D-9085BAD125E5} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E5773F86-5761-4A40-87A5-1548227CF4E0} : DHCPNameServer = 87.103.113.177 87.103.113.241
TCP: Interfaces\{E7C5FDEC-2B4A-4DBD-BFFB-793DD88961F6} : NameServer = 88.214.182.1 88.214.178.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~2\sw-boo~1\assist~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Adblocker: {A8295E1A-855D-826B-D4C0-C4339E6D468F} - C:\Program Files (x86)\Adblocker\hQgj.x64.dll
x64-BHO: priceCihop: {AFD0B1C2-DFB7-D963-E6D2-B34489222DE3} - C:\Program Files (x86)\priceCihop\CwOIIS0A.x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\6xd6q621.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-10 647736]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2014-4-9 33736]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-9-29 220288]
R2 d0e87c27;SW-Sustainer;C:\Windows\System32\rundll32.exe [2012-7-26 51712]
R2 DUMeterSvc;DU Meter Service;C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [2013-3-20 566672]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DataCardService\HWDeviceService64.exe [2011-3-14 346976]
R2 IDMWFP;IDMWFP;C:\Windows\System32\Drivers\idmwfp.sys [2013-3-22 165112]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-12 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-12 165760]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-9 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-29 16941856]
R2 pdserv;Bitdefender 60-Second Virus Scanner Service;C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc --> C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [?]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-4-30 337776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-12 364416]
R2 VmbService;Vodafone Mobile Broadband-service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-6-25 9216]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-9-29 323584]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-11-12 33944]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\Drivers\dtscsibus.sys [2013-3-11 29696]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-10-10 21152]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\Drivers\ew_jubusenum.sys [2014-4-9 86016]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-10-10 342528]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2014-4-9 39200]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2012-11-12 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-12 690832]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;C:\Windows\System32\Drivers\vodafone_K3805-z_dc_enum.sys [2010-3-1 75776]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S2 banda larga tmn. RunOuc;banda larga tmn. OUC;C:\Program Files (x86)\banda larga tmn\UpdateDog\ouc.exe [2014-4-9 246112]
S3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-9-11 56704]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\Drivers\CH341S64.SYS [2014-7-3 58368]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-4-1 102368]
S3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-3-6 580672]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;C:\Program Files (x86)\DU Meter\DUMetr64.sys [2013-3-20 20840]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\Drivers\ew_hwusbdev.sys [2014-4-9 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\Drivers\ew_usbenumfilter.sys [2014-4-9 13952]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\Drivers\ewusbwwan.sys [2014-4-9 421376]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\Drivers\ew_jucdcacm.sys [2014-4-9 98816]
S3 huawei_cdcecm;huawei_cdcecm;C:\Windows\System32\Drivers\ew_jucdcecm.sys [2014-4-9 69632]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\Drivers\ew_juextctrl.sys [2014-4-9 28672]
S3 massfilter;MBB Mass Storage Filter Driver;C:\Windows\System32\Drivers\massfilter.sys [2013-3-6 11776]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-4-1 203104]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\Drivers\ZTEusbnet.sys [2013-3-6 135168]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\System32\Drivers\zteusbvoice.sys [2013-3-6 121344]
.
=============== Created Last 30 ================
.
2014-07-09 13:23:38    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1EA3BB4E-017B-4739-8CCE-39488B8B28EC}\offreg.dll
2014-07-09 13:21:10    703968    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-09 13:21:10    105440    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 11:37:22    10779000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1EA3BB4E-017B-4739-8CCE-39488B8B28EC}\mpengine.dll
2014-07-09 11:34:37    628024    ----a-w-    C:\Windows\System32\NotificationUI.exe
2014-07-09 11:34:31    1281536    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-07-09 11:34:30    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2014-07-09 11:34:26    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2014-07-09 11:34:26    439808    ----a-w-    C:\Windows\System32\lsm.dll
2014-07-09 11:34:11    3262464    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-09 11:34:10    4038144    ----a-w-    C:\Windows\System32\win32k.sys
2014-07-09 11:34:10    394624    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-09 11:34:10    1557504    ----a-w-    C:\Windows\System32\osk.exe
2014-07-09 11:34:09    92672    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-09 11:34:09    1616896    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 11:34:09    1440256    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-07-09 11:33:53    627712    ----a-w-    C:\Program Files\Windows Journal\MSPVWCTL.DLL
2014-07-09 11:33:53    1617920    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 11:33:53    1413632    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2014-07-09 11:33:53    1318912    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-09 11:33:53    1306624    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-09 11:33:53    1272320    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 11:33:53    1029120    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2014-07-09 11:33:52    881152    ----a-w-    C:\Program Files\Windows Journal\InkSeg.dll
2014-07-09 11:33:52    336384    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll
2014-07-09 11:33:52    265216    ----a-w-    C:\Windows\System32\InkEd.dll
2014-07-07 16:41:25    --------    d-----w-    C:\Windows\SysWow64\X86
2014-07-07 16:41:25    --------    d-----w-    C:\Windows\SysWow64\AMD64
2014-07-07 16:41:25    --------    d-----w-    C:\Program Files (x86)\EZDownloader
2014-07-07 16:41:03    --------    d-----w-    C:\ProgramData\Trusted Publisher
2014-07-07 16:40:45    --------    d-----w-    C:\Program Files (x86)\SW-Booster
2014-07-07 16:39:37    --------    d-----w-    C:\ProgramData\Adblocker
2014-07-07 16:39:37    --------    d-----w-    C:\Program Files (x86)\Adblocker
2014-07-07 16:39:11    --------    d-----w-    C:\ProgramData\priceCihop
2014-07-07 16:39:10    --------    d-----w-    C:\Program Files (x86)\priceCihop
2014-07-07 16:38:44    --------    d-----w-    C:\ProgramData\eb64a50985f10bee
2014-07-07 16:38:42    --------    d-----w-    C:\Users\Jesse\AppData\Local\Torch
2014-07-07 16:38:42    --------    d-----w-    C:\Users\Jesse\AppData\Local\Comodo
2014-07-07 16:38:42    --------    d-----w-    C:\Users\Jesse\AppData\Local\Chromatic Browser
2014-07-07 16:38:41    --------    d-----w-    C:\Users\Jesse\AppData\Local\Google
2014-07-07 16:10:31    --------    d-----w-    C:\ProgramData\StunningSoftware
2014-07-07 16:07:42    --------    d-----w-    C:\ProgramData\Protexis64
2014-07-07 15:56:45    --------    d-----w-    C:\Program Files\Common Files\Corel
2014-07-07 15:56:20    --------    d-----w-    C:\Program Files\Common Files\Protexis
2014-07-07 15:54:05    --------    d-----w-    C:\ProgramData\Corel
2014-07-07 15:53:54    --------    d-----w-    C:\Program Files\Corel
2014-07-07 15:52:52    --------    d-----w-    C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2014-07-03 16:51:50    6712    ----a-w-    C:\Windows\SysWow64\CH341PT.DLL
2014-07-03 16:51:50    6712    ----a-w-    C:\Windows\System32\CH341PT.DLL
2014-07-03 16:51:50    58368    ----a-w-    C:\Windows\System32\drivers\CH341S64.SYS
2014-07-03 16:51:50    39696    ----a-w-    C:\Windows\System32\drivers\CH341SER.SYS
2014-07-03 16:51:50    20089    ----a-w-    C:\Windows\System32\CH341SER.VXD
2014-07-03 16:51:50    19680    ----a-w-    C:\Windows\System32\drivers\CH341S98.SYS
2014-07-03 16:51:50    --------    d-----w-    C:\WCH.CN
2014-07-03 16:11:11    --------    d-----w-    C:\artcut6
2014-07-03 16:10:56    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2014-07-03 16:10:56    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2014-07-03 16:10:56    274432    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2014-07-03 16:10:56    180224    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2014-07-03 16:10:55    749568    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2014-07-03 16:10:36    192644    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2014-07-03 16:10:35    323716    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2014-06-28 16:06:13    9460976    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-06-11 17:29:25    --------    d-----w-    C:\Windows\System32\MRT
2014-06-11 16:52:39    13661696    ----a-w-    C:\Windows\System32\Windows.UI.Xaml.dll
2014-06-11 16:50:01    1939288    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-06-11 16:50:00    5979648    ----a-w-    C:\Windows\System32\mstscax.dll
2014-06-11 16:46:24    23350272    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-06-11 16:45:59    62976    ----a-w-    C:\Windows\System32\imagehlp.dll
2014-06-11 16:45:59    59392    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2014-06-11 16:44:05    1301504    ----a-w-    C:\Windows\System32\gdi32.dll
2014-06-11 16:44:05    1023488    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-06-11 16:44:04    1160192    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2014-06-11 16:44:03    96600    ----a-w-    C:\Windows\System32\drivers\wfplwfs.sys
2014-06-11 16:44:03    723968    ----a-w-    C:\Windows\System32\BFE.DLL
2014-06-11 16:43:37    3246592    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-06-11 16:43:37    235520    ----a-w-    C:\Windows\System32\rdpudd.dll
2014-06-11 16:41:19    600064    ----a-w-    C:\Windows\System32\vbscript.dll
2014-06-11 16:41:19    523776    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-06-11 16:40:13    785624    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2014-06-11 16:40:12    54488    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2014-06-11 16:40:11    25600    ----a-w-    C:\Windows\System32\drivers\usbprint.sys
2014-06-11 16:40:06    99328    ----a-w-    C:\Windows\System32\drivers\usbcir.sys
2014-06-11 16:40:06    210560    ----a-w-    C:\Windows\System32\drivers\usbvideo.sys
2014-06-11 16:34:49    915968    ----a-w-    C:\Windows\System32\MPSSVC.dll
2014-06-11 16:32:53    583680    ----a-w-    C:\Windows\System32\msdrm.dll
2014-06-11 16:32:52    451072    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2014-06-11 16:32:48    337752    ----a-w-    C:\Windows\System32\drivers\USBXHCI.SYS
2014-06-11 16:32:48    213336    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2014-06-11 16:32:47    79192    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-06-11 16:32:47    623448    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-06-11 16:32:47    498008    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-06-11 16:32:47    32256    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-06-11 16:32:47    21848    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-06-11 16:32:47    120832    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-06-11 16:30:37    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-06-11 16:30:37    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-06-11 16:29:15    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2014-06-11 16:29:15    362496    ----a-w-    C:\Windows\System32\atmfd.dll
2014-06-11 16:29:15    35328    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2014-06-11 16:29:15    300032    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2014-06-11 16:28:42    222720    ----a-w-    C:\Windows\System32\scrobj.dll
2014-06-11 16:28:42    194048    ----a-w-    C:\Windows\System32\scrrun.dll
2014-06-11 16:28:42    162304    ----a-w-    C:\Windows\SysWow64\scrobj.dll
2014-06-11 16:28:42    156160    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2014-06-11 16:28:42    146944    ----a-w-    C:\Windows\System32\cscript.exe
2014-06-11 16:28:42    143872    ----a-w-    C:\Windows\System32\wshom.ocx
2014-06-11 16:28:42    115712    ----a-w-    C:\Windows\SysWow64\cscript.exe
2014-06-11 16:27:44    2062848    ----a-w-    C:\Windows\System32\d3d11.dll
2014-06-11 16:27:43    1711616    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2014-06-11 16:26:40    1287168    ----a-w-    C:\Windows\System32\schedsvc.dll
2014-06-11 16:22:26    2233176    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-06-11 16:22:25    420864    ----a-w-    C:\Windows\System32\WMPhoto.dll
2014-06-11 16:22:25    368640    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2014-06-11 16:19:30    566784    ----a-w-    C:\Windows\System32\wvc.dll
.
==================== Find3M  ====================
.
2014-07-09 13:22:38    500    ----a-w-    C:\Users\Jesse\AppData\Roaming\sp_data.sys
2014-06-27 15:49:49    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2014-06-27 15:49:49    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-06-19 02:12:11    2239488    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-19 02:12:02    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2014-06-19 02:12:02    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2014-06-19 02:10:33    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-19 02:10:28    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-19 02:10:28    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-06-19 02:09:55    1508864    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-19 00:53:52    1766400    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-19 00:53:42    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2014-06-19 00:52:46    2863616    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-19 00:52:42    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-06-19 00:52:42    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-06-19 00:52:19    1440768    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-19 00:33:44    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-19 00:30:35    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-18 22:05:00    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2014-06-06 14:06:38    596480    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 10:17:56    497152    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-05-29 22:24:46    576512    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-25 08:49:12    535446    ----a-w-    C:\ProgramData\1401007318.bdinstall.bin
2014-05-25 08:48:51    49287    ----a-w-    C:\ProgramData\1401007711.bdinstall.bin
2014-05-03 06:34:30    6974808    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-05-03 06:33:02    1824808    ----a-w-    C:\Windows\System32\ntdll.dll
2014-05-03 04:51:57    1408976    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2014-05-01 22:37:16    1023488    ----a-w-    C:\Windows\System32\localspl.dll
2014-04-30 19:45:49    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-29 22:32:46    126464    ----a-w-    C:\Windows\System32\Robocopy.exe
2014-04-29 22:32:00    106496    ----a-w-    C:\Windows\SysWow64\Robocopy.exe
2014-04-23 23:51:02    566784    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-04-23 23:51:02    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-23 23:38:47    693760    ----a-w-    C:\Windows\System32\WSShared.dll
2014-04-23 23:38:47    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 15:41:43    79192    ----a-w-    C:\Windows\System32\drivers\bdvedisk.sys
2014-04-12 09:27:03    172888    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 09:10:31    578048    ----a-w-    C:\Windows\System32\winlogon.exe
2014-04-12 09:09:43    208896    ----a-w-    C:\Windows\System32\wdigest.dll
2014-04-12 09:09:39    1043968    ----a-w-    C:\Windows\System32\usercpl.dll
2014-04-12 09:09:34    94720    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-04-12 09:08:37    318464    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-04-12 09:08:10    827904    ----a-w-    C:\Windows\System32\kerberos.dll
2014-04-12 09:07:36    20480    ----a-w-    C:\Windows\System32\credssp.dll
2014-04-12 07:23:59    178688    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-04-12 07:23:52    961536    ----a-w-    C:\Windows\SysWow64\usercpl.dll
2014-04-12 07:23:49    76800    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-04-12 07:23:14    273920    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-04-12 07:22:58    666624    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-04-12 07:22:33    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-04-12 06:58:06    14848    ----a-w-    C:\Windows\System32\workerdd.dll
2014-04-10 18:39:55    448015    ----a-w-    C:\ProgramData\1397155064.bdinstall.bin
.
============= FINISH: 15:44:04.55 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 09 July 2014 - 01:47 PM

Hello 

jesseagten

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

3.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 jesseagten

jesseagten
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 10 July 2014 - 01:52 AM

Hi!

Many many thanks for taking your time for this.
The same problems occure after running the programs.

LOgss:

ADW

# AdwCleaner v3.215 - Rapport aangemaakt 10/07/2014 op 08:38:44
# Laatste Update 09/07/2014 door Xplode
# Besturingssysteem : Windows 8  (64 bits)
# Gebruikersnaam : Jesse - ASUS
# Gestart vanuit : C:\Users\Jesse\Downloads\Programs\AdwCleaner_2.exe
# Optie : Verwijderen

***** [ Services ] *****

Service Verwijderd : d0e87c27

***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\ProgramData\Adblocker
Map Verwijderd : C:\ProgramData\SoftSafe
Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Map Verwijderd : C:\Program Files (x86)\Adblocker
Map Verwijderd : C:\Program Files (x86)\EZDownloader
Map Verwijderd : C:\Program Files (x86)\SW-Booster
Map Verwijderd : C:\Users\Administrator\AppData\Local\Chromatic Browser
Map Verwijderd : C:\Users\Administrator\AppData\Local\torch
Map Verwijderd : C:\Users\Gast\AppData\Local\Chromatic Browser
Map Verwijderd : C:\Users\Gast\AppData\Local\torch
Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\torch
Map Verwijderd : C:\Users\Jesse\AppData\Local\Chromatic Browser
Map Verwijderd : C:\Users\Jesse\AppData\Local\torch
Bestand Verwijderd : C:\Windows\Tasks\SW-Booster-S-792098896.job
Bestand Verwijderd : C:\Windows\System32\Tasks\SW-Booster-S-792098896

***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Sleutel Verwijderd : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-792098896
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Sleutel Verwijderd : HKCU\Software\RegisteredApplicationsEx
Sleutel Verwijderd : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Sleutel Verwijderd : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Sleutel Verwijderd : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Sleutel Verwijderd : HKLM\Software\SW-Booster
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sw-boo~1\assist~1.dll
Gegevens Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17028


-\\ Mozilla Firefox v30.0 (nl)

[ Bestand : C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\6xd6q621.default\prefs.js ]

Regel verwijderd : user_pref("extensions.U5IFytqmre.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Regel verwijderd : user_pref("extensions.yYJ1RL.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5171 octets] - [10/07/2014 08:37:07]
AdwCleaner[S0].txt - [5022 octets] - [10/07/2014 08:38:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5082 octets] ##########
 

 

 

JRT




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Jesse on 10/07/2014 at  8:44:02.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD0B1C2-DFB7-D963-E6D2-B34489222DE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AFD0B1C2-DFB7-D963-E6D2-B34489222DE3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AFD0B1C2-DFB7-D963-E6D2-B34489222DE3}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Jesse\AppData\Roaming\mozilla\firefox\profiles\6xd6q621.default\prefs.js

user_pref("extensions.U5IFytqmre.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\"
user_pref("extensions.yYJ1RL.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1
user_pref("extensions.yYJ1RL.url", "hxxp://getjpi.info/sync2/?q=hfZ9ofV9CShEAen0qTs8tMqLDe49CNU0nUkMCMlNhd9Fqda6rdCFqjr5qjUMBzqUojw9rdCFrda7qdw9pih7hfs0pihPBMn0qTwGqHsGpjg5qHr
Emptied folder: C:\Users\Jesse\AppData\Roaming\mozilla\firefox\profiles\6xd6q621.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/07/2014 at  8:48:46.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by Jesse (administrator) on ASUS on 10-07-2014 08:51:01
Running from C:\Users\Jesse\Downloads\Programs
Platform: Windows 8 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\ProgramData\banda larga tmn\OnlineUpdate\ouc.exe
(Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeter.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Thisisu) C:\Users\Jesse\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [InstallerLauncher] => C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe [572032 2014-01-23] (Bitdefender)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [253952 2010-06-25] (Vodafone)
HKLM-x32\...\Run: [VodafoneMobileWiFi] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe [311296 2012-03-22] (Vodafone)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3088448 2013-03-06] (Disc Soft Ltd)
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [1188752 2009-03-13] (Hagel Technologies Ltd.)
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3573624 2013-03-22] (Tonec Inc.)
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {012e6a84-bfd8-11e3-beaa-001e101f018e} - "F:\AutoRun.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {04ebc4e2-d08c-11e3-beab-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {33440b51-c8a0-11e2-be8d-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {33440bd6-c8a0-11e2-be8d-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {4c0b92b8-8d98-11e2-be7f-00a0c6000000} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {4c0b92fc-8d98-11e2-be7f-00a0c6000000} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {a0142253-76e0-11e2-be7d-08606e89a73d} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {a0142287-76e0-11e2-be7d-08606e89a73d} - "G:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {a68042ce-c0df-11e3-beab-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {a68049af-c0df-11e3-beab-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {a6804ed1-c0df-11e3-beab-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {a68053a1-c0df-11e3-beab-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {a6805421-c0df-11e3-beab-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {a68054d2-c0df-11e3-beab-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {c3fd1a9e-d788-11e3-beac-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {c3fd1ebd-d788-11e3-beac-08606e89a73d} - "F:\AutoRun.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {c3fd1ec7-d788-11e3-beac-08606e89a73d} - "G:\AutoRun.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {c3fd1f41-d788-11e3-beac-08606e89a73d} - "F:\AutoRun.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {cf80befc-166a-11e3-be96-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {cf80c0b0-166a-11e3-be96-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {cf80c88e-166a-11e3-be96-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {cf80c8a2-166a-11e3-be96-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {d2bcdb76-2377-11e3-be97-08606e89a73d} - "F:\SetupWi-Fi.exe"
HKU\S-1-5-21-1071447102-838638193-4033568735-1002\...\MountPoints2: {dfde49a7-be41-11e3-bea8-08606e89a73d} - "F:\AutoRun.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DUSuperControler.lnk
ShortcutTarget: DUSuperControler.lnk -> C:\Program Files (x86)\DU Super Controler\DUSuperControler.exe (Zukanovic Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Adblocker - {A8295E1A-855D-826B-D4C0-C4339E6D468F} - C:\Program Files (x86)\Adblocker\hQgj.x64.dll No File
BHO: priceCihop - {AFD0B1C2-DFB7-D963-E6D2-B34489222DE3} - C:\Program Files (x86)\priceCihop\CwOIIS0A.x64.dll ()
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adblocker - {A8295E1A-855D-826B-D4C0-C4339E6D468F} - C:\Program Files (x86)\Adblocker\hQgj.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{925DB977-992C-4F41-A633-4B3BE2E74C35}: [NameServer]88.214.182.2 88.214.178.1
Tcpip\..\Interfaces\{E7C5FDEC-2B4A-4DBD-BFFB-793DD88961F6}: [NameServer]88.214.182.1 88.214.178.2

FireFox:
========
FF ProfilePath: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\6xd6q621.default
FF Homepage: https://www.google.be/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Bitdefender.com/PasswordManager;version=17.8 - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jesse\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: piricaechhoop - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\6xd6q621.default\Extensions\dkoc-0uuyu@jmtkxf-ieya.net [2014-07-07]
FF Extension: KeeFox - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\6xd6q621.default\Extensions\keefox@chris.tomlinson [2014-06-13]
FF Extension: Adblocker - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\6xd6q621.default\Extensions\ogo-7mcl@lbvkuaiealm.co.uk [2014-07-07]
FF Extension: eID België - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\6xd6q621.default\Extensions\belgiumeid@eid.belgium.be.xpi [2013-07-17]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Jesse\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Jesse\AppData\Roaming\IDM\idmmzcc5 [2013-03-24]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Jesse\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Browse Save Win) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-07-07]
CHR Extension: (piricaechhoop) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnagfejiaojafamimegcpcfjhggnomi [2014-07-07]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-03-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
S2 banda larga tmn. RunOuc; C:\Program Files (x86)\banda larga tmn\UpdateDog\ouc.exe [246112 2014-04-09] ()
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [580672 2013-03-06] (Disc Soft Ltd)
R2 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [566672 2009-03-13] (Hagel Technologies Ltd.) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-03-11] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-06-25] (Vodafone) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-05] (www.winchiphead.com)
R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2013-03-11] (Disc Soft Ltd)
S3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [20840 2011-09-12] (Hagel Technologies Ltd.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
U0 msahci;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 08:50 - 2014-07-10 08:51 - 00000000 ____D () C:\FRST
2014-07-10 08:48 - 2014-07-10 08:48 - 00001961 _____ () C:\Users\Jesse\Desktop\JRT.txt
2014-07-10 08:43 - 2014-07-10 08:43 - 00000000 ____D () C:\Windows\ERUNT
2014-07-10 08:40 - 2014-07-10 08:40 - 05123096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 08:37 - 2014-07-10 08:38 - 00000000 ____D () C:\AdwCleaner
2014-07-10 08:37 - 2014-07-10 08:37 - 01016261 _____ (Thisisu) C:\Users\Jesse\Desktop\JRT.exe
2014-07-10 08:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-09 15:44 - 2014-07-09 15:44 - 00032622 _____ () C:\Users\Jesse\Desktop\dds.txt
2014-07-09 15:44 - 2014-07-09 15:44 - 00007862 _____ () C:\Users\Jesse\Desktop\attach.txt
2014-07-09 15:44 - 2014-07-09 15:44 - 00000000 ____D () C:\Users\Jesse\Desktop\cleaing windows
2014-07-09 15:42 - 2014-07-09 15:43 - 00688992 ____R (Swearware) C:\Users\Jesse\Downloads\dds.com
2014-07-09 14:21 - 2014-06-26 21:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 14:21 - 2014-06-26 21:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 12:35 - 2014-07-09 12:35 - 00012173 _____ () C:\Users\Jesse\Desktop\hijackthis2
2014-07-09 12:34 - 2014-06-18 00:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 12:34 - 2014-06-18 00:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 12:34 - 2014-06-11 05:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 12:34 - 2014-05-30 00:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 12:34 - 2014-05-30 00:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 12:34 - 2014-05-30 00:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 12:34 - 2014-05-30 00:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 12:34 - 2014-04-19 10:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-07-09 12:33 - 2014-06-02 23:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 12:32 - 2014-06-19 03:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 12:32 - 2014-06-19 03:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 12:32 - 2014-06-19 03:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 12:32 - 2014-06-19 03:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 12:32 - 2014-06-19 03:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 12:32 - 2014-06-19 03:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 12:32 - 2014-06-19 03:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 12:32 - 2014-06-19 03:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 12:32 - 2014-06-19 03:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 12:32 - 2014-06-19 03:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 12:32 - 2014-06-19 01:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 12:32 - 2014-06-19 01:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 12:32 - 2014-06-19 01:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 12:32 - 2014-06-19 01:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 12:32 - 2014-06-19 01:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 12:32 - 2014-06-19 01:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 12:32 - 2014-06-19 01:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 12:32 - 2014-06-19 01:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 12:32 - 2014-06-19 01:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 12:32 - 2014-06-19 01:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 12:32 - 2014-06-19 01:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 12:32 - 2014-06-18 23:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 12:32 - 2014-06-06 15:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 12:32 - 2014-06-06 11:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 12:32 - 2014-05-29 23:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 12:32 - 2014-05-03 07:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 12:32 - 2014-05-03 07:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 12:32 - 2014-05-03 05:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 12:32 - 2014-05-01 23:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 12:32 - 2014-04-29 23:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 12:32 - 2014-04-29 23:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 12:32 - 2014-04-24 00:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 12:32 - 2014-04-24 00:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 12:32 - 2014-04-24 00:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 12:32 - 2014-04-24 00:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 12:32 - 2014-02-08 05:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-09 12:32 - 2014-01-31 01:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-07-09 12:32 - 2013-08-16 06:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-07-09 12:26 - 2014-07-09 12:26 - 00012206 _____ () C:\Users\Jesse\Desktop\hijackthis.log
2014-07-09 12:24 - 2014-07-09 12:36 - 00000000 ____D () C:\Users\Jesse\Downloads\backups
2014-07-09 12:21 - 2014-07-09 12:21 - 00012915 _____ () C:\Users\Jesse\Downloads\hijackthis.log
2014-07-09 12:20 - 2014-07-09 12:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jesse\Downloads\HijackThis.exe
2014-07-08 19:21 - 2014-07-08 19:27 - 324243942 _____ () C:\Users\Jesse\Downloads\The.Returned.S01E07.DVDRip.x264-ARCHiViST.mkv
2014-07-08 19:21 - 2014-07-08 19:26 - 274297368 _____ () C:\Users\Jesse\Downloads\The.Returned.S01E06.DVDRip.x264-ARCHiViST.mkv
2014-07-08 19:21 - 2014-07-08 19:26 - 271368357 _____ () C:\Users\Jesse\Downloads\The.Returned.S01E05.DVDRip.x264-ARCHiViST.mkv
2014-07-08 19:17 - 2014-07-08 19:20 - 251179583 _____ () C:\Users\Jesse\Downloads\The.Returned.S01E04.DVDRip.x264-ARCHiViST.mkv
2014-07-07 17:51 - 2014-07-07 17:51 - 00001260 _____ () C:\Users\Jesse\Desktop\Spybot - Search & Destroy.lnk
2014-07-07 17:51 - 2014-07-07 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-07-07 17:41 - 2014-07-07 17:41 - 00000000 ____D () C:\Windows\SysWOW64\X86
2014-07-07 17:41 - 2014-07-07 17:41 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2014-07-07 17:41 - 2014-07-07 17:41 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-07-07 17:39 - 2014-07-07 17:39 - 00000000 ____D () C:\ProgramData\priceCihop
2014-07-07 17:39 - 2014-07-07 17:39 - 00000000 ____D () C:\Program Files (x86)\priceCihop
2014-07-07 17:38 - 2014-07-07 17:39 - 00000000 ____D () C:\ProgramData\eb64a50985f10bee
2014-07-07 17:38 - 2014-07-07 17:38 - 00000262 __RSH () C:\ProgramData\ntuser.pol
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Google
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Comodo
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Gast
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Administrator
2014-07-07 17:35 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Jesse\Documents\My Palettes
2014-07-07 17:10 - 2014-07-07 17:10 - 00000000 ____D () C:\ProgramData\StunningSoftware
2014-07-07 17:08 - 2014-07-07 17:08 - 00000000 ____D () C:\Users\Jesse\Documents\Corel
2014-07-07 17:07 - 2014-07-07 17:08 - 00000000 ____D () C:\ProgramData\Protexis64
2014-07-07 17:07 - 2014-07-07 17:07 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Corel
2014-07-07 16:59 - 2014-07-07 16:56 - 00002521 _____ () C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
2014-07-07 16:59 - 2014-07-07 16:55 - 00003056 _____ () C:\Users\Public\Desktop\Corel CAPTURE X7 (64-Bit).lnk
2014-07-07 16:59 - 2014-07-07 16:55 - 00002345 _____ () C:\Users\Public\Desktop\Corel CONNECT X7 (64-Bit).lnk
2014-07-07 16:59 - 2014-07-07 16:54 - 00003063 _____ () C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk
2014-07-07 16:59 - 2014-07-07 16:54 - 00003015 _____ () C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2014-07-07 16:56 - 2014-07-07 16:56 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-07-07 16:56 - 2014-07-07 16:56 - 00000000 ____D () C:\Program Files\Common Files\Corel
2014-07-07 16:55 - 2014-07-07 16:55 - 00000000 ____D () C:\Users\Public\Documents\Corel
2014-07-07 16:54 - 2014-07-07 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2014-07-07 16:54 - 2014-07-07 16:56 - 00000000 ____D () C:\ProgramData\Corel
2014-07-07 16:53 - 2014-07-07 16:54 - 00000000 ____D () C:\Program Files\Corel
2014-07-07 16:52 - 2014-07-07 17:06 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2014-07-05 13:57 - 2014-07-05 13:57 - 00110080 _____ () C:\Users\Jesse\Downloads\RAI EI 08 561 risicoanalyse.xls
2014-07-03 18:56 - 2014-07-03 18:56 - 00013228 _____ () C:\Users\Jesse\Desktop\Untitle-2.as1
2014-07-03 17:59 - 2014-07-03 17:59 - 00014346 _____ () C:\Users\Jesse\Desktop\Untitle-2.ac6
2014-07-03 17:51 - 2014-07-03 17:51 - 00000000 ____D () C:\WCH.CN
2014-07-03 17:51 - 2011-11-05 00:00 - 00058368 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S64.SYS
2014-07-03 17:51 - 2011-11-05 00:00 - 00039696 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341SER.SYS
2014-07-03 17:51 - 2008-12-18 00:00 - 00020089 _____ () C:\Windows\system32\CH341SER.VXD
2014-07-03 17:51 - 2007-06-12 00:00 - 00019680 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S98.SYS
2014-07-03 17:51 - 2005-07-30 00:00 - 00006712 _____ (www.winchiphead.com) C:\Windows\SysWOW64\CH341PT.DLL
2014-07-03 17:51 - 2005-07-30 00:00 - 00006712 _____ (www.winchiphead.com) C:\Windows\system32\CH341PT.DLL
2014-07-03 17:11 - 2014-07-03 17:11 - 00000671 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artcut2009.lnk
2014-07-03 17:11 - 2014-07-03 17:11 - 00000665 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Artcut2009.lnk
2014-07-03 17:11 - 2014-07-03 17:11 - 00000659 _____ () C:\Users\Public\Desktop\Artcut2009.lnk
2014-07-03 17:11 - 2014-07-03 17:11 - 00000000 ____D () C:\artcut6
2014-06-28 10:30 - 2014-06-28 10:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 23:13 - 2014-04-08 21:30 - 226006144 _____ () C:\Users\Jesse\Desktop\Califonication.S06E02.DVDRip.X264-DEMAND.mkv
2014-06-11 18:29 - 2014-07-09 12:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 18:00 - 2013-08-16 06:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2014-06-11 18:00 - 2013-08-16 06:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-06-11 18:00 - 2013-08-16 06:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-06-11 18:00 - 2013-08-16 06:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2014-06-11 18:00 - 2013-08-16 06:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2014-06-11 18:00 - 2013-08-16 06:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-06-11 18:00 - 2013-08-16 06:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2014-06-11 18:00 - 2013-08-16 06:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2014-06-11 18:00 - 2013-08-16 06:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2014-06-11 18:00 - 2013-08-16 06:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-06-11 18:00 - 2013-08-15 23:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-06-11 18:00 - 2013-08-15 23:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2014-06-11 18:00 - 2013-08-15 23:43 - 00083968 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-06-11 18:00 - 2013-08-15 23:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2014-06-11 18:00 - 2013-08-15 23:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2014-06-11 17:52 - 2014-03-28 09:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-11 17:52 - 2014-03-28 07:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-11 17:52 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2014-06-11 17:52 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-06-11 17:52 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2014-06-11 17:52 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-06-11 17:52 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-06-11 17:52 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-06-11 17:52 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-06-11 17:52 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-06-11 17:52 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-06-11 17:52 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2014-06-11 17:52 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-06-11 17:52 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-06-11 17:50 - 2014-01-27 04:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-06-11 17:50 - 2014-01-11 07:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-11 17:49 - 2014-04-03 12:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-11 17:49 - 2014-04-03 04:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-11 17:49 - 2014-03-31 23:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-06-11 17:49 - 2014-03-25 00:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-06-11 17:49 - 2014-03-24 23:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-11 17:49 - 2014-02-04 00:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-06-11 17:49 - 2014-02-04 00:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-06-11 17:49 - 2014-01-31 01:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-06-11 17:49 - 2014-01-31 01:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-06-11 17:49 - 2014-01-16 00:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-06-11 17:49 - 2014-01-11 06:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-11 17:49 - 2014-01-03 00:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-06-11 17:49 - 2014-01-03 00:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-06-11 17:49 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-06-11 17:49 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-06-11 17:49 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-06-11 17:49 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-06-11 17:49 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-06-11 17:49 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-06-11 17:49 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-06-11 17:49 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-06-11 17:49 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-06-11 17:49 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-06-11 17:49 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-06-11 17:49 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-06-11 17:49 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-06-11 17:49 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-06-11 17:49 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-06-11 17:49 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-06-11 17:49 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-06-11 17:49 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-06-11 17:49 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-06-11 17:49 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-06-11 17:49 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-06-11 17:49 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-06-11 17:46 - 2014-03-28 20:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-06-11 17:46 - 2014-03-23 23:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-06-11 17:46 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-06-11 17:46 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-06-11 17:45 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-06-11 17:45 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-06-11 17:44 - 2014-04-29 23:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-11 17:44 - 2014-04-29 23:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-11 17:44 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-06-11 17:44 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-06-11 17:44 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-06-11 17:43 - 2014-05-03 06:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 17:43 - 2014-05-03 04:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-11 17:41 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 17:41 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 17:40 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-06-11 17:40 - 2013-07-05 23:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-06-11 17:40 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2014-06-11 17:40 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-06-11 17:40 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-06-11 17:39 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-06-11 17:39 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-06-11 17:39 - 2013-07-09 09:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-06-11 17:39 - 2013-07-09 07:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-06-11 17:39 - 2013-07-09 05:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-06-11 17:39 - 2013-07-09 04:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2014-06-11 17:39 - 2013-07-08 23:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-06-11 17:39 - 2013-07-08 23:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-06-11 17:39 - 2013-07-08 23:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2014-06-11 17:39 - 2013-07-08 23:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2014-06-11 17:39 - 2013-07-03 01:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-06-11 17:39 - 2013-07-03 01:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-06-11 17:39 - 2013-07-03 01:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-06-11 17:39 - 2013-07-03 01:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-06-11 17:39 - 2013-06-30 23:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2014-06-11 17:39 - 2013-06-30 23:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2014-06-11 17:39 - 2013-06-29 07:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-06-11 17:39 - 2013-06-29 07:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-06-11 17:39 - 2013-06-26 04:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2014-06-11 17:39 - 2013-06-26 03:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-06-11 17:39 - 2013-06-24 23:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-06-11 17:39 - 2013-06-24 23:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-06-11 17:39 - 2013-06-24 23:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-06-11 17:39 - 2013-06-19 06:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-06-11 17:39 - 2013-06-19 06:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-06-11 17:39 - 2013-06-18 23:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-06-11 17:39 - 2013-06-18 23:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-06-11 17:39 - 2013-06-12 00:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-06-11 17:39 - 2013-06-12 00:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-06-11 17:39 - 2013-06-10 20:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-06-11 17:39 - 2013-06-10 20:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-06-11 17:39 - 2013-06-10 20:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-06-11 17:39 - 2013-06-10 20:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-06-11 17:39 - 2013-06-06 09:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-06-11 17:34 - 2014-04-12 10:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-11 17:34 - 2014-04-12 10:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-11 17:34 - 2014-04-12 10:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-06-11 17:34 - 2014-04-12 10:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-11 17:34 - 2014-04-12 10:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-11 17:34 - 2014-04-12 10:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-11 17:34 - 2014-04-12 10:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-11 17:34 - 2014-04-12 10:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-11 17:34 - 2014-04-12 08:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-06-11 17:34 - 2014-04-12 08:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-11 17:34 - 2014-04-12 08:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-11 17:34 - 2014-04-12 08:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-11 17:34 - 2014-04-12 08:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-11 17:34 - 2014-04-12 08:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-11 17:34 - 2014-04-12 07:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-06-11 17:34 - 2014-03-11 04:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-11 17:34 - 2014-03-11 01:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-11 17:34 - 2014-03-11 01:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-11 17:34 - 2014-03-11 01:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-11 17:34 - 2014-03-11 01:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-11 17:34 - 2014-03-11 01:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-11 17:34 - 2014-03-11 01:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-11 17:34 - 2014-03-11 01:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-11 17:34 - 2014-03-11 01:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-06-11 17:34 - 2014-03-11 01:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-11 17:34 - 2014-03-11 01:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-11 17:34 - 2014-03-11 01:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-11 17:34 - 2014-03-10 04:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-11 17:34 - 2014-03-10 02:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-11 17:34 - 2014-03-04 00:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-06-11 17:34 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-06-11 17:34 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-06-11 17:34 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-06-11 17:34 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-06-11 17:34 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-06-11 17:34 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-06-11 17:34 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-06-11 17:34 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-06-11 17:34 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-06-11 17:34 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-06-11 17:34 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-06-11 17:34 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-06-11 17:34 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-06-11 17:32 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-06-11 17:32 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-06-11 17:32 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-06-11 17:32 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-06-11 17:32 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-06-11 17:32 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-06-11 17:32 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-06-11 17:32 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-06-11 17:32 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-06-11 17:32 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-06-11 17:30 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-11 17:30 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-06-11 17:29 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-06-11 17:29 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-06-11 17:29 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-06-11 17:29 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-06-11 17:28 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-06-11 17:28 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-06-11 17:28 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-06-11 17:28 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-06-11 17:28 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-06-11 17:28 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-06-11 17:28 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-06-11 17:27 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-06-11 17:27 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-06-11 17:26 - 2014-03-28 09:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-06-11 17:22 - 2014-04-03 12:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 17:22 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-06-11 17:22 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-06-11 17:20 - 2014-03-07 01:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 17:20 - 2014-03-07 01:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 17:20 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-06-11 17:20 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-06-11 17:20 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-06-11 17:20 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-06-11 17:20 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-06-11 17:20 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-06-11 17:20 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-06-11 17:20 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-06-11 17:20 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-06-11 17:20 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-06-11 17:20 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-06-11 17:20 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-06-11 17:20 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-06-11 17:20 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-06-11 17:20 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-06-11 17:19 - 2014-03-01 10:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-11 17:19 - 2014-03-01 10:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-06-11 17:19 - 2014-03-01 09:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-06-11 17:19 - 2014-03-01 07:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-11 17:19 - 2014-02-27 00:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-06-11 17:19 - 2014-02-27 00:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-06-11 17:19 - 2014-02-27 00:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-06-11 17:19 - 2014-02-15 05:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-06-11 17:19 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-06-11 17:19 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-06-11 17:19 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-06-11 17:19 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-06-11 17:19 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-06-11 17:19 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-06-11 17:19 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-06-11 17:19 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-06-11 17:19 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-06-11 17:19 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-06-11 17:19 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-06-11 17:19 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

==================== One Month Modified Files and Folders =======

2014-07-10 08:51 - 2014-07-10 08:50 - 00000000 ____D () C:\FRST
2014-07-10 08:50 - 2013-01-22 15:28 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1071447102-838638193-4033568735-1002
2014-07-10 08:48 - 2014-07-10 08:48 - 00001961 _____ () C:\Users\Jesse\Desktop\JRT.txt
2014-07-10 08:47 - 2013-03-18 22:11 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\vlc
2014-07-10 08:45 - 2013-03-11 15:02 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CrashDumps
2014-07-10 08:43 - 2014-07-10 08:43 - 00000000 ____D () C:\Windows\ERUNT
2014-07-10 08:41 - 2013-01-22 15:23 - 00000500 _____ () C:\Users\Jesse\AppData\Roaming\sp_data.sys
2014-07-10 08:40 - 2014-07-10 08:40 - 05123096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 08:40 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 08:39 - 2012-11-12 18:42 - 01456038 _____ () C:\Windows\WindowsUpdate.log
2014-07-10 08:39 - 2012-08-02 14:24 - 00076936 _____ () C:\Windows\PFRO.log
2014-07-10 08:38 - 2014-07-10 08:37 - 00000000 ____D () C:\AdwCleaner
2014-07-10 08:38 - 2013-03-24 17:53 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\DMCache
2014-07-10 08:37 - 2014-07-10 08:37 - 01016261 _____ (Thisisu) C:\Users\Jesse\Desktop\JRT.exe
2014-07-10 08:35 - 2013-01-24 15:48 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Adobe
2014-07-10 08:32 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-09 23:32 - 2013-03-20 15:27 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1071447102-838638193-4033568735-1002UA.job
2014-07-09 21:15 - 2013-03-24 17:53 - 00000000 ____D () C:\Users\Jesse\Downloads\Video
2014-07-09 15:44 - 2014-07-09 15:44 - 00032622 _____ () C:\Users\Jesse\Desktop\dds.txt
2014-07-09 15:44 - 2014-07-09 15:44 - 00007862 _____ () C:\Users\Jesse\Desktop\attach.txt
2014-07-09 15:44 - 2014-07-09 15:44 - 00000000 ____D () C:\Users\Jesse\Desktop\cleaing windows
2014-07-09 15:43 - 2014-07-09 15:42 - 00688992 ____R (Swearware) C:\Users\Jesse\Downloads\dds.com
2014-07-09 15:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-07-09 14:32 - 2013-03-20 15:27 - 00000916 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1071447102-838638193-4033568735-1002Core.job
2014-07-09 14:32 - 2012-08-03 00:15 - 00796920 _____ () C:\Windows\system32\perfh013.dat
2014-07-09 14:32 - 2012-08-03 00:15 - 00159176 _____ () C:\Windows\system32\perfc013.dat
2014-07-09 14:32 - 2012-07-26 08:28 - 01792392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 14:17 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-07-09 14:17 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 14:17 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 14:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 14:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-07-09 14:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\en-GB
2014-07-09 14:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-09 14:16 - 2012-07-26 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 14:16 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-09 14:16 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-09 14:16 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-09 14:16 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-07-09 12:52 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-09 12:40 - 2014-06-11 18:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 12:38 - 2013-01-22 17:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 12:37 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-09 12:36 - 2014-07-09 12:24 - 00000000 ____D () C:\Users\Jesse\Downloads\backups
2014-07-09 12:35 - 2014-07-09 12:35 - 00012173 _____ () C:\Users\Jesse\Desktop\hijackthis2
2014-07-09 12:26 - 2014-07-09 12:26 - 00012206 _____ () C:\Users\Jesse\Desktop\hijackthis.log
2014-07-09 12:26 - 2014-01-11 20:39 - 00000000 ____D () C:\Users\Jesse\Downloads\Walking dead 4
2014-07-09 12:21 - 2014-07-09 12:21 - 00012915 _____ () C:\Users\Jesse\Downloads\hijackthis.log
2014-07-09 12:20 - 2014-07-09 12:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jesse\Downloads\HijackThis.exe
2014-07-09 11:13 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-08 21:43 - 2013-03-24 17:53 - 00000000 ____D () C:\Users\Jesse\Downloads\Compressed
2014-07-08 19:27 - 2014-07-08 19:21 - 324243942 _____ () C:\Users\Jesse\Downloads\The.Returned.S01E07.DVDRip.x264-ARCHiViST.mkv
2014-07-08 19:26 - 2014-07-08 19:21 - 274297368 _____ () C:\Users\Jesse\Downloads\The.Returned.S01E06.DVDRip.x264-ARCHiViST.mkv
2014-07-08 19:26 - 2014-07-08 19:21 - 271368357 _____ () C:\Users\Jesse\Downloads\The.Returned.S01E05.DVDRip.x264-ARCHiViST.mkv
2014-07-08 19:20 - 2014-07-08 19:17 - 251179583 _____ () C:\Users\Jesse\Downloads\The.Returned.S01E04.DVDRip.x264-ARCHiViST.mkv
2014-07-08 14:02 - 2014-05-15 17:16 - 00000306 _____ () C:\Users\Jesse\Desktop\opsys visa dina.txt
2014-07-07 17:57 - 2013-01-23 10:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-07 17:51 - 2014-07-07 17:51 - 00001260 _____ () C:\Users\Jesse\Desktop\Spybot - Search & Destroy.lnk
2014-07-07 17:51 - 2014-07-07 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-07-07 17:51 - 2013-01-23 10:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-07-07 17:41 - 2014-07-07 17:41 - 00000000 ____D () C:\Windows\SysWOW64\X86
2014-07-07 17:41 - 2014-07-07 17:41 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2014-07-07 17:41 - 2014-07-07 17:41 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-07-07 17:39 - 2014-07-07 17:39 - 00000000 ____D () C:\ProgramData\priceCihop
2014-07-07 17:39 - 2014-07-07 17:39 - 00000000 ____D () C:\Program Files (x86)\priceCihop
2014-07-07 17:39 - 2014-07-07 17:38 - 00000000 ____D () C:\ProgramData\eb64a50985f10bee
2014-07-07 17:38 - 2014-07-07 17:38 - 00000262 __RSH () C:\ProgramData\ntuser.pol
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Google
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Comodo
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Gast
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-07 17:38 - 2014-07-07 17:38 - 00000000 ____D () C:\Users\Administrator
2014-07-07 17:38 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-07 17:38 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-07 17:35 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Jesse\Documents\My Palettes
2014-07-07 17:11 - 2013-03-22 19:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-07-07 17:10 - 2014-07-07 17:10 - 00000000 ____D () C:\ProgramData\StunningSoftware
2014-07-07 17:08 - 2014-07-07 17:08 - 00000000 ____D () C:\Users\Jesse\Documents\Corel
2014-07-07 17:08 - 2014-07-07 17:07 - 00000000 ____D () C:\ProgramData\Protexis64
2014-07-07 17:07 - 2014-07-07 17:07 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Corel
2014-07-07 17:06 - 2014-07-07 16:52 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2014-07-07 17:05 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-07 17:02 - 2014-07-07 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2014-07-07 16:58 - 2013-11-06 22:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-07 16:58 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-07 16:56 - 2014-07-07 16:59 - 00002521 _____ () C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
2014-07-07 16:56 - 2014-07-07 16:56 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-07-07 16:56 - 2014-07-07 16:56 - 00000000 ____D () C:\Program Files\Common Files\Corel
2014-07-07 16:56 - 2014-07-07 16:54 - 00000000 ____D () C:\ProgramData\Corel
2014-07-07 16:55 - 2014-07-07 16:59 - 00003056 _____ () C:\Users\Public\Desktop\Corel CAPTURE X7 (64-Bit).lnk
2014-07-07 16:55 - 2014-07-07 16:59 - 00002345 _____ () C:\Users\Public\Desktop\Corel CONNECT X7 (64-Bit).lnk
2014-07-07 16:55 - 2014-07-07 16:55 - 00000000 ____D () C:\Users\Public\Documents\Corel
2014-07-07 16:54 - 2014-07-07 16:59 - 00003063 _____ () C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk
2014-07-07 16:54 - 2014-07-07 16:59 - 00003015 _____ () C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2014-07-07 16:54 - 2014-07-07 16:53 - 00000000 ____D () C:\Program Files\Corel
2014-07-05 13:57 - 2014-07-05 13:57 - 00110080 _____ () C:\Users\Jesse\Downloads\RAI EI 08 561 risicoanalyse.xls
2014-07-03 19:43 - 2013-01-25 14:22 - 00555008 ___SH () C:\Users\Jesse\Desktop\Thumbs.db
2014-07-03 18:56 - 2014-07-03 18:56 - 00013228 _____ () C:\Users\Jesse\Desktop\Untitle-2.as1
2014-07-03 18:19 - 2013-01-22 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-03 17:59 - 2014-07-03 17:59 - 00014346 _____ () C:\Users\Jesse\Desktop\Untitle-2.ac6
2014-07-03 17:51 - 2014-07-03 17:51 - 00000000 ____D () C:\WCH.CN
2014-07-03 17:11 - 2014-07-03 17:11 - 00000671 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artcut2009.lnk
2014-07-03 17:11 - 2014-07-03 17:11 - 00000665 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Artcut2009.lnk
2014-07-03 17:11 - 2014-07-03 17:11 - 00000659 _____ () C:\Users\Public\Desktop\Artcut2009.lnk
2014-07-03 17:11 - 2014-07-03 17:11 - 00000000 ____D () C:\artcut6
2014-07-03 17:11 - 2012-11-12 18:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-01 17:47 - 2012-07-26 08:21 - 00096597 _____ () C:\Windows\setupact.log
2014-06-28 10:31 - 2014-06-28 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-27 16:49 - 2013-03-11 16:44 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-27 16:49 - 2013-03-11 16:26 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-26 21:53 - 2014-07-09 14:21 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 21:53 - 2014-07-09 14:21 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-19 03:12 - 2014-07-09 12:32 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 03:12 - 2014-07-09 12:32 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 03:12 - 2014-07-09 12:32 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-19 03:12 - 2014-07-09 12:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-19 03:12 - 2014-07-09 12:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 03:11 - 2014-07-09 12:32 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:11 - 2014-07-09 12:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 03:11 - 2014-07-09 12:32 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 03:10 - 2014-07-09 12:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 03:09 - 2014-07-09 12:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:53 - 2014-07-09 12:32 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 01:53 - 2014-07-09 12:32 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 01:53 - 2014-07-09 12:32 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 01:53 - 2014-07-09 12:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 01:53 - 2014-07-09 12:32 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 01:53 - 2014-07-09 12:32 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 01:53 - 2014-07-09 12:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 01:52 - 2014-07-09 12:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:52 - 2014-07-09 12:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:33 - 2014-07-09 12:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 01:30 - 2014-07-09 12:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 23:05 - 2014-07-09 12:32 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-06-18 00:27 - 2014-07-09 12:34 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 00:24 - 2014-07-09 12:34 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 00:38 - 2013-03-24 17:53 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\IDM
2014-06-12 22:42 - 2012-08-17 01:52 - 06007202 _____ () C:\Windows\AsDebug.log
2014-06-11 23:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-11 23:14 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-06-11 23:14 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-06-11 05:18 - 2014-07-09 12:34 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Jesse\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-27 05:31

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by Jesse at 2014-07-10 08:51:53
Running from C:\Users\Jesse\Downloads\Programs
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Artcut2009 (HKLM-x32\...\{FA01D751-CE47-4533-BB5D-9BB34514A43B}) (Version: 7.0 - Beijing Wentai Technology Co. Ltd)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Product Demo Movie  (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
banda larga tmn (HKLM-x32\...\banda larga tmn) (Version: 23.001.07.02.84 - Huawei Technologies Co.,Ltd)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 1.0.0.0068 - Disc Soft Ltd)
DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 5.20 - Hagel Technologies Ltd.)
DU Super Controler (remove only) (HKLM-x32\...\DU Super Controler) (Version:  - )
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google SketchUp 8 (HKLM-x32\...\{13FE3480-9E41-48C0-930F-BFC0767CC340}) (Version: 3.0.14369 - Google, Inc.)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Kobo (HKLM-x32\...\Kobo) (Version: 3.4.0 - Kobo Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 Finalizer (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support  - Module linguistique Français (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - DEU-Sprachpaket (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Language Pack ITA (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Paquete de idioma ESN (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 한국어 언어 팩 (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 日本語 Language Pack (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 主控支援 - 繁體中文語言套件 (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 托管支持 - 简体中文语言包 (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - DEU-Sprachpaket (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Language Pack ITA (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Module linguistique Français (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Paquete de idioma ESN (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 한국어 언어 팩 (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 日本語 Language Pack (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 主控支援 - 繁體中文語言套件 (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 托管支持 - 简体中文语言包 (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 nl)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photomatix Pro version 4.0.1 (HKLM\...\PhotomatixPro4.0x64_is1) (Version: 4.0.1 - HDRsoft Sarl)
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version:  - FarSight Studios)
priceCihop (HKLM-x32\...\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}) (Version: 4.3.0.1667 - pricechop)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader Extreme HD (HKLM-x32\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.0.0.6 - GOG.com)
Stronghold Kingdoms (HKLM-x32\...\Steam App 47410) (Version:  - FireFly Studios)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.0.302.24346 - Vodafone)
Vodafone Wi-Fi Installer (HKLM-x32\...\{046DE6F8-7B41-465A-B127-848D88AB1AB8}) (Version: 1.0.0.38389 - Vodafone)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

10-06-2014 20:33:19 Gepland controlepunt
28-06-2014 17:00:07 Gepland controlepunt
07-07-2014 15:57:25 Microsoft Visual Studio Tools for Applications 2012

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02846866-B9EC-4CB5-A5B8-4E9EBD79A23C} - System32\Tasks\AdobeAAMUpdater-1.0-Asus-Jesse => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated)
Task: {04CA5FA0-1249-4D0F-B508-9C4F3DFC3D20} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {11C8FD6E-B1A8-4179-912C-57E30E75006E} - \SW-Booster-S-792098896 No Task File <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2F7642F3-C1AE-4597-B2B6-17DA4E595320} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1071447102-838638193-4033568735-1002UA => C:\Users\Jesse\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {3BC2D456-CF30-426B-A0D8-7A598FA6B9B7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {48ADA136-9B28-4DF0-8E4A-440C38E17F36} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {51FB9BCB-58AD-4FF6-AAD8-5EF8FC7C3094} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {53B9B2BC-2F65-46B2-8B8D-A492209C8EAA} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {742562BD-EE38-4601-9317-5928A224C4A5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1071447102-838638193-4033568735-1002Core => C:\Users\Jesse\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {76650096-7321-4E39-A44F-825835C52BB9} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1071447102-838638193-4033568735-1002Core.job => C:\Users\Jesse\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1071447102-838638193-4033568735-1002UA.job => C:\Users\Jesse\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-29 19:12 - 2014-03-04 15:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-12 18:22 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-09 10:59 - 2014-04-09 10:58 - 00246112 _____ () C:\ProgramData\banda larga tmn\OnlineUpdate\ouc.exe
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-03-11 16:26 - 2013-03-11 16:26 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-09-29 19:59 - 2012-09-29 19:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-29 20:01 - 2012-09-29 20:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-09 10:59 - 2014-04-09 10:58 - 00011362 _____ () C:\ProgramData\banda larga tmn\OnlineUpdate\mingwm10.dll
2014-04-09 10:59 - 2014-04-09 10:58 - 00043008 _____ () C:\ProgramData\banda larga tmn\OnlineUpdate\libgcc_s_dw2-1.dll
2014-04-09 10:59 - 2014-04-09 10:58 - 02415104 _____ () C:\ProgramData\banda larga tmn\OnlineUpdate\QtCore4.dll
2014-04-09 10:59 - 2014-04-09 10:58 - 01148416 _____ () C:\ProgramData\banda larga tmn\OnlineUpdate\QtNetwork4.dll
2014-04-09 10:59 - 2014-04-09 10:58 - 00384512 _____ () C:\ProgramData\banda larga tmn\OnlineUpdate\QueryStrategy.dll
2014-04-09 10:59 - 2014-04-09 10:58 - 00398336 _____ () C:\ProgramData\banda larga tmn\OnlineUpdate\QtXml4.dll
2012-09-11 15:01 - 2012-09-11 15:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-10-29 19:12 - 2014-03-04 15:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-12 18:29 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-06-28 10:30 - 2014-06-28 10:30 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\StartupFolder: => "DUSuperControler.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run32: => "AdobeCS4ServiceManager"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKCU\...\StartupApproved\Run: => "Facebook Update"
HKCU\...\StartupApproved\Run: => "IDMan"
HKCU\...\StartupApproved\Run: => "KiesPreload"
HKCU\...\StartupApproved\Run: => ""
HKCU\...\StartupApproved\Run: => "Steam"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 6021.54 MB
Available physical RAM: 4069.31 MB
Total Pagefile: 6981.54 MB
Available Pagefile: 4818.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:85.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.17 GB) (Free:88.41 GB) NTFS
Drive f: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:347.03 GB) FAT32
Drive g: () (Removable) (Total:14.83 GB) (Free:2.34 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 4AD209D2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 71B4AD9F)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

 

 

 

 

 

 

Thanks!


Edited by jesseagten, 10 July 2014 - 03:40 AM.


#4 jesseagten

jesseagten
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 11 July 2014 - 11:10 AM

wow, and all of a sudden my sound is gone to :s
Audio drivers work, newest drivers installed, no minijack inside the laptop, volume on max, no mute, all good.

Could this have something to do with the initial infection?



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 21 July 2014 - 01:50 PM

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.65KB   1 downloads

 

 

2.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 jesseagten

jesseagten
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 26 July 2014 - 01:43 AM

Hi,

Woohoo, the ads and pop ups are gone, thanks!! Will donate!
I do still have this weird thing. When I boot, sometimes my audio works, and sometimes it doesn't. This problem started 2 days after infection.
I checked devicemanager, audiosettings and drivers...


log!
 

System Variables
--------------------------------------------------------------------------------
OS: Windows 8
OS Architecture: 64-bit
OS Version: 6.2.9200
OS Service Pack:
Computer Name: ASUS
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Jesse
Current Profile SID: S-1-5-21-1071447102-838638193-4033568735-1002
Current Profile Classes: S-1-5-21-1071447102-838638193-4033568735-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Jesse\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:38:35

Process Count: 79
Commit Total: 2.21 GB
Commit Limit: 6.82 GB
Commit Peak: 2.37 GB
Handle Count: 22599
Kernel Total: 443.54 MB
Kernel Paged: 334.45 MB
Kernel Non Paged: 109.08 MB
System Cache: 3.41 GB
Thread Count: 837
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.88 GB
Memory Used: 1.95 GB(33.2155%)
Memory Avail.: 3.93 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.88 GB
Memory Used: 1.61 GB(27.353%)
Memory Avail.: 4.27 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (22/07/2014 12:52:42)

01 - Reset Registry Permissions
   Restore Windows 8 Default Registry Permissions
   Start (22/07/2014 12:52:47)

Decompressing & Updating Windows 8 Permission File hkud.txt
Done,  0.15 seconds.


Decompressing & Updating Windows 8 Permission File hkcu.txt
Done,  0.32 seconds.


Decompressing & Updating Windows 8 Permission File hkcr.txt
Done,  0.84 seconds.


Decompressing & Updating Windows 8 Permission File hklm.txt
Done,  1.79 seconds.

   Running Repair Under System Account
   Running Repair Under Current User Account
   Done (22/07/2014 12:56:43)

03 - Reset Service Permissions
   Start (22/07/2014 12:56:43)
   Running Repair Under System Account
   Done (22/07/2014 12:56:48)

04 - Register System Files
   Start (22/07/2014 12:56:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 12:57:09)

05 - Repair WMI
   Start (22/07/2014 12:57:09)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Windows Defender Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (22/07/2014 13:03:51)

06 - Repair Windows Firewall
   Start (22/07/2014 13:03:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:04:36)

07 - Repair Internet Explorer
   Start (22/07/2014 13:04:36)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:04:56)

08 - Repair MDAC/MS Jet
   Start (22/07/2014 13:04:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:05:05)

09 - Repair Hosts File
   Start (22/07/2014 13:05:05)
   Running Repair Under System Account
   Done (22/07/2014 13:05:08)

10 - Remove Policies Set By Infections
   Start (22/07/2014 13:05:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:05:14)

11 - Repair Start Menu Icons Removed By Infections
   Start (22/07/2014 13:05:14)
   Running Repair Under System Account
   Done (22/07/2014 13:05:17)

12 - Repair Icons
   Start (22/07/2014 13:05:17)
   Running Repair Under Current User Account
   Done (22/07/2014 13:05:20)

13 - Repair Winsock & DNS Cache
   Start (22/07/2014 13:05:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:05:35)

15 - Repair Proxy Settings
   Start (22/07/2014 13:05:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:05:41)

17 - Repair Windows Updates
   Start (22/07/2014 13:05:41)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:05:55)

18 - Repair CD/DVD Missing/Not Working
   Start (22/07/2014 13:05:55)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (22/07/2014 13:05:55)

19 - Repair Volume Shadow Copy Service
   Start (22/07/2014 13:05:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:06:18)

21 - Repair MSI (Windows Installer)
   Start (22/07/2014 13:06:18)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:06:28)

23.01 - Repair bat Association
   Start (22/07/2014 13:06:28)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:06:34)

23.02 - Repair cmd Association
   Start (22/07/2014 13:06:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:06:40)

23.03 - Repair com Association
   Start (22/07/2014 13:06:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:06:46)

23.04 - Repair Directory Association
   Start (22/07/2014 13:06:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:06:52)

23.05 - Repair Drive Association
   Start (22/07/2014 13:06:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:06:58)

23.06 - Repair exe Association
   Start (22/07/2014 13:06:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:07:05)

23.07 - Repair Folder Association
   Start (22/07/2014 13:07:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:07:11)

23.08 - Repair inf Association
   Start (22/07/2014 13:07:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:07:17)

23.09 - Repair lnk (Shortcuts) Association
   Start (22/07/2014 13:07:17)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:07:23)

23.10 - Repair msc Association
   Start (22/07/2014 13:07:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:07:29)

23.11 - Repair reg Association
   Start (22/07/2014 13:07:29)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:07:35)

23.12 - Repair scr Association
   Start (22/07/2014 13:07:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:07:42)

24 - Repair Windows Safe Mode
   Start (22/07/2014 13:07:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:07:48)

25 - Repair Print Spooler
   Start (22/07/2014 13:07:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:08:04)

26 - Restore Important Windows Services
   Start (22/07/2014 13:08:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:08:10)

27 - Set Windows Services To Default Startup
   Start (22/07/2014 13:08:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 13:08:16)

28 - Repair Windows 8 App Store
   Start (22/07/2014 13:08:16)

Decompressing & Updating Windows 8 Permission File hkcu.txt
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Done (22/07/2014 13:08:45)

29 - Repair Windows 8 Component Store
   Start (22/07/2014 13:08:45)
   Running Repair Under Current User Account
   Done (22/07/2014 14:26:57)

30 - Restore Windows 8 COM+ Unmarshalers
   Start (22/07/2014 14:26:57)
   Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>

SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Toegang geweigerd.

   Done (22/07/2014 14:27:00)

31 - Repair Windows 'New' Submenu
   Start (22/07/2014 14:27:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/07/2014 14:27:07)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (22/07/2014 14:27:07)
   Total Repair Time: 01:34:27


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
 



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 26 July 2014 - 11:41 AM

Lets run a couple other wscans for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
.

 

2.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option   YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

 

Things to include in your next reply::

MBAM log

Eset log

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 28 July 2014 - 12:26 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 01 August 2014 - 07:25 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users