Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tough virus not detected by MBAM


  • This topic is locked This topic is locked
27 replies to this topic

#1 TrustThisPenguin

TrustThisPenguin

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 14 July 2014 - 08:52 PM

Hi, I was the one who made this post about something that prevented MBAM from installing on its own or via Chameleon + rkill does not help.

 

It messed with file permissions, so the psr.exe that I downloaded (which caused the problem) is hidden in Windows Explorer even with show hidden files enabled, and I can't delete it. The other offending files that it created are hidden too (except in WinRAR) and can't be deleted either.

 

Somehow I got MBAM to scan once, and it found the other files the virus created, but not the original psr.exe that's still unremovable in my Downloads folder. Restarting however resulted in the virus coming back and uninstalling MBAM.

 

Trying to run DDS got me the attached screenshot. There's no option in the properties to stop it from running in compatibility.

Attached Files



BC AdBot (Login to Remove)

 


#2 TrustThisPenguin

TrustThisPenguin
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 14 July 2014 - 08:58 PM

Oh, and it just disabled Windows Defender on the latest boot (not that it was helping anyway).



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:41 PM

Posted 19 July 2014 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

The DDS tool is not compatible with Windows 8. This one will run.

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#4 TrustThisPenguin

TrustThisPenguin
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 19 July 2014 - 10:53 AM

AdwCleaner won't finish scanning. It just says "Pending. Please uncheck items you don't wish to remove" above the scan bar, which shows no progress.

 

Here is FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Jeffrey (administrator) on LIVINGROOM-PC on 19-07-2014 11:37:53
Running from F:\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) F:\Downloads\psr\psr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe
() C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
() C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Micro-Star Int'l Co., Ltd.) C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe
() C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(MSI) C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
(MSI) C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
(MSI) C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Nuance Communications, Inc.) F:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Micro-Star International) C:\MSI\Smart Utilities\SuperRAIDSvc.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRISCT.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Flux Software LLC) C:\Users\Jeffrey\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Google Inc.) C:\Users\Jeffrey\AppData\Local\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Dropbox, Inc.) C:\Users\Jeffrey\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nuance Communications, Inc.) F:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
(Nuance Communications, Inc.) F:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Jeffrey\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-07-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [797680 2014-05-22] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => F:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => F:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => F:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [607592 2011-07-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => F:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [605032 2011-06-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => F:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [f.lux] => C:\Users\Jeffrey\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-01-31] (AMD)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [Google Update] => C:\Users\Jeffrey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-13] (Google Inc.)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [22688416 2014-05-21] (Microsoft Corporation)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [DAEMON Tools Lite] => F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Winlogon: [Shell] F:\Downloads\psr\psr.exe [329728 2014-07-13] (Microsoft Corporation) <==== ATTENTION 
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jeffrey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC394D9F113FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> F:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - F:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Jeffrey\AppData\Local\Roblox\Versions\version-1112937d32504d8c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Jeffrey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jeffrey\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: hxxp://www.wolframalpha.com/
CHR StartupUrls: "hxxp://www.wolframalpha.com/", "hxxp://www.google.com/", "hxxp://www.google.com"
CHR NewTab: "chrome-extension://ojhmphdkpgbibohbnpbfiefkgieacjmh/index.html"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-04-10]
CHR Extension: (Google Docs) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]
CHR Extension: (YouTube Center Developer Build) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj [2014-05-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-16]
CHR Extension: (Facebook) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-03-16]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-07-04]
CHR Extension: (Adblock Plus) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-16]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2014-06-23]
CHR Extension: (Google Search) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-16]
CHR Extension: (Search by Image (by Google)) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-03-16]
CHR Extension: (Tampermonkey) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-07-04]
CHR Extension: (Google News) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-03-16]
CHR Extension: (Google+) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-03-16]
CHR Extension: (Google Calendar) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-16]
CHR Extension: (YouTube Center) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajdnnooakmbbclhphfffkpafehdmgk [2014-07-04]
CHR Extension: (Allow Right-Click) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2014-03-16]
CHR Extension: (Deathamns) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2014-03-16]
CHR Extension: (Dropbox) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-03-16]
CHR Extension: (Google Forms) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2014-03-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-03-16]
CHR Extension: (StayFocusd) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-03-16]
CHR Extension: (Evernote Web) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-16]
CHR Extension: (Skype Click to Call) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-29]
CHR Extension: (Google Maps) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-03-16]
CHR Extension: (Best Simple Facebook Notifications) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\meofonckdkomjeigbnlkgbfmcjfoboem [2014-03-16]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-03-16]
CHR Extension: (Google Play Books) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-03-16]
CHR Extension: (Hangouts) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-16]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2014-03-16]
CHR Extension: (Currently) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2014-07-01]
CHR Extension: (Google Quick Scroll) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-03-16]
CHR Extension: (Gmail) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2101248 2014-03-24] (MSI) [File not signed]
R2 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4023808 2014-05-22] () [File not signed]
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2118144 2014-05-15] () [File not signed]
R2 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4159488 2014-05-07] () [File not signed]
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1997824 2014-05-19] () [File not signed]
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2248704 2014-05-05] () [File not signed]
R2 MSIFileSyncMonitor; C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe [13824 2013-09-04] (Micro-Star Int'l Co., Ltd.) [File not signed]
R2 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2063872 2014-04-28] () [File not signed]
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [540672 2014-05-05] () [File not signed]
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_SuiteCharger; C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe [140272 2013-02-19] (MSI)
R2 MSI_SuiteComCen; C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe [333296 2013-05-03] (MSI)
R2 MSI_SuiteFastBoot; C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe [105016 2012-10-26] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 PDFProFiltSrvPP; F:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
R2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-04-15] (Cisco Consumer Products LLC)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [27632 2014-04-30] (Micro-Star International)
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2013-11-30] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AM10; C:\Windows\system32\DRIVERS\am10w7.sys [1101600 2010-03-23] (Ralink Technology Corp.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-02] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-07-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_1_S; C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 NTIOLib_MSIFrequency_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
R3 NTIOLib_SuiteComCen; C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [13808 2013-04-15] (MSI)
R3 NTIOLib_SuiteFB; C:\MSI\MSI SUITE\FastBoot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2014-05-15] (Splashtop Inc.)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_1; \??\C:\MSI\Super RAID\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-19 11:37 - 2014-07-19 11:37 - 00000000 ____D () C:\FRST
2014-07-19 11:22 - 2014-07-19 11:34 - 00000000 ____D () C:\AdwCleaner
2014-07-19 11:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-15 16:33 - 2014-07-15 16:33 - 00003184 ____N () C:\bootsqm.dat
2014-07-14 18:20 - 2014-07-13 19:22 - 00329728 ___SH (Microsoft Corporation) C:\Users\Jeffrey\AppData\Roaming\csrss.exe
2014-07-14 18:15 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-07-14 18:14 - 2014-07-14 18:14 - 00000036 _____ () C:\Users\Jeffrey\AppData\Local\housecall.guid.cache
2014-07-14 18:04 - 2014-07-19 11:32 - 00211052 _____ () C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
2014-07-14 12:54 - 2014-07-14 21:34 - 00002164 _____ () C:\Windows\PFRO.log
2014-07-14 12:38 - 2014-07-14 18:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 12:38 - 2014-07-14 12:38 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 12:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 12:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 12:16 - 2014-07-14 12:16 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LIVINGROOM-PC-Microsoft-Windows-8.1-Pro-(64-bit).dat
2014-07-14 12:16 - 2014-07-14 12:16 - 00000000 ____D () C:\RegBackup
2014-07-14 12:11 - 2014-07-14 13:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 12:08 - 2014-07-14 12:08 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-14 10:59 - 2014-07-14 10:59 - 381242355 _____ () C:\Windows\MEMORY.DMP
2014-07-14 10:59 - 2014-07-14 10:59 - 00281392 _____ () C:\Windows\Minidump\071414-7734-01.dmp
2014-07-14 10:55 - 2014-07-19 11:35 - 00000000 __SHD () C:\Windows\SysWOW64\NT Kernel
2014-07-13 19:41 - 2014-07-14 14:03 - 00002282 _____ () C:\Users\Jeffrey\Desktop\Rkill.txt
2014-07-13 19:41 - 2014-07-13 19:41 - 00000000 ____D () C:\Users\Jeffrey\Desktop\rkill
2014-07-13 19:29 - 2014-07-19 11:36 - 00001410 _____ () C:\Windows\setupact.log
2014-07-13 19:29 - 2014-07-13 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 19:22 - 2014-07-19 11:38 - 00000000 __SHD () C:\ProgramData\NT Kernel
2014-07-12 23:15 - 2014-07-14 13:40 - 00204842 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 11:36 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 11:34 - 2014-07-09 11:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 09:38 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:38 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:38 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:38 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:38 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 09:38 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 09:38 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 09:38 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 09:38 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 09:38 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:35 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:35 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:35 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:35 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:35 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:35 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:35 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:35 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:35 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:35 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:35 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:35 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:35 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:35 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:35 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:35 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:35 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:35 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:35 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:35 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:35 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:35 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:35 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:35 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:35 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:35 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:35 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:34 - 2014-06-30 18:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 09:34 - 2014-06-28 03:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 09:34 - 2014-06-28 03:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 09:34 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:34 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:34 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 09:34 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 09:34 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 09:34 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 09:34 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 09:34 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 09:34 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 09:34 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 09:34 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 09:34 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 09:34 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 09:34 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 09:34 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 09:34 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 09:34 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 09:14 - 2014-07-09 09:14 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-06-29 09:18 - 2014-06-29 09:18 - 00000000 ____D () C:\ProgramData\Splashtop
2014-06-28 18:55 - 2014-06-28 18:55 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-06-28 18:54 - 2014-06-28 18:54 - 00000000 ____D () C:\Program Files\Nuance
2014-06-28 18:53 - 2014-06-28 18:53 - 00001886 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-06-28 18:53 - 2014-06-28 18:53 - 00001838 _____ () C:\Users\Public\Desktop\PaperPort.lnk
2014-06-28 18:52 - 2014-06-28 18:52 - 00000000 ____D () C:\Windows\PIXTRAN
2014-06-28 18:46 - 2014-06-28 18:47 - 00000000 ____D () C:\Users\Jeffrey\Temp
2014-06-25 12:32 - 2014-07-10 10:06 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-06-25 12:32 - 2014-06-25 12:55 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\Roblox
 
==================== One Month Modified Files and Folders =======
 
2014-07-19 11:38 - 2014-07-13 19:22 - 00000000 __SHD () C:\ProgramData\NT Kernel
2014-07-19 11:37 - 2014-07-19 11:37 - 00000000 ____D () C:\FRST
2014-07-19 11:37 - 2014-05-29 18:22 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Skype
2014-07-19 11:36 - 2014-07-13 19:29 - 00001410 _____ () C:\Windows\setupact.log
2014-07-19 11:36 - 2014-05-02 20:26 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\DropboxMaster
2014-07-19 11:36 - 2013-11-30 18:05 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Dropbox
2014-07-19 11:36 - 2013-11-30 17:42 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\ClassicShell
2014-07-19 11:35 - 2014-07-14 10:55 - 00000000 __SHD () C:\Windows\SysWOW64\NT Kernel
2014-07-19 11:35 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-19 11:34 - 2014-07-19 11:22 - 00000000 ____D () C:\AdwCleaner
2014-07-19 11:32 - 2014-07-14 18:04 - 00211052 _____ () C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
2014-07-19 11:21 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-18 12:32 - 2014-03-16 17:34 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-15 20:05 - 2013-09-30 00:12 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 16:33 - 2014-07-15 16:33 - 00003184 ____N () C:\bootsqm.dat
2014-07-15 16:28 - 2013-11-28 10:57 - 00000000 ____D () C:\Users\Jeffrey
2014-07-15 10:16 - 2013-12-15 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-07-15 10:11 - 2014-06-01 12:41 - 00010859 _____ () C:\Windows\SysWOW64\Utility.xml
2014-07-14 21:34 - 2014-07-14 12:54 - 00002164 _____ () C:\Windows\PFRO.log
2014-07-14 18:14 - 2014-07-14 18:14 - 00000036 _____ () C:\Users\Jeffrey\AppData\Local\housecall.guid.cache
2014-07-14 18:02 - 2014-07-14 12:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 14:03 - 2014-07-13 19:41 - 00002282 _____ () C:\Users\Jeffrey\Desktop\Rkill.txt
2014-07-14 13:40 - 2014-07-12 23:15 - 00204842 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 13:31 - 2014-07-14 12:11 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 13:15 - 2014-01-29 20:05 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\CrashDumps
2014-07-14 13:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Help
2014-07-14 13:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\ADFS
2014-07-14 12:54 - 2013-11-28 10:57 - 00000000 ____D () C:\Windows\CSC
2014-07-14 12:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Resources
2014-07-14 12:38 - 2014-07-14 12:38 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 12:34 - 2013-08-22 10:44 - 05200424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 12:16 - 2014-07-14 12:16 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LIVINGROOM-PC-Microsoft-Windows-8.1-Pro-(64-bit).dat
2014-07-14 12:16 - 2014-07-14 12:16 - 00000000 ____D () C:\RegBackup
2014-07-14 12:08 - 2014-07-14 12:08 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-14 11:08 - 2013-11-28 10:57 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\VirtualStore
2014-07-14 10:59 - 2014-07-14 10:59 - 381242355 _____ () C:\Windows\MEMORY.DMP
2014-07-14 10:59 - 2014-07-14 10:59 - 00281392 _____ () C:\Windows\Minidump\071414-7734-01.dmp
2014-07-14 10:08 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-13 19:41 - 2014-07-13 19:41 - 00000000 ____D () C:\Users\Jeffrey\Desktop\rkill
2014-07-13 19:29 - 2014-07-13 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 19:28 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 19:22 - 2014-07-14 18:20 - 00329728 ___SH (Microsoft Corporation) C:\Users\Jeffrey\AppData\Roaming\csrss.exe
2014-07-13 19:17 - 2013-11-28 11:02 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3324928563-3230508422-266313915-1001
2014-07-13 19:15 - 2013-11-28 11:00 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC07C0E0-4DBE-4901-8CC2-D03E22C7999A}
2014-07-13 19:14 - 2014-02-18 17:55 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-13 19:13 - 2014-02-18 19:52 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LIVINGROOM-PC-Jeffrey LivingRoom-PC
2014-07-13 19:12 - 2013-11-28 11:08 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 14:12 - 2013-11-28 11:08 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 13:36 - 2014-02-13 14:15 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001UA.job
2014-07-12 22:08 - 2013-11-28 10:57 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\Packages
2014-07-12 22:01 - 2014-03-02 11:03 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-12 16:36 - 2014-02-13 14:15 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001Core.job
2014-07-12 15:37 - 2014-02-18 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 15:36 - 2014-02-18 17:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-11 22:36 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-11 22:06 - 2014-06-04 20:40 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\PMB Files
2014-07-11 22:06 - 2014-06-04 20:40 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-10 10:06 - 2014-06-25 12:32 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 13:45 - 2013-09-29 23:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 11:42 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-07-09 11:41 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-09 11:40 - 2013-11-29 21:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 11:39 - 2013-11-29 21:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 11:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-07-09 11:34 - 2014-07-09 11:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 09:14 - 2014-07-09 09:14 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-08 18:14 - 2014-01-15 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-02 18:25 - 2014-05-29 19:01 - 00000000 ____D () C:\ProgramData\Origin
2014-07-02 15:51 - 2013-11-30 17:49 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\.minecraft
2014-07-02 14:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-01 17:04 - 2014-02-09 12:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-30 18:45 - 2014-07-09 09:34 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 09:18 - 2014-06-29 09:18 - 00000000 ____D () C:\ProgramData\Splashtop
2014-06-28 21:06 - 2014-03-09 11:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 18:55 - 2014-06-28 18:55 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-06-28 18:55 - 2014-03-02 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-06-28 18:55 - 2014-03-02 11:03 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-06-28 18:54 - 2014-06-28 18:54 - 00000000 ____D () C:\Program Files\Nuance
2014-06-28 18:54 - 2014-03-02 11:03 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Zeon
2014-06-28 18:54 - 2014-03-02 11:03 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\.oit
2014-06-28 18:54 - 2014-02-28 19:48 - 00000000 ____D () C:\ProgramData\Nuance
2014-06-28 18:53 - 2014-06-28 18:53 - 00001886 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-06-28 18:53 - 2014-06-28 18:53 - 00001838 _____ () C:\Users\Public\Desktop\PaperPort.lnk
2014-06-28 18:53 - 2014-02-28 19:48 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-06-28 18:52 - 2014-06-28 18:52 - 00000000 ____D () C:\Windows\PIXTRAN
2014-06-28 18:47 - 2014-06-28 18:46 - 00000000 ____D () C:\Users\Jeffrey\Temp
2014-06-28 03:48 - 2014-07-09 09:34 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 03:07 - 2014-07-09 09:34 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-26 17:39 - 2014-06-01 15:52 - 00000000 ___HD () C:\MSIServiceCfg_CC
2014-06-26 16:55 - 2013-08-22 11:38 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 16:55 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 14:46 - 2013-11-28 11:07 - 00000000 ____D () C:\MSI
2014-06-25 12:55 - 2014-06-25 12:32 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\Roblox
2014-06-24 16:07 - 2013-11-28 11:08 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 16:07 - 2013-11-28 11:08 - 00003664 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 16:06 - 2014-06-01 14:49 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-22 22:30 - 2013-12-01 16:19 - 00007989 _____ () C:\Windows\BRRBCOM.INI
2014-06-21 16:31 - 2014-02-13 14:15 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001UA
2014-06-21 16:31 - 2014-02-13 14:15 - 00003514 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001Core
 
Files to move or delete:
====================
C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
 
 
Some content of TEMP:
====================
C:\Users\Jeffrey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptxsuc8.dll
C:\Users\Jeffrey\AppData\Local\Temp\mbam-setup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-21 12:40
 
==================== End Of Log ============================
 
 
Here is the AdwCleaner log, even though the scan wouldn't finish:
 
# AdwCleaner v3.216 - Report created 19/07/2014 at 11:22:33
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Jeffrey - LIVINGROOM-PC
# Running from : F:\Downloads\adwcleaner_3.216.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
Folder Found : C:\ProgramData\Tarma Installer
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1424 octets] - [19/07/2014 11:22:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1484 octets] ##########
 

 

Attached Files



#5 TrustThisPenguin

TrustThisPenguin
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 19 July 2014 - 11:08 AM

Modified file permissions in Program Files and ProgramData are still preventing me from installing programs (they're read-only and hidden, and I can't change that because it's telling me I need permission even though I'm the only account on this PC.)

 

I'm pretty sure the keylogger is still running because the process is still there.

 

I can't delete psr.exe in my Downloads folder, which is where the malware process originates from and is hidden in Windows Explorer (but not WinRAR).

 

Windows Defender is disabled. 

 

Chameleon successfully downloaded MBAM, but the setup still fails. 

 

Recent rkill log:

 

Rkill 2.6.7 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/19/2014 12:07:23 PM in x64 mode.
Windows Version: Windows 8.1 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\UTSCSI.EXE (PID: 3004) [WD-HEUR]
 * C:\Users\Jeffrey\AppData\Roaming\csrss.exe (PID: 2516) [SFI]
 * C:\Users\Jeffrey\AppData\Roaming\csrss.exe (PID: 5740) [SFI]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\Jeffrey\Desktop\rkill\rkill-07-19-2014-12-07-28.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Modified HKCU\...\Winlogon: [Shell] => explorer.exe,"F:\Downloads\psr\psr.exe"
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * E1G60 [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 07/19/2014 12:07:56 PM
Execution time: 0 hours(s), 0 minute(s), and 32 seconds(s)


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:41 PM

Posted 19 July 2014 - 12:56 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Winlogon: [Shell] F:\Downloads\psr\psr.exe [329728 2014-07-13] (Microsoft Corporation) <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
CHR Plugin: (Google Update) - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_1; \??\C:\MSI\Super RAID\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3
F:\Downloads\psr
C:\Program Files (x86)\Splashtop
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

====

After the restart of the computer run the AdwCleaner tool and clean everything that will be found.

Post the log for my review.

How is the computer running now?

#7 TrustThisPenguin

TrustThisPenguin
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 19 July 2014 - 01:27 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by Jeffrey at 2014-07-19 14:13:18 Run:1
Running from F:\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Winlogon: [Shell] F:\Downloads\psr\psr.exe [329728 2014-07-13] (Microsoft Corporation) <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
CHR Plugin: (Google Update) - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_1; \??\C:\MSI\Super RAID\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3
F:\Downloads\psr
C:\Program Files (x86)\Splashtop
End
*****************
 
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe' => Key deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\ica' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect' => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll" => not found.
C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll not found.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_1 => Service deleted successfully.
NTIOLib_1_0_4 => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
vmci => Service deleted successfully.
VMnetAdapter => Service deleted successfully.
C:\ProgramData\TEMP => ":FD9CE1F3" ADS removed successfully.
 
"F:\Downloads\psr" directory move:
 
Could not move "F:\Downloads\psr\psr.exe" => Scheduled to move on reboot.
Could not move "F:\Downloads\psr" directory. => Scheduled to move on reboot.
 
 
"C:\Program Files (x86)\Splashtop" directory move:
 
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\DefaultUI.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUAgent.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUAPI.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUClient.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\WCXInst.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\Temp\SRFeature.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Acknowledgements.htm => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\amf-vcedem-win32.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\dbghelp.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Elevator.exe => Moved successfully.
Could not move "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\isct_log.txt" => Scheduled to move on reboot.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcelt-0.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libmp4v2.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libx264-116.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\NvFBC.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PinShortCut.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PkgHelper.dll => Moved successfully.
Could not move "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SPLog.txt" => Scheduled to move on reboot.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SPLog.txt.bak => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\spupnp.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAdemWrapper.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppBS.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioResample.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRClient.pem => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiCaptor.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRISCT.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSendLog.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.pem => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdate.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdateInstall.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264Wrapper.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\WBAppVidRec.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\hidkmdf.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\inst.log => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\install_driver.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\install_driver64.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.cat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.inf => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\uninstall_driver.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\uninstall_driver64.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\WdfCoInstaller01009.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon64.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd64.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\StHidNotSupport.reg => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\StHidSupport.reg => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\hidkmdf.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\sthid.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\WdfCoInstaller01009.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\STRLOG\splashtop.bl => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppAnnotation.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppBrowser.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppCam.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppED.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppFileHound.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\dump\SRS_20140713_10_19_49_6060.dmp => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\install.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\installWin7.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\installWin7_64.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.cat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.inf => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\Mirror2Extend.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.dll => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\install_driver.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\install_driver64.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.cat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.inf => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\uninstall_driver.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\uninstall_driver64.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon64.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd64.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\64bits\stdpms.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\install_driver.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\install_driver64.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.cat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.inf => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.sys => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\uninstall_driver.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\uninstall_driver64.bat => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon64.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd64.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum64.exe => Moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\64bits\stgamepad.sys => Moved successfully.
Could not move "C:\Program Files (x86)\Splashtop" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-19 14:14:29)<=
 
"F:\Downloads\psr\psr.exe" => File could not move.
"F:\Downloads\psr" => Directory could not move.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\isct_log.txt => Is moved successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SPLog.txt => Is moved successfully.
C:\Program Files (x86)\Splashtop => Is moved successfully.
 
==== End of Fixlog ====
 
 
 
 
Here is AdwCleaner's log:
 

# AdwCleaner v3.216 - Report created 19/07/2014 at 14:23:40
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Jeffrey - LIVINGROOM-PC
# Running from : F:\Downloads\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Tarma Installer
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1576 octets] - [19/07/2014 11:22:33]
AdwCleaner[R1].txt - [1636 octets] - [19/07/2014 11:25:48]
AdwCleaner[R2].txt - [1696 octets] - [19/07/2014 11:33:50]
AdwCleaner[R3].txt - [1756 octets] - [19/07/2014 11:38:51]
AdwCleaner[R4].txt - [1816 octets] - [19/07/2014 14:16:26]
AdwCleaner[S0].txt - [1743 octets] - [19/07/2014 14:23:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1803 octets] ##########

Edited by TrustThisPenguin, 19 July 2014 - 01:29 PM.


#8 TrustThisPenguin

TrustThisPenguin
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 19 July 2014 - 01:39 PM

It appears that psr.exe is still there, and so is the Steps Recorder process that originates from it.

 

Windows Defender is enabled again.

 

Nothing else seems to have been fixed. 

 

I should mention that the infection doesn't show any adware.

 

Rkill showed stuff again:

 

Rkill 2.6.7 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/19/2014 02:35:07 PM in x64 mode.
Windows Version: Windows 8.1 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\UTSCSI.EXE (PID: 2840) [WD-HEUR]
 * C:\Users\Jeffrey\AppData\Roaming\csrss.exe (PID: 7416) [SFI]
 * C:\Users\Jeffrey\AppData\Roaming\csrss.exe (PID: 4968) [SFI]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Modified HKCU\...\Winlogon: [Shell] => explorer.exe,"F:\Downloads\psr\psr.exe"
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * E1G60 [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 07/19/2014 02:35:41 PM
Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)


#9 TrustThisPenguin

TrustThisPenguin
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 19 July 2014 - 01:41 PM

The only visible effect is that on startup, my desktop seems to load more slowly than before I downloaded that file and the infection started (and I have an SSD, it used to be almost instant.)

 

And that's not including the changes to file permissions.


Edited by TrustThisPenguin, 19 July 2014 - 01:43 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:41 PM

Posted 20 July 2014 - 07:34 AM

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please post also a fresh FRST log for my review.

#11 TrustThisPenguin

TrustThisPenguin
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 20 July 2014 - 10:18 AM

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Jeffrey [Admin rights]
Mode : Remove -- Date : 07/20/2014  11:11:42
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[PUM.SysRestore] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 3 (Driver: LOADED) ¤¤¤
[IAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0x11200040
[IAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0x11200020
[IAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0x11200000
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Patriot Torqx 2 64GB SSD +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Cisco AM10 USB Device +++++
--- User ---
[MBR] d563707c095d40065400ed873e283cc5
[BSP] dec9f0908d0564afbcbcc26fa1ab4266 : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 32 | Size: 123 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_07202014_110957.log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Jeffrey (administrator) on LIVINGROOM-PC on 20-07-2014 11:14:19
Running from F:\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(Micro-Star Int'l Co., Ltd.) C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(MSI) C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
(MSI) C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
(MSI) C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Nuance Communications, Inc.) F:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
(Micro-Star International) C:\MSI\Smart Utilities\SuperRAIDSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Flux Software LLC) C:\Users\Jeffrey\AppData\Local\FluxSoftware\Flux\flux.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google Inc.) C:\Users\Jeffrey\AppData\Local\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Dropbox, Inc.) C:\Users\Jeffrey\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nuance Communications, Inc.) F:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nuance Communications, Inc.) F:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) F:\Downloads\psr\psr.exe
(Microsoft Corporation) C:\Users\Jeffrey\AppData\Roaming\csrss.exe
(Microsoft Corporation) C:\Users\Jeffrey\AppData\Roaming\csrss.exe
() F:\Downloads\RogueKillerX64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-07-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [797680 2014-05-22] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => F:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => F:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => F:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [607592 2011-07-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => F:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [605032 2011-06-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => F:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [f.lux] => C:\Users\Jeffrey\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-01-31] (AMD)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [Google Update] => C:\Users\Jeffrey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-13] (Google Inc.)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [22688416 2014-05-21] (Microsoft Corporation)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [DAEMON Tools Lite] => F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Winlogon: [Shell] F:\Downloads\psr\psr.exe [329728 2014-07-19] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jeffrey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC394D9F113FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> F:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - F:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Jeffrey\AppData\Local\Roblox\Versions\version-1112937d32504d8c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Jeffrey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jeffrey\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: hxxp://www.wolframalpha.com/
CHR StartupUrls: "hxxp://www.wolframalpha.com/", "hxxp://www.google.com/", "hxxp://www.google.com"
CHR NewTab: "chrome-extension://ojhmphdkpgbibohbnpbfiefkgieacjmh/index.html"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-04-10]
CHR Extension: (Google Docs) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]
CHR Extension: (YouTube Center Developer Build) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj [2014-05-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-16]
CHR Extension: (Facebook) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-03-16]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-07-04]
CHR Extension: (Adblock Plus) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-16]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2014-06-23]
CHR Extension: (Google Search) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-16]
CHR Extension: (Search by Image (by Google)) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-03-16]
CHR Extension: (Tampermonkey) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-07-04]
CHR Extension: (Google News) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-03-16]
CHR Extension: (Google+) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-03-16]
CHR Extension: (Google Calendar) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-16]
CHR Extension: (YouTube Center) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajdnnooakmbbclhphfffkpafehdmgk [2014-07-04]
CHR Extension: (Allow Right-Click) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2014-03-16]
CHR Extension: (Deathamns) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2014-03-16]
CHR Extension: (Dropbox) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-03-16]
CHR Extension: (Google Forms) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2014-03-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-03-16]
CHR Extension: (StayFocusd) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-03-16]
CHR Extension: (Evernote Web) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-16]
CHR Extension: (Skype Click to Call) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-29]
CHR Extension: (Google Maps) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-03-16]
CHR Extension: (Best Simple Facebook Notifications) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\meofonckdkomjeigbnlkgbfmcjfoboem [2014-03-16]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-03-16]
CHR Extension: (Google Play Books) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-03-16]
CHR Extension: (Hangouts) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-16]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2014-03-16]
CHR Extension: (Currently) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2014-07-01]
CHR Extension: (Google Quick Scroll) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-03-16]
CHR Extension: (Gmail) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2101248 2014-03-24] (MSI) [File not signed]
S2 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4023808 2014-05-22] () [File not signed]
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2118144 2014-05-15] () [File not signed]
S2 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4159488 2014-05-07] () [File not signed]
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1997824 2014-05-19] () [File not signed]
S2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2248704 2014-05-05] () [File not signed]
R2 MSIFileSyncMonitor; C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe [13824 2013-09-04] (Micro-Star Int'l Co., Ltd.) [File not signed]
S2 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2063872 2014-04-28] () [File not signed]
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [540672 2014-05-05] () [File not signed]
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_SuiteCharger; C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe [140272 2013-02-19] (MSI)
R2 MSI_SuiteComCen; C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe [333296 2013-05-03] (MSI)
R2 MSI_SuiteFastBoot; C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe [105016 2012-10-26] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 PDFProFiltSrvPP; F:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
R2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-04-15] (Cisco Consumer Products LLC)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [27632 2014-04-30] (Micro-Star International)
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2013-11-30] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [X]
S2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 AM10; C:\Windows\system32\DRIVERS\am10w7.sys [1101600 2010-03-23] (Ralink Technology Corp.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-02] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-07-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_1_S; C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 NTIOLib_MSIFrequency_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
R3 NTIOLib_SuiteComCen; C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [13808 2013-04-15] (MSI)
R3 NTIOLib_SuiteFB; C:\MSI\MSI SUITE\FastBoot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2014-05-15] (Splashtop Inc.)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-20] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-20 11:05 - 2014-07-20 11:05 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 11:05 - 2014-07-20 11:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-19 11:37 - 2014-07-20 11:14 - 00000000 ____D () C:\FRST
2014-07-19 11:22 - 2014-07-19 14:23 - 00000000 ____D () C:\AdwCleaner
2014-07-19 11:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-15 16:33 - 2014-07-15 16:33 - 00003184 ____N () C:\bootsqm.dat
2014-07-14 18:20 - 2014-07-19 14:16 - 00329728 ___SH (Microsoft Corporation) C:\Users\Jeffrey\AppData\Roaming\csrss.exe
2014-07-14 18:15 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-07-14 18:14 - 2014-07-14 18:14 - 00000036 _____ () C:\Users\Jeffrey\AppData\Local\housecall.guid.cache
2014-07-14 18:04 - 2014-07-20 11:12 - 00307180 _____ () C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
2014-07-14 12:54 - 2014-07-19 14:24 - 00003074 _____ () C:\Windows\PFRO.log
2014-07-14 12:38 - 2014-07-14 18:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 12:38 - 2014-07-14 12:38 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 12:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 12:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 12:16 - 2014-07-14 12:16 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LIVINGROOM-PC-Microsoft-Windows-8.1-Pro-(64-bit).dat
2014-07-14 12:16 - 2014-07-14 12:16 - 00000000 ____D () C:\RegBackup
2014-07-14 12:11 - 2014-07-14 13:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 12:08 - 2014-07-14 12:08 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-14 10:59 - 2014-07-14 10:59 - 381242355 _____ () C:\Windows\MEMORY.DMP
2014-07-14 10:59 - 2014-07-14 10:59 - 00281392 _____ () C:\Windows\Minidump\071414-7734-01.dmp
2014-07-14 10:55 - 2014-07-19 11:35 - 00000000 __SHD () C:\Windows\SysWOW64\NT Kernel
2014-07-13 19:41 - 2014-07-19 14:35 - 00002532 _____ () C:\Users\Jeffrey\Desktop\Rkill.txt
2014-07-13 19:41 - 2014-07-19 12:07 - 00000000 ____D () C:\Users\Jeffrey\Desktop\rkill
2014-07-13 19:29 - 2014-07-19 14:24 - 00001692 _____ () C:\Windows\setupact.log
2014-07-13 19:29 - 2014-07-13 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 19:22 - 2014-07-20 11:01 - 00000000 __SHD () C:\ProgramData\NT Kernel
2014-07-12 23:15 - 2014-07-19 16:09 - 00421098 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 11:36 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 11:34 - 2014-07-09 11:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 09:38 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:38 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:38 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:38 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:38 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 09:38 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 09:38 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 09:38 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 09:38 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 09:38 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:35 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:35 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:35 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:35 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:35 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:35 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:35 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:35 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:35 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:35 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:35 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:35 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:35 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:35 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:35 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:35 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:35 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:35 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:35 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:35 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:35 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:35 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:35 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:35 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:35 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:35 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:35 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:34 - 2014-06-30 18:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 09:34 - 2014-06-28 03:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 09:34 - 2014-06-28 03:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 09:34 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:34 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:34 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 09:34 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 09:34 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 09:34 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 09:34 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 09:34 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 09:34 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 09:34 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 09:34 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 09:34 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 09:34 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 09:34 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 09:34 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 09:34 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 09:34 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 09:14 - 2014-07-09 09:14 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-06-29 09:18 - 2014-06-29 09:18 - 00000000 ____D () C:\ProgramData\Splashtop
2014-06-28 18:55 - 2014-06-28 18:55 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-06-28 18:54 - 2014-06-28 18:54 - 00000000 ____D () C:\Program Files\Nuance
2014-06-28 18:53 - 2014-06-28 18:53 - 00001886 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-06-28 18:53 - 2014-06-28 18:53 - 00001838 _____ () C:\Users\Public\Desktop\PaperPort.lnk
2014-06-28 18:52 - 2014-06-28 18:52 - 00000000 ____D () C:\Windows\PIXTRAN
2014-06-28 18:46 - 2014-06-28 18:47 - 00000000 ____D () C:\Users\Jeffrey\Temp
2014-06-25 12:32 - 2014-07-10 10:06 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-06-25 12:32 - 2014-06-25 12:55 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\Roblox
 
==================== One Month Modified Files and Folders =======
 
2014-07-20 11:14 - 2014-07-19 11:37 - 00000000 ____D () C:\FRST
2014-07-20 11:14 - 2014-05-29 18:22 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Skype
2014-07-20 11:14 - 2013-11-30 17:42 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\ClassicShell
2014-07-20 11:12 - 2014-07-14 18:04 - 00307180 _____ () C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
2014-07-20 11:05 - 2014-07-20 11:05 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 11:05 - 2014-07-20 11:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 11:05 - 2013-11-28 10:57 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\VirtualStore
2014-07-20 11:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-20 11:01 - 2014-07-13 19:22 - 00000000 __SHD () C:\ProgramData\NT Kernel
2014-07-20 10:59 - 2014-05-02 20:26 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\DropboxMaster
2014-07-20 10:59 - 2013-11-30 18:05 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Dropbox
2014-07-19 16:09 - 2014-07-12 23:15 - 00421098 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 14:52 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-19 14:35 - 2014-07-13 19:41 - 00002532 _____ () C:\Users\Jeffrey\Desktop\Rkill.txt
2014-07-19 14:29 - 2013-09-30 00:12 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-19 14:27 - 2014-03-16 17:34 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 14:24 - 2014-07-14 12:54 - 00003074 _____ () C:\Windows\PFRO.log
2014-07-19 14:24 - 2014-07-13 19:29 - 00001692 _____ () C:\Windows\setupact.log
2014-07-19 14:24 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-19 14:23 - 2014-07-19 11:22 - 00000000 ____D () C:\AdwCleaner
2014-07-19 14:16 - 2014-07-14 18:20 - 00329728 ___SH (Microsoft Corporation) C:\Users\Jeffrey\AppData\Roaming\csrss.exe
2014-07-19 14:10 - 2014-01-29 20:05 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\CrashDumps
2014-07-19 12:07 - 2014-07-13 19:41 - 00000000 ____D () C:\Users\Jeffrey\Desktop\rkill
2014-07-19 11:35 - 2014-07-14 10:55 - 00000000 __SHD () C:\Windows\SysWOW64\NT Kernel
2014-07-15 16:33 - 2014-07-15 16:33 - 00003184 ____N () C:\bootsqm.dat
2014-07-15 16:28 - 2013-11-28 10:57 - 00000000 ____D () C:\Users\Jeffrey
2014-07-15 10:16 - 2013-12-15 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-07-15 10:11 - 2014-06-01 12:41 - 00010859 _____ () C:\Windows\SysWOW64\Utility.xml
2014-07-14 18:14 - 2014-07-14 18:14 - 00000036 _____ () C:\Users\Jeffrey\AppData\Local\housecall.guid.cache
2014-07-14 18:02 - 2014-07-14 12:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 13:31 - 2014-07-14 12:11 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 13:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Help
2014-07-14 13:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\ADFS
2014-07-14 12:54 - 2013-11-28 10:57 - 00000000 ____D () C:\Windows\CSC
2014-07-14 12:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Resources
2014-07-14 12:38 - 2014-07-14 12:38 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 12:34 - 2013-08-22 10:44 - 05200424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 12:16 - 2014-07-14 12:16 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LIVINGROOM-PC-Microsoft-Windows-8.1-Pro-(64-bit).dat
2014-07-14 12:16 - 2014-07-14 12:16 - 00000000 ____D () C:\RegBackup
2014-07-14 12:08 - 2014-07-14 12:08 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-14 10:59 - 2014-07-14 10:59 - 381242355 _____ () C:\Windows\MEMORY.DMP
2014-07-14 10:59 - 2014-07-14 10:59 - 00281392 _____ () C:\Windows\Minidump\071414-7734-01.dmp
2014-07-14 10:08 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-13 19:29 - 2014-07-13 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 19:28 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 19:17 - 2013-11-28 11:02 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3324928563-3230508422-266313915-1001
2014-07-13 19:15 - 2013-11-28 11:00 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC07C0E0-4DBE-4901-8CC2-D03E22C7999A}
2014-07-13 19:14 - 2014-02-18 17:55 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-13 19:13 - 2014-02-18 19:52 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LIVINGROOM-PC-Jeffrey LivingRoom-PC
2014-07-13 19:12 - 2013-11-28 11:08 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 14:12 - 2013-11-28 11:08 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 13:36 - 2014-02-13 14:15 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001UA.job
2014-07-12 22:08 - 2013-11-28 10:57 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\Packages
2014-07-12 22:01 - 2014-03-02 11:03 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-12 16:36 - 2014-02-13 14:15 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001Core.job
2014-07-12 15:37 - 2014-02-18 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 15:36 - 2014-02-18 17:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-11 22:06 - 2014-06-04 20:40 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\PMB Files
2014-07-11 22:06 - 2014-06-04 20:40 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-10 10:06 - 2014-06-25 12:32 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 13:45 - 2013-09-29 23:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 11:42 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-07-09 11:41 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-09 11:40 - 2013-11-29 21:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 11:39 - 2013-11-29 21:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 11:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-07-09 11:34 - 2014-07-09 11:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 09:14 - 2014-07-09 09:14 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-08 18:14 - 2014-01-15 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-02 18:25 - 2014-05-29 19:01 - 00000000 ____D () C:\ProgramData\Origin
2014-07-02 15:51 - 2013-11-30 17:49 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\.minecraft
2014-07-02 14:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-01 17:04 - 2014-02-09 12:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-30 18:45 - 2014-07-09 09:34 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 09:18 - 2014-06-29 09:18 - 00000000 ____D () C:\ProgramData\Splashtop
2014-06-28 21:06 - 2014-03-09 11:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 18:55 - 2014-06-28 18:55 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-06-28 18:55 - 2014-03-02 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-06-28 18:55 - 2014-03-02 11:03 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-06-28 18:54 - 2014-06-28 18:54 - 00000000 ____D () C:\Program Files\Nuance
2014-06-28 18:54 - 2014-03-02 11:03 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Zeon
2014-06-28 18:54 - 2014-03-02 11:03 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\.oit
2014-06-28 18:54 - 2014-02-28 19:48 - 00000000 ____D () C:\ProgramData\Nuance
2014-06-28 18:53 - 2014-06-28 18:53 - 00001886 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-06-28 18:53 - 2014-06-28 18:53 - 00001838 _____ () C:\Users\Public\Desktop\PaperPort.lnk
2014-06-28 18:53 - 2014-02-28 19:48 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-06-28 18:52 - 2014-06-28 18:52 - 00000000 ____D () C:\Windows\PIXTRAN
2014-06-28 18:47 - 2014-06-28 18:46 - 00000000 ____D () C:\Users\Jeffrey\Temp
2014-06-28 03:48 - 2014-07-09 09:34 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 03:07 - 2014-07-09 09:34 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-26 17:39 - 2014-06-01 15:52 - 00000000 ___HD () C:\MSIServiceCfg_CC
2014-06-26 16:55 - 2013-08-22 11:38 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 16:55 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 14:46 - 2013-11-28 11:07 - 00000000 ____D () C:\MSI
2014-06-25 12:55 - 2014-06-25 12:32 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\Roblox
2014-06-24 16:07 - 2013-11-28 11:08 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 16:07 - 2013-11-28 11:08 - 00003664 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 16:06 - 2014-06-01 14:49 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-22 22:30 - 2013-12-01 16:19 - 00007989 _____ () C:\Windows\BRRBCOM.INI
2014-06-21 16:31 - 2014-02-13 14:15 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001UA
2014-06-21 16:31 - 2014-02-13 14:15 - 00003514 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001Core
 
Files to move or delete:
====================
C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
 
 
Some content of TEMP:
====================
C:\Users\Jeffrey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpowr98s.dll
C:\Users\Jeffrey\AppData\Local\Temp\mbam-setup.exe
C:\Users\Jeffrey\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-21 12:40
 
==================== End Of Log ============================


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:41 PM

Posted 20 July 2014 - 12:59 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Winlogon: [Shell] F:\Downloads\psr\psr.exe [329728 2014-07-19] (Microsoft Corporation) <==== ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
CHR NewTab: "chrome-extension://ojhmphdkpgbibohbnpbfiefkgieacjmh/index.html"
CHR Plugin: (Google Update) - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [X]
S2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [X]
C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
C:\Users\Jeffrey\AppData\Roaming\csrss.exe
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#13 TrustThisPenguin

TrustThisPenguin
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 20 July 2014 - 04:41 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by Jeffrey at 2014-07-20 17:35:14 Run:2
Running from F:\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Winlogon: [Shell] F:\Downloads\psr\psr.exe [329728 2014-07-19] (Microsoft Corporation) <==== ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
CHR NewTab: "chrome-extension://ojhmphdkpgbibohbnpbfiefkgieacjmh/index.html"
CHR Plugin: (Google Update) - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [X]
S2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [X]
C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
C:\Users\Jeffrey\AppData\Roaming\csrss.exe
End
*****************
 
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll not found.
SplashtopRemoteService => Service deleted successfully.
SSUService => Service deleted successfully.
C:\Users\Jeffrey\AppData\Roaming\msconfig.ini => Moved successfully.
C:\Users\Jeffrey\AppData\Roaming\csrss.exe => Moved successfully.
 
==== End of Fixlog ====
 
The process is still there, and trying to delete the (still hidden in Windows Explorer) psr.exe tells me it's in use (again).
 
By the way, I installed Splashtop myself, as well as that Chrome extension.

Edited by TrustThisPenguin, 20 July 2014 - 04:50 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:41 PM

Posted 21 July 2014 - 07:37 AM

Boot to Safe Mode, Windows 8
http://www.bleepingcomputer.com/tutorials/enable-the-f8-key-in-windows-8/

Delete these files/folder in bold if present.

F:\Downloads\psr <- folder
C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
C:\Users\Jeffrey\AppData\Roaming\csrss.exe

Restart the computer normally.

Post a fresh FRST log for my review.

Edited by nasdaq, 21 July 2014 - 07:38 AM.


#15 TrustThisPenguin

TrustThisPenguin
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 21 July 2014 - 10:01 AM

Booting to safe mode using that method doesn't work for me, possibly because my BIOS is UEFI or because I have MSI Fast Boot enabled.

 

I went to MSCONFIG instead and changed the boot settings there.

 

I deleted the other two files (csrss.exe was hidden in Windows Explorer so I did it in WinRAR), but psr could not be deleted because it said a folder or file inside it was in use.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Jeffrey (administrator) on LIVINGROOM-PC on 21-07-2014 11:00:38
Running from F:\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
() C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Micro-Star Int'l Co., Ltd.) C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe
() C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(MSI) C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
(MSI) C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
(MSI) C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Nuance Communications, Inc.) F:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
(Micro-Star International) C:\MSI\Smart Utilities\SuperRAIDSvc.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flux Software LLC) C:\Users\Jeffrey\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google Inc.) C:\Users\Jeffrey\AppData\Local\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Dropbox, Inc.) C:\Users\Jeffrey\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nuance Communications, Inc.) F:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
(Google) C:\Users\Jeffrey\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Nuance Communications, Inc.) F:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) F:\Downloads\psr\psr.exe
(Microsoft Corporation) C:\Users\Jeffrey\AppData\Roaming\csrss.exe
(Microsoft Corporation) C:\ProgramData\NT Kernel\NTKernel.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-07-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [797680 2014-05-22] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => F:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => F:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => F:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [607592 2011-07-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => F:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [605032 2011-06-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => F:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [f.lux] => C:\Users\Jeffrey\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-01-31] (AMD)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [Google Update] => C:\Users\Jeffrey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-13] (Google Inc.)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [22688416 2014-05-21] (Microsoft Corporation)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [DAEMON Tools Lite] => F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3324928563-3230508422-266313915-1001\...\Winlogon: [Shell] F:\Downloads\psr\psr.exe [329728 2014-07-19] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jeffrey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC394D9F113FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> F:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - F:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Jeffrey\AppData\Local\Roblox\Versions\version-1112937d32504d8c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Jeffrey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jeffrey\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: hxxp://www.wolframalpha.com/
CHR StartupUrls: "hxxp://www.wolframalpha.com/", "hxxp://www.google.com/", "hxxp://www.google.com"
CHR NewTab: "chrome-extension://ojhmphdkpgbibohbnpbfiefkgieacjmh/index.html"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Jeffrey\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Jeffrey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-04-10]
CHR Extension: (Google Docs) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]
CHR Extension: (YouTube Center Developer Build) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj [2014-05-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-16]
CHR Extension: (Facebook) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-03-16]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-07-04]
CHR Extension: (Adblock Plus) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-16]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2014-06-23]
CHR Extension: (Google Search) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-16]
CHR Extension: (Search by Image (by Google)) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-03-16]
CHR Extension: (Tampermonkey) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-07-04]
CHR Extension: (Google News) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-03-16]
CHR Extension: (Google+) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-03-16]
CHR Extension: (Google Calendar) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-16]
CHR Extension: (YouTube Center) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajdnnooakmbbclhphfffkpafehdmgk [2014-07-04]
CHR Extension: (Allow Right-Click) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2014-03-16]
CHR Extension: (Deathamns) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2014-03-16]
CHR Extension: (Dropbox) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-03-16]
CHR Extension: (Google Forms) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2014-03-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-03-16]
CHR Extension: (StayFocusd) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-03-16]
CHR Extension: (Evernote Web) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-16]
CHR Extension: (Skype Click to Call) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-29]
CHR Extension: (Google Maps) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-03-16]
CHR Extension: (Best Simple Facebook Notifications) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\meofonckdkomjeigbnlkgbfmcjfoboem [2014-03-16]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-03-16]
CHR Extension: (Google Play Books) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-03-16]
CHR Extension: (Hangouts) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-16]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2014-03-16]
CHR Extension: (Currently) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2014-07-01]
CHR Extension: (Google Quick Scroll) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-03-16]
CHR Extension: (Gmail) - C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2101248 2014-03-24] (MSI) [File not signed]
S2 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4023808 2014-05-22] () [File not signed]
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2118144 2014-05-15] () [File not signed]
R2 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4159488 2014-05-07] () [File not signed]
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1997824 2014-05-19] () [File not signed]
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2248704 2014-05-05] () [File not signed]
R2 MSIFileSyncMonitor; C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe [13824 2013-09-04] (Micro-Star Int'l Co., Ltd.) [File not signed]
R2 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2063872 2014-04-28] () [File not signed]
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [540672 2014-05-05] () [File not signed]
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_SuiteCharger; C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe [140272 2013-02-19] (MSI)
R2 MSI_SuiteComCen; C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe [333296 2013-05-03] (MSI)
R2 MSI_SuiteFastBoot; C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe [105016 2012-10-26] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 PDFProFiltSrvPP; F:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
R2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-04-15] (Cisco Consumer Products LLC)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [27632 2014-04-30] (Micro-Star International)
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2013-11-30] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AM10; C:\Windows\system32\DRIVERS\am10w7.sys [1101600 2010-03-23] (Ralink Technology Corp.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-02] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-07-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_1_S; C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 NTIOLib_MSIFrequency_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
S3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MSI)
R3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
S3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
R3 NTIOLib_SuiteComCen; C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [13808 2013-04-15] (MSI)
R3 NTIOLib_SuiteFB; C:\MSI\MSI SUITE\FastBoot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2014-05-15] (Splashtop Inc.)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-21 11:00 - 2014-07-21 11:00 - 00000256 _____ () C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
2014-07-21 10:59 - 2014-07-19 14:16 - 00329728 ___SH (Microsoft Corporation) C:\Users\Jeffrey\AppData\Roaming\csrss.exe
2014-07-20 11:05 - 2014-07-20 11:05 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 11:05 - 2014-07-20 11:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-19 11:37 - 2014-07-21 11:00 - 00000000 ____D () C:\FRST
2014-07-19 11:22 - 2014-07-19 14:23 - 00000000 ____D () C:\AdwCleaner
2014-07-19 11:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-15 16:33 - 2014-07-15 16:33 - 00003184 ____N () C:\bootsqm.dat
2014-07-14 18:15 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-07-14 18:14 - 2014-07-14 18:14 - 00000036 _____ () C:\Users\Jeffrey\AppData\Local\housecall.guid.cache
2014-07-14 12:54 - 2014-07-19 14:24 - 00003074 _____ () C:\Windows\PFRO.log
2014-07-14 12:38 - 2014-07-14 18:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 12:38 - 2014-07-14 12:38 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 12:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 12:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 12:16 - 2014-07-14 12:16 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LIVINGROOM-PC-Microsoft-Windows-8.1-Pro-(64-bit).dat
2014-07-14 12:16 - 2014-07-14 12:16 - 00000000 ____D () C:\RegBackup
2014-07-14 12:11 - 2014-07-14 13:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 12:08 - 2014-07-14 12:08 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-14 10:59 - 2014-07-14 10:59 - 381242355 _____ () C:\Windows\MEMORY.DMP
2014-07-14 10:59 - 2014-07-14 10:59 - 00281392 _____ () C:\Windows\Minidump\071414-7734-01.dmp
2014-07-14 10:55 - 2014-07-19 11:35 - 00000000 __SHD () C:\Windows\SysWOW64\NT Kernel
2014-07-13 19:41 - 2014-07-19 14:35 - 00002532 _____ () C:\Users\Jeffrey\Desktop\Rkill.txt
2014-07-13 19:41 - 2014-07-19 12:07 - 00000000 ____D () C:\Users\Jeffrey\Desktop\rkill
2014-07-13 19:29 - 2014-07-21 10:57 - 00002256 _____ () C:\Windows\setupact.log
2014-07-13 19:29 - 2014-07-13 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 19:22 - 2014-07-21 10:59 - 00000000 __SHD () C:\ProgramData\NT Kernel
2014-07-12 23:15 - 2014-07-21 10:54 - 00643237 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 11:36 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 11:34 - 2014-07-09 11:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 09:38 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:38 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:38 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:38 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:38 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 09:38 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 09:38 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 09:38 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 09:38 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 09:38 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:35 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:35 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:35 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:35 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:35 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:35 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:35 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:35 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:35 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:35 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:35 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:35 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:35 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:35 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:35 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:35 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:35 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:35 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:35 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:35 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:35 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:35 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:35 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:35 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:35 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:35 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:35 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:34 - 2014-06-30 18:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 09:34 - 2014-06-28 03:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 09:34 - 2014-06-28 03:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 09:34 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:34 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:34 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 09:34 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 09:34 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 09:34 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 09:34 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 09:34 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 09:34 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 09:34 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 09:34 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 09:34 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 09:34 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 09:34 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 09:34 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 09:34 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 09:34 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 09:14 - 2014-07-09 09:14 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-06-29 09:18 - 2014-06-29 09:18 - 00000000 ____D () C:\ProgramData\Splashtop
2014-06-28 18:55 - 2014-06-28 18:55 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-06-28 18:54 - 2014-06-28 18:54 - 00000000 ____D () C:\Program Files\Nuance
2014-06-28 18:53 - 2014-06-28 18:53 - 00001886 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-06-28 18:53 - 2014-06-28 18:53 - 00001838 _____ () C:\Users\Public\Desktop\PaperPort.lnk
2014-06-28 18:52 - 2014-06-28 18:52 - 00000000 ____D () C:\Windows\PIXTRAN
2014-06-28 18:46 - 2014-06-28 18:47 - 00000000 ____D () C:\Users\Jeffrey\Temp
2014-06-25 12:32 - 2014-07-10 10:06 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-06-25 12:32 - 2014-06-25 12:55 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\Roblox
 
==================== One Month Modified Files and Folders =======
 
2014-07-21 11:00 - 2014-07-21 11:00 - 00000256 _____ () C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
2014-07-21 11:00 - 2014-07-19 11:37 - 00000000 ____D () C:\FRST
2014-07-21 11:00 - 2013-11-30 17:42 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\ClassicShell
2014-07-21 11:00 - 2013-09-30 00:12 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 11:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-21 10:59 - 2014-07-13 19:22 - 00000000 __SHD () C:\ProgramData\NT Kernel
2014-07-21 10:59 - 2014-03-16 17:34 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-21 10:58 - 2014-05-29 18:22 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Skype
2014-07-21 10:58 - 2014-05-02 20:26 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\DropboxMaster
2014-07-21 10:58 - 2013-11-30 18:05 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Dropbox
2014-07-21 10:57 - 2014-07-13 19:29 - 00002256 _____ () C:\Windows\setupact.log
2014-07-21 10:54 - 2014-07-12 23:15 - 00643237 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 10:48 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-21 10:24 - 2014-01-29 20:05 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\CrashDumps
2014-07-20 17:49 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-20 11:05 - 2014-07-20 11:05 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 11:05 - 2014-07-20 11:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 11:05 - 2013-11-28 10:57 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\VirtualStore
2014-07-19 14:35 - 2014-07-13 19:41 - 00002532 _____ () C:\Users\Jeffrey\Desktop\Rkill.txt
2014-07-19 14:24 - 2014-07-14 12:54 - 00003074 _____ () C:\Windows\PFRO.log
2014-07-19 14:23 - 2014-07-19 11:22 - 00000000 ____D () C:\AdwCleaner
2014-07-19 14:16 - 2014-07-21 10:59 - 00329728 ___SH (Microsoft Corporation) C:\Users\Jeffrey\AppData\Roaming\csrss.exe
2014-07-19 12:07 - 2014-07-13 19:41 - 00000000 ____D () C:\Users\Jeffrey\Desktop\rkill
2014-07-19 11:35 - 2014-07-14 10:55 - 00000000 __SHD () C:\Windows\SysWOW64\NT Kernel
2014-07-15 16:33 - 2014-07-15 16:33 - 00003184 ____N () C:\bootsqm.dat
2014-07-15 16:28 - 2013-11-28 10:57 - 00000000 ____D () C:\Users\Jeffrey
2014-07-15 10:16 - 2013-12-15 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-07-15 10:11 - 2014-06-01 12:41 - 00010859 _____ () C:\Windows\SysWOW64\Utility.xml
2014-07-14 18:14 - 2014-07-14 18:14 - 00000036 _____ () C:\Users\Jeffrey\AppData\Local\housecall.guid.cache
2014-07-14 18:02 - 2014-07-14 12:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 13:31 - 2014-07-14 12:11 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 13:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Help
2014-07-14 13:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\ADFS
2014-07-14 12:54 - 2013-11-28 10:57 - 00000000 ____D () C:\Windows\CSC
2014-07-14 12:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Resources
2014-07-14 12:38 - 2014-07-14 12:38 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 12:38 - 2014-07-14 12:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 12:34 - 2013-08-22 10:44 - 05200424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 12:16 - 2014-07-14 12:16 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LIVINGROOM-PC-Microsoft-Windows-8.1-Pro-(64-bit).dat
2014-07-14 12:16 - 2014-07-14 12:16 - 00000000 ____D () C:\RegBackup
2014-07-14 12:08 - 2014-07-14 12:08 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-14 10:59 - 2014-07-14 10:59 - 381242355 _____ () C:\Windows\MEMORY.DMP
2014-07-14 10:59 - 2014-07-14 10:59 - 00281392 _____ () C:\Windows\Minidump\071414-7734-01.dmp
2014-07-14 10:08 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-13 19:29 - 2014-07-13 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 19:28 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 19:17 - 2013-11-28 11:02 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3324928563-3230508422-266313915-1001
2014-07-13 19:15 - 2013-11-28 11:00 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC07C0E0-4DBE-4901-8CC2-D03E22C7999A}
2014-07-13 19:14 - 2014-02-18 17:55 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-13 19:13 - 2014-02-18 19:52 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LIVINGROOM-PC-Jeffrey LivingRoom-PC
2014-07-13 19:12 - 2013-11-28 11:08 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 14:12 - 2013-11-28 11:08 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 13:36 - 2014-02-13 14:15 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001UA.job
2014-07-12 22:08 - 2013-11-28 10:57 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\Packages
2014-07-12 22:01 - 2014-03-02 11:03 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-12 16:36 - 2014-02-13 14:15 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001Core.job
2014-07-12 15:37 - 2014-02-18 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 15:36 - 2014-02-18 17:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-11 22:06 - 2014-06-04 20:40 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\PMB Files
2014-07-11 22:06 - 2014-06-04 20:40 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-10 10:06 - 2014-06-25 12:32 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 13:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 13:45 - 2013-09-29 23:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 11:42 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-07-09 11:41 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-09 11:40 - 2013-11-29 21:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 11:39 - 2013-11-29 21:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 11:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-07-09 11:34 - 2014-07-09 11:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 09:14 - 2014-07-09 09:14 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-08 18:14 - 2014-01-15 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-02 18:25 - 2014-05-29 19:01 - 00000000 ____D () C:\ProgramData\Origin
2014-07-02 15:51 - 2013-11-30 17:49 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\.minecraft
2014-07-02 14:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-01 17:04 - 2014-02-09 12:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-30 18:45 - 2014-07-09 09:34 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 09:18 - 2014-06-29 09:18 - 00000000 ____D () C:\ProgramData\Splashtop
2014-06-28 21:06 - 2014-03-09 11:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 18:55 - 2014-06-28 18:55 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-06-28 18:55 - 2014-03-02 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2014-06-28 18:55 - 2014-03-02 11:03 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-06-28 18:54 - 2014-06-28 18:54 - 00000000 ____D () C:\Program Files\Nuance
2014-06-28 18:54 - 2014-03-02 11:03 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\Zeon
2014-06-28 18:54 - 2014-03-02 11:03 - 00000000 ____D () C:\Users\Jeffrey\AppData\Roaming\.oit
2014-06-28 18:54 - 2014-02-28 19:48 - 00000000 ____D () C:\ProgramData\Nuance
2014-06-28 18:53 - 2014-06-28 18:53 - 00001886 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-06-28 18:53 - 2014-06-28 18:53 - 00001838 _____ () C:\Users\Public\Desktop\PaperPort.lnk
2014-06-28 18:53 - 2014-02-28 19:48 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-06-28 18:52 - 2014-06-28 18:52 - 00000000 ____D () C:\Windows\PIXTRAN
2014-06-28 18:47 - 2014-06-28 18:46 - 00000000 ____D () C:\Users\Jeffrey\Temp
2014-06-28 03:48 - 2014-07-09 09:34 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 03:07 - 2014-07-09 09:34 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-26 17:39 - 2014-06-01 15:52 - 00000000 ___HD () C:\MSIServiceCfg_CC
2014-06-26 16:55 - 2013-08-22 11:38 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 16:55 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 14:46 - 2013-11-28 11:07 - 00000000 ____D () C:\MSI
2014-06-25 12:55 - 2014-06-25 12:32 - 00000000 ____D () C:\Users\Jeffrey\AppData\Local\Roblox
2014-06-24 16:07 - 2013-11-28 11:08 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 16:07 - 2013-11-28 11:08 - 00003664 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 16:06 - 2014-06-01 14:49 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-22 22:30 - 2013-12-01 16:19 - 00007989 _____ () C:\Windows\BRRBCOM.INI
2014-06-21 16:31 - 2014-02-13 14:15 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001UA
2014-06-21 16:31 - 2014-02-13 14:15 - 00003514 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3324928563-3230508422-266313915-1001Core
 
Files to move or delete:
====================
C:\Users\Jeffrey\AppData\Roaming\msconfig.ini
 
 
Some content of TEMP:
====================
C:\Users\Jeffrey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzuvitj.dll
C:\Users\Jeffrey\AppData\Local\Temp\mbam-setup.exe
C:\Users\Jeffrey\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-21 12:40
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users