Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible RAT / Botnet - Scan included


  • This topic is locked This topic is locked
16 replies to this topic

#1 Swagman2K14

Swagman2K14

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 17 July 2014 - 01:56 AM

Hello!

So last week, my computer started randomly playing a song that I had downloaded on my computer, then followed by someone pressing CTRL and F to bring up "Find" on Firefox and started typing to me, I instantly turned my computer off by the power button. I then, ran the computer in Safe Mode with networking and had him type "hello I'm the ghost" on the Firefox search. After opening CCleaner, I found a jusched.jar file running on start up and started looking up what to do. I have deleted the start up entry for the file, I believe I have deleted the file (it was appearing invisible despite folder options being on) and I found a registry in a Java Folder on Regedit regarding the jusched.jar and removed it in hope that that would remove it. I am too scared however, to use my computer as I do not know if it has gone or not, I would really appreciate it if you could help me get this resolved, I am on a 64 Bit windows 7 computer and have AVG, Avast. Spybot, Microsoft Essentials and Malware Bytes installed, in which none of the scanners have currently found anything from what I believe, thanks for your time, I really appreciate it

 

I was told by a Global Moderator to come here and post a DDS Log, here it is (Virus scanners say outdated due to several days of no updates):

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.55.2
Run by Jordan at 7:52:27 on 2014-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3582.1950 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Outdated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Enabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Outdated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
mURLSearchHooks: {f16708b8-d2df-482d-9dfa-aa8d8894f0f4} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - {50C3F0BE-A832-45AB-BB6E-352D173AFD8C}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
LSP: pcapwsp.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{06F5FD00-69F9-450D-B6B8-41D343417C2B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{06F5FD00-69F9-450D-B6B8-41D343417C2B}\6796277696E6D65646961603638393938323 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{06F5FD00-69F9-450D-B6B8-41D343417C2B}\6796277696E6D65646961623934333335313 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{06F5FD00-69F9-450D-B6B8-41D343417C2B}\A4F6274616E6E2 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{EC26147B-CE02-40CA-8A92-97088233A685} : DHCPNameServer = 172.20.10.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - LocalServer32 - <no file>
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - LocalServer32 - <no file>
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - LocalServer32 - <no file>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - LocalServer32 - <no file>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - LocalServer32 - <no file>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\t7p48djz.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-8-19 95152]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-3-2 283064]
R3 ElgatoGC658Y;Elgato Game Capture;C:\Windows\System32\drivers\ElgatoGC658.sys [2013-4-25 50288]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-29 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-29 79104]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2013-9-12 108960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-25 565352]
R3 RTL8192cu;300Mbps Wireless USB Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2013-4-25 926824]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2014-2-7 38992]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2014-4-8 21504]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-8 65776]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-8 224896]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
S1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-4-25 21616]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-8 1041168]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-7-8 427360]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-2-16 43112]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-7 203776]
S2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-8 29208]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-8 79184]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-8 92008]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-8 50344]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-1-20 115472]
S2 CGVPNCliService;CyberGhost 5 Client Service;C:\Program Files\CyberGhost 5\Service.exe [2014-4-6 64112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-1 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-1 860472]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
S2 pcapsvc;ProxyCap Service;C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2013-9-19 2280960]
S2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2014-7-12 443416]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-7-8 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-7-8 2088408]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-7-8 171928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 vToolbarUpdater18.1.7;vToolbarUpdater18.1.7;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [2014-6-3 1808408]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;C:\Windows\System32\drivers\CMUSBDAC.sys [2013-5-9 358400]
S3 hcwhdpvr;Hauppauge HD PVR Capture Service;C:\Windows\System32\drivers\hcwhdpvr.sys [2012-3-8 192072]
S3 HP8107Fltr;HP-HP8107;C:\Windows\System32\drivers\HP8107.sys [2010-2-4 13824]
S3 KINONI_Wave;Kinoni Audio Source;C:\Windows\System32\drivers\kinonivad.sys [2013-2-26 23040]
S3 kinonivd;Kinoni Video Source;C:\Windows\System32\drivers\kinonivd.sys [2013-2-26 2782848]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-1 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-1 63704]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-8-6 23040]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-10-16 42184]
S3 tapSF0901;Spotflux Virtual Network Device Driver;C:\Windows\System32\drivers\tapSF0901.sys [2013-7-8 39104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-27 1255736]
S4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-1-20 402192]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-1-20 385808]
S4 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
S4 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
.
=============== Created Last 30 ================
.
2014-07-16 20:12:32    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8A7472A-5EE7-42FE-9296-75FB274A08A3}\offreg.dll
2014-07-13 17:17:39    --------    d-----w-    C:\Users\Jordan\AppData\Local\Lavasoft
2014-07-12 16:08:32    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2014-07-10 20:33:13    --------    d-----w-    C:\Users\Jordan\AppData\Local\ElevatedDiagnostics
2014-07-08 17:32:11    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2014-07-08 17:32:10    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-07-08 17:32:03    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-08 17:02:34    --------    d-----w-    C:\Users\Jordan\AppData\Roaming\AVAST Software
2014-07-08 17:01:28    92008    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-07-08 17:01:27    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-07-08 17:01:25    1041168    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-07-08 17:01:24    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-07-08 17:01:23    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-08 17:01:20    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-07-08 17:01:19    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-07-08 17:00:55    43152    ----a-w-    C:\Windows\avastSS.scr
2014-07-08 16:59:09    --------    d-----w-    C:\Program Files\AVAST Software
2014-07-08 16:56:30    --------    d-----w-    C:\ProgramData\AVAST Software
2014-07-08 15:10:25    --------    d-----w-    C:\Program Files\CCleaner
2014-07-08 13:50:07    1031560    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B18A918-2E56-4EFA-B473-08680254891A}\gapaengine.dll
2014-07-08 13:50:02    10779000    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8A7472A-5EE7-42FE-9296-75FB274A08A3}\mpengine.dll
2014-07-08 13:46:11    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2014-07-08 13:46:02    --------    d-----w-    C:\Program Files\Microsoft Security Client
2014-07-06 11:28:15    --------    d-----w-    C:\Windows\pss
2014-07-01 17:08:40    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-01 17:08:14    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-01 17:08:14    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-07-01 17:08:14    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-07-01 17:08:14    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-07-01 17:08:14    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-23 18:25:50    --------    d-----w-    C:\.mpr_file_store_32
2014-06-23 18:24:55    --------    d-----w-    C:\Program Files\MoparScape
2014-06-22 16:59:26    --------    d-----w-    C:\Users\Jordan\AppData\Roaming\RSBot
2014-06-21 11:27:04    --------    d-----w-    C:\Users\Jordan\AppData\Local\Spotify
2014-06-21 11:26:33    --------    d-----w-    C:\Users\Jordan\AppData\Roaming\Spotify
.
==================== Find3M  ====================
.
2014-06-14 11:19:18    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-14 11:19:18    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-03 14:23:16    50464    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-05-13 13:20:26    235800    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-05-13 13:20:06    273176    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-05-13 13:06:06    323352    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2014-05-13 13:05:40    191768    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2014-05-13 13:05:08    152344    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2014-05-13 13:05:06    130328    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2014-05-13 13:04:56    236312    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-05-13 13:04:30    31512    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH:  7:53:37.36 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 19 July 2014 - 08:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 Swagman2K14

Swagman2K14
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 19 July 2014 - 12:21 PM

Hello, thank you ever so much for helping me out, I really appreciate it,  here are the results:

 

Adaware:

 

# AdwCleaner v3.216 - Report created 19/07/2014 at 18:13:02
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jordan - JORDANPC
# Running from : C:\Users\Jordan\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.1.7

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\Jordan\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Jordan\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Jordan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jordan\AppData\LocalLow\HotSpot_Shield_Elite
Folder Deleted : C:\Users\Jordan\AppData\Roaming\Tencent
Folder Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2707060
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6AEB4731-E39F-46DD-8782-A34C365F2AEE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92DE81C9-6BC7-4880-98B9-3948AC3EFC90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B554DBFC-BF30-4DA5-BCDD-F2FC3E71FA77}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F16708B8-D2DF-482D-9DFA-AA8D8894F0F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F16708B8-D2DF-482D-9DFA-AA8D8894F0F4}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\HotSpot_Shield_Elite
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\HotSpot_Shield_Elite
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\t7p48djz.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=a4d6ace6-db65-4ef7-a02f-409b26ec1560&searchtype=ds&q={searchTerms}&installDate=16/06/2013
Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Deleted [Extension] : iabeihobmhlgpkcgjiloemdbofjbdcic
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [7968 octets] - [19/07/2014 18:11:21]
AdwCleaner[S0].txt - [7702 octets] - [19/07/2014 18:13:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7762 octets] ##########
 

 

FARBAR:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Jordan (administrator) on JORDANPC on 19-07-2014 18:16:37
Running from C:\Users\Jordan\Farbar
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-08] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1484420633-766531857-169010213-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1484420633-766531857-169010213-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe [851120 2014-06-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-1484420633-766531857-169010213-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [7878 2014-07-19] ()
HKU\S-1-5-21-1484420633-766531857-169010213-1000\...\MountPoints2: {2cc19c09-a1f5-11e3-be0c-94de8003f0fc} - F:\SETUP.EXE
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => "C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6D0146986152CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {D60EEAF9-C1EC-443F-BBA8-89A146D1C323} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2707060&CUI=UN31285028781133244&UM=1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Winsock: Catalog5 07 pcapwsp.dll File Not found ()
Winsock: Catalog5-x64 07 pcapwsp.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\t7p48djz.default
FF Homepage: about:home
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\\Program Files\\Trend Micro\\Titanium\\UIFramework\\Toolbar\\firefoxextension\\components\\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: MEGA - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\t7p48djz.default\Extensions\firefox@mega.co.nz.xpi [2014-06-05]
FF Extension: YouTube High Definition - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\t7p48djz.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-04-08]
FF Extension: ReloadEvery - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\t7p48djz.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-04-17]
FF Extension: Adblock Plus - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\t7p48djz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-03]
FF Extension: Greasemonkey - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\t7p48djz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-08]

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: "hxxp://www.msn.com/?pc=AV01"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-21]
CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-21]
CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-21]
CHR Extension: (Google Search) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-21]
CHR Extension: (Show Tags for YouTube™ (partly broken)) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggphokdgjikekfiakjcpidcclbmkfga [2014-04-08]
CHR Extension: (Tampermonkey) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-11-14]
CHR Extension: (No Name) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2013-11-14]
CHR Extension: (Skype Click to Call) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-21]
CHR Extension: (Google Wallet) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-21]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2014-04-05]
CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Virgin Media\Service Manager\ChromeExtension.crx [2013-07-25]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 pcapsvc; C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2280960 2013-09-19] (Proxy Labs) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [358400 2013-05-09] (C-Media Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-02] (Disc Soft Ltd)
R3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [192072 2013-04-25] (Hauppauge, Inc.)
S3 HP8107Fltr; C:\Windows\System32\DRIVERS\HP8107.sys [13824 2010-02-04] (Windows ® Win 7 DDK provider)
S3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows ® Win 7 DDK provider)
S3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows ® Win 7 DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino) [File not signed]
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation                           )
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-07-08] (Spotflux, Inc.)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 18:16 - 2014-07-19 18:16 - 00000000 ____D () C:\Users\Jordan\Farbar
2014-07-19 18:16 - 2014-07-19 18:16 - 00000000 ____D () C:\FRST
2014-07-19 18:11 - 2014-07-19 18:13 - 00000000 ____D () C:\AdwCleaner
2014-07-19 18:11 - 2014-07-19 18:11 - 01354223 _____ () C:\Users\Jordan\Downloads\AdwCleaner.exe
2014-07-19 18:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-17 07:53 - 2014-07-17 07:54 - 00071033 _____ () C:\Users\Jordan\Desktop\attach.txt
2014-07-17 07:53 - 2014-07-17 07:54 - 00025133 _____ () C:\Users\Jordan\Desktop\dds.txt
2014-07-17 07:52 - 2014-07-17 07:52 - 00688992 ____R (Swearware) C:\Users\Jordan\Downloads\dds.com
2014-07-13 18:17 - 2014-07-13 18:17 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Lavasoft
2014-07-13 18:09 - 2014-07-13 18:17 - 605549768 _____ () C:\Users\Jordan\Downloads\AdAwareStandaloneInstaller.exe
2014-07-13 18:07 - 2014-07-13 18:07 - 01707144 _____ () C:\Users\Jordan\Downloads\Adaware_Installer(1).exe
2014-07-13 18:06 - 2014-07-13 18:06 - 01707144 _____ () C:\Users\Jordan\Downloads\Adaware_Installer.exe
2014-07-13 18:06 - 2014-07-13 18:06 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-13 14:33 - 2014-07-13 14:44 - 218115676 _____ () C:\Users\Jordan\Desktop\GTA 5 GLITCHES.mp4
2014-07-13 14:28 - 2014-07-13 14:32 - 00254496 _____ () C:\Users\Jordan\Desktop\coment.sfk
2014-07-13 14:27 - 2014-07-13 14:27 - 32567340 _____ () C:\Users\Jordan\Desktop\coment.wav
2014-07-12 17:08 - 2014-07-12 17:08 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Jordan\Downloads\RUBottedSetup.exe
2014-07-12 17:08 - 2014-07-12 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-07-12 17:08 - 2014-07-12 17:08 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-10 21:51 - 2014-07-10 22:50 - 00017929 _____ () C:\Users\Jordan\Desktop\English Monologue.odt
2014-07-08 19:06 - 2014-07-08 19:06 - 00000545 _____ () C:\Windows\wininit.ini
2014-07-08 18:33 - 2014-07-08 18:33 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-08 18:32 - 2014-07-08 19:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-08 18:32 - 2014-07-08 18:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-08 18:32 - 2014-07-08 18:32 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-08 18:32 - 2014-07-08 18:32 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-08 18:32 - 2014-07-08 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-08 18:32 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-07-08 18:30 - 2014-07-08 18:31 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jordan\Downloads\spybot-2.4.exe
2014-07-08 18:21 - 2014-07-19 18:14 - 00002228 _____ () C:\Windows\PFRO.log
2014-07-08 18:02 - 2014-07-08 18:02 - 00001974 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-08 18:02 - 2014-07-08 18:02 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\AVAST Software
2014-07-08 18:02 - 2014-07-08 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-08 18:01 - 2014-07-13 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-08 18:01 - 2014-07-08 18:01 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-08 18:01 - 2014-07-08 18:01 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-08 18:01 - 2014-07-08 18:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-08 18:00 - 2014-07-08 18:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 17:59 - 2014-07-08 17:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-08 17:56 - 2014-07-08 17:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-08 17:56 - 2014-07-08 17:56 - 04862664 _____ (AVAST Software) C:\Users\Jordan\Downloads\avast_free_antivirus_setup_online.exe
2014-07-08 17:51 - 2014-07-19 18:14 - 01040300 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 17:49 - 2014-07-19 18:14 - 00002632 _____ () C:\Windows\setupact.log
2014-07-08 17:49 - 2014-07-08 17:50 - 05233240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 17:49 - 2014-07-08 17:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-08 17:44 - 2014-07-08 17:44 - 00152616 _____ () C:\Users\Jordan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 16:10 - 2014-07-08 16:10 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-08 16:10 - 2014-07-08 16:10 - 00000830 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-08 16:10 - 2014-07-08 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-08 16:10 - 2014-07-08 16:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-08 16:09 - 2014-07-08 16:10 - 04812672 _____ (Piriform Ltd) C:\Users\Jordan\Downloads\ccsetup415.exe
2014-07-08 14:46 - 2014-07-08 14:46 - 00002125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-08 14:46 - 2014-07-08 14:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-08 14:46 - 2014-07-08 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-06 12:28 - 2014-07-06 13:16 - 00000000 ____D () C:\Windows\pss
2014-07-05 11:12 - 2014-07-05 11:12 - 01059840 ____H () C:\Users\Jordan\Downloads\MicrosoftFixit50981.msi
2014-07-05 10:58 - 2014-07-05 10:58 - 00347816 ____H (Microsoft Corporation) C:\Users\Jordan\Downloads\MicrosoftFixit.WindowsFirewall.RNP.237327985099500750.1.1.Run.exe
2014-07-03 17:27 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-03 17:26 - 2014-07-03 17:26 - 29183200 ____H (Microsoft Corporation) C:\Users\Jordan\Downloads\Windows-KB890830-x64-V5.13.exe
2014-07-01 18:08 - 2014-07-16 19:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 18:08 - 2014-07-01 18:08 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 18:08 - 2014-07-01 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 18:08 - 2014-07-01 18:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 18:08 - 2014-07-01 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-01 18:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-01 18:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-01 18:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-01 18:07 - 2014-07-01 18:07 - 17292760 ____H (Malwarebytes Corporation ) C:\Users\Jordan\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-01 17:59 - 2014-07-08 14:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-01 17:59 - 2014-07-01 17:59 - 13829304 ____H (Microsoft Corporation) C:\Users\Jordan\Downloads\mseinstall.exe
2014-07-01 17:29 - 2014-07-01 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backlink Loophole
2014-07-01 16:48 - 2014-07-01 16:48 - 00024548 _____ () C:\Users\Jordan\Desktop\hs_err_pid2632.log
2014-07-01 15:49 - 2014-07-01 16:52 - 00000024 _____ () C:\Users\Jordan\random.dat
2014-06-30 21:39 - 2014-06-30 22:06 - 00000192 _____ () C:\Users\Jordan\Desktop\Challenge 4.py
2014-06-30 21:37 - 2014-06-30 22:06 - 00000192 _____ () C:\Users\Jordan\Desktop\Challenge 3.py
2014-06-30 21:32 - 2014-06-30 21:36 - 00000382 _____ () C:\Users\Jordan\Desktop\Challenge 2.py
2014-06-30 21:14 - 2014-06-30 21:29 - 00000372 _____ () C:\Users\Jordan\Desktop\Challenge 1.py
2014-06-27 16:40 - 2014-06-27 16:40 - 00884976 ____H () C:\Users\Jordan\Downloads\RSBot-6030(1).jar
2014-06-27 07:50 - 2014-06-27 07:50 - 00884976 _____ () C:\Users\Jordan\Desktop\RSBot-6030(1).jar
2014-06-27 07:48 - 2014-06-27 07:48 - 00884976 ____H () C:\Users\Jordan\Downloads\RSBot-6030.jar
2014-06-25 22:46 - 2014-06-25 22:47 - 00035518 _____ () C:\Users\Jordan\Desktop\his hw.odt
2014-06-23 19:28 - 2014-06-23 19:28 - 00654863 ____H (Lets PK ) C:\Users\Jordan\Downloads\LPK-winsetup.exe
2014-06-23 19:28 - 2014-06-23 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lets PK Client
2014-06-23 19:25 - 2014-06-23 19:26 - 00000000 ____D () C:\.mpr_file_store_32
2014-06-23 19:25 - 2014-06-23 19:25 - 00003148 _____ () C:\Windows\System32\Tasks\{F49B193A-C3EF-419B-BA24-F62F6B1EC2A6}
2014-06-23 19:24 - 2014-06-23 19:24 - 01140393 ____H () C:\Users\Jordan\Downloads\MoparScapeInstall.exe
2014-06-23 19:24 - 2014-06-23 19:24 - 00000000 ____D () C:\Program Files\MoparScape
2014-06-23 15:26 - 2014-06-23 15:26 - 00881804 _____ () C:\Users\Jordan\Desktop\PowerBot.jar
2014-06-22 17:59 - 2014-06-26 16:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\RSBot
2014-06-22 17:59 - 2014-06-22 17:59 - 00881804 ____H () C:\Users\Jordan\Downloads\RSBot-6029.jar
2014-06-21 12:33 - 2014-06-21 12:33 - 00002853 ____H () C:\Users\Jordan\Downloads\collectionCache.bnk
2014-06-21 12:27 - 2014-06-27 20:54 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Spotify
2014-06-21 12:27 - 2014-06-21 12:27 - 00001780 _____ () C:\Users\Jordan\Desktop\Spotify.lnk
2014-06-21 12:27 - 2014-06-21 12:27 - 00001766 _____ () C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-06-21 12:26 - 2014-06-27 22:15 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Spotify
2014-06-21 12:26 - 2014-06-21 12:26 - 00126112 ____H (Spotify Ltd) C:\Users\Jordan\Downloads\SpotifySetup.exe
2014-06-20 21:59 - 2014-06-20 22:00 - 01100935 _____ () C:\Users\Jordan\Desktop\UPLOAD.mp4
2014-06-20 21:59 - 2014-06-20 21:59 - 00292384 _____ () C:\Users\Jordan\Desktop\commentary.sfk

==================== One Month Modified Files and Folders =======

2014-07-19 18:16 - 2014-07-19 18:16 - 00000000 ____D () C:\Users\Jordan\Farbar
2014-07-19 18:16 - 2014-07-19 18:16 - 00000000 ____D () C:\FRST
2014-07-19 18:16 - 2013-04-25 18:02 - 00000000 ____D () C:\Users\Jordan
2014-07-19 18:14 - 2014-07-08 18:21 - 00002228 _____ () C:\Windows\PFRO.log
2014-07-19 18:14 - 2014-07-08 17:51 - 01040300 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 18:14 - 2014-07-08 17:49 - 00002632 _____ () C:\Windows\setupact.log
2014-07-19 18:13 - 2014-07-19 18:11 - 00000000 ____D () C:\AdwCleaner
2014-07-19 18:11 - 2014-07-19 18:11 - 01354223 _____ () C:\Users\Jordan\Downloads\AdwCleaner.exe
2014-07-18 18:06 - 2009-07-14 05:45 - 00024512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 18:06 - 2009-07-14 05:45 - 00024512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 17:25 - 2013-09-23 20:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-18 17:20 - 2014-02-26 23:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-18 15:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 07:54 - 2014-07-17 07:53 - 00071033 _____ () C:\Users\Jordan\Desktop\attach.txt
2014-07-17 07:54 - 2014-07-17 07:53 - 00025133 _____ () C:\Users\Jordan\Desktop\dds.txt
2014-07-17 07:52 - 2014-07-17 07:52 - 00688992 ____R (Swearware) C:\Users\Jordan\Downloads\dds.com
2014-07-16 19:04 - 2014-07-01 18:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 18:17 - 2014-07-13 18:17 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Lavasoft
2014-07-13 18:17 - 2014-07-13 18:09 - 605549768 _____ () C:\Users\Jordan\Downloads\AdAwareStandaloneInstaller.exe
2014-07-13 18:07 - 2014-07-13 18:07 - 01707144 _____ () C:\Users\Jordan\Downloads\Adaware_Installer(1).exe
2014-07-13 18:06 - 2014-07-13 18:06 - 01707144 _____ () C:\Users\Jordan\Downloads\Adaware_Installer.exe
2014-07-13 18:06 - 2014-07-13 18:06 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-13 14:57 - 2013-05-19 17:18 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Skype
2014-07-13 14:56 - 2014-07-08 18:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-13 14:44 - 2014-07-13 14:33 - 218115676 _____ () C:\Users\Jordan\Desktop\GTA 5 GLITCHES.mp4
2014-07-13 14:32 - 2014-07-13 14:28 - 00254496 _____ () C:\Users\Jordan\Desktop\coment.sfk
2014-07-13 14:32 - 2013-04-26 17:27 - 00001456 _____ () C:\Users\Jordan\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-07-13 14:29 - 2013-04-25 20:23 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Audacity
2014-07-13 14:27 - 2014-07-13 14:27 - 32567340 _____ () C:\Users\Jordan\Desktop\coment.wav
2014-07-13 14:16 - 2014-03-08 13:25 - 00000000 ____D () C:\Users\Jordan\Desktop\Clips
2014-07-13 14:13 - 2014-01-05 19:43 - 00000000 ____D () C:\Users\Jordan\Desktop\JordanB
2014-07-12 17:08 - 2014-07-12 17:08 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Jordan\Downloads\RUBottedSetup.exe
2014-07-12 17:08 - 2014-07-12 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-07-12 17:08 - 2014-07-12 17:08 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-12 17:08 - 2013-07-14 17:20 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-07-10 22:50 - 2014-07-10 21:51 - 00017929 _____ () C:\Users\Jordan\Desktop\English Monologue.odt
2014-07-09 17:02 - 2013-11-25 17:42 - 00000000 ____D () C:\Program Files (x86)\Net Tools
2014-07-08 19:06 - 2014-07-08 19:06 - 00000545 _____ () C:\Windows\wininit.ini
2014-07-08 19:06 - 2014-07-08 18:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-08 18:34 - 2014-07-08 18:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-08 18:33 - 2014-07-08 18:33 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-08 18:32 - 2014-07-08 18:32 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-08 18:32 - 2014-07-08 18:32 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-08 18:32 - 2014-07-08 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-08 18:32 - 2013-11-24 11:17 - 00000000 ____D () C:\Users\fbwuserE7CF
2014-07-08 18:32 - 2013-11-24 11:17 - 00000000 ____D () C:\Users\fbwuserBF73
2014-07-08 18:31 - 2014-07-08 18:30 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jordan\Downloads\spybot-2.4.exe
2014-07-08 18:28 - 2013-10-21 16:33 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-08 18:02 - 2014-07-08 18:02 - 00001974 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-08 18:02 - 2014-07-08 18:02 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\AVAST Software
2014-07-08 18:02 - 2014-07-08 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-08 18:01 - 2014-07-08 18:01 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-08 18:01 - 2014-07-08 18:01 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-08 18:01 - 2014-07-08 18:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-08 18:01 - 2014-03-31 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-08 18:00 - 2014-07-08 18:01 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-08 18:00 - 2014-07-08 18:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 17:59 - 2014-07-08 17:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-08 17:59 - 2014-07-08 17:56 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-08 17:56 - 2014-07-08 17:56 - 04862664 _____ (AVAST Software) C:\Users\Jordan\Downloads\avast_free_antivirus_setup_online.exe
2014-07-08 17:50 - 2014-07-08 17:49 - 05233240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 17:49 - 2014-07-08 17:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-08 17:44 - 2014-07-08 17:44 - 00152616 _____ () C:\Users\Jordan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 17:41 - 2013-09-30 21:59 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\DAEMON Tools Lite
2014-07-08 17:40 - 2013-06-16 09:01 - 00000000 ____D () C:\Windows\Minidump
2014-07-08 17:40 - 2013-06-15 18:04 - 00000000 ____D () C:\Users\Jordan\AppData\Local\CrashDumps
2014-07-08 17:40 - 2013-04-26 02:53 - 00000000 ____D () C:\Windows\Panther
2014-07-08 16:10 - 2014-07-08 16:10 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-08 16:10 - 2014-07-08 16:10 - 00000830 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-08 16:10 - 2014-07-08 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-08 16:10 - 2014-07-08 16:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-08 16:10 - 2014-07-08 16:09 - 04812672 _____ (Piriform Ltd) C:\Users\Jordan\Downloads\ccsetup415.exe
2014-07-08 14:50 - 2009-07-14 06:13 - 00006418 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-08 14:47 - 2014-07-01 17:59 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-08 14:46 - 2014-07-08 14:46 - 00002125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-08 14:46 - 2014-07-08 14:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-08 14:46 - 2014-07-08 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-08 11:17 - 2013-04-25 19:15 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\ATI
2014-07-06 13:16 - 2014-07-06 12:28 - 00000000 ____D () C:\Windows\pss
2014-07-06 12:43 - 2013-07-25 19:21 - 00000000 ____D () C:\ProgramData\Radialpoint
2014-07-05 11:12 - 2014-07-05 11:12 - 01059840 ____H () C:\Users\Jordan\Downloads\MicrosoftFixit50981.msi
2014-07-05 10:58 - 2014-07-05 10:58 - 00347816 ____H (Microsoft Corporation) C:\Users\Jordan\Downloads\MicrosoftFixit.WindowsFirewall.RNP.237327985099500750.1.1.Run.exe
2014-07-03 17:26 - 2014-07-03 17:26 - 29183200 ____H (Microsoft Corporation) C:\Users\Jordan\Downloads\Windows-KB890830-x64-V5.13.exe
2014-07-02 20:16 - 2013-04-26 15:34 - 00000000 ____D () C:\Users\Jordan\Desktop\YouTube Stuff
2014-07-01 22:03 - 2013-07-25 19:21 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Radialpoint
2014-07-01 19:58 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2014-07-01 18:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-07-01 18:08 - 2014-07-01 18:08 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 18:08 - 2014-07-01 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 18:08 - 2014-07-01 18:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 18:08 - 2014-07-01 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-01 18:07 - 2014-07-01 18:07 - 17292760 ____H (Malwarebytes Corporation ) C:\Users\Jordan\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-01 17:59 - 2014-07-01 17:59 - 13829304 ____H (Microsoft Corporation) C:\Users\Jordan\Downloads\mseinstall.exe
2014-07-01 17:29 - 2014-07-01 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backlink Loophole
2014-07-01 16:52 - 2014-07-01 15:49 - 00000024 _____ () C:\Users\Jordan\random.dat
2014-07-01 16:48 - 2014-07-01 16:48 - 00024548 _____ () C:\Users\Jordan\Desktop\hs_err_pid2632.log
2014-07-01 07:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-30 22:06 - 2014-06-30 21:39 - 00000192 _____ () C:\Users\Jordan\Desktop\Challenge 4.py
2014-06-30 22:06 - 2014-06-30 21:37 - 00000192 _____ () C:\Users\Jordan\Desktop\Challenge 3.py
2014-06-30 21:36 - 2014-06-30 21:32 - 00000382 _____ () C:\Users\Jordan\Desktop\Challenge 2.py
2014-06-30 21:29 - 2014-06-30 21:14 - 00000372 _____ () C:\Users\Jordan\Desktop\Challenge 1.py
2014-06-27 22:15 - 2014-06-21 12:26 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Spotify
2014-06-27 20:54 - 2014-06-21 12:27 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Spotify
2014-06-27 16:40 - 2014-06-27 16:40 - 00884976 ____H () C:\Users\Jordan\Downloads\RSBot-6030(1).jar
2014-06-27 07:50 - 2014-06-27 07:50 - 00884976 _____ () C:\Users\Jordan\Desktop\RSBot-6030(1).jar
2014-06-27 07:48 - 2014-06-27 07:48 - 00884976 ____H () C:\Users\Jordan\Downloads\RSBot-6030.jar
2014-06-26 16:52 - 2014-06-22 17:59 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\RSBot
2014-06-25 22:47 - 2014-06-25 22:46 - 00035518 _____ () C:\Users\Jordan\Desktop\his hw.odt
2014-06-23 19:28 - 2014-06-23 19:28 - 00654863 ____H (Lets PK ) C:\Users\Jordan\Downloads\LPK-winsetup.exe
2014-06-23 19:28 - 2014-06-23 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lets PK Client
2014-06-23 19:26 - 2014-06-23 19:25 - 00000000 ____D () C:\.mpr_file_store_32
2014-06-23 19:25 - 2014-06-23 19:25 - 00003148 _____ () C:\Windows\System32\Tasks\{F49B193A-C3EF-419B-BA24-F62F6B1EC2A6}
2014-06-23 19:24 - 2014-06-23 19:24 - 01140393 ____H () C:\Users\Jordan\Downloads\MoparScapeInstall.exe
2014-06-23 19:24 - 2014-06-23 19:24 - 00000000 ____D () C:\Program Files\MoparScape
2014-06-23 15:26 - 2014-06-23 15:26 - 00881804 _____ () C:\Users\Jordan\Desktop\PowerBot.jar
2014-06-22 17:59 - 2014-06-22 17:59 - 00881804 ____H () C:\Users\Jordan\Downloads\RSBot-6029.jar
2014-06-21 12:33 - 2014-06-21 12:33 - 00002853 ____H () C:\Users\Jordan\Downloads\collectionCache.bnk
2014-06-21 12:27 - 2014-06-21 12:27 - 00001780 _____ () C:\Users\Jordan\Desktop\Spotify.lnk
2014-06-21 12:27 - 2014-06-21 12:27 - 00001766 _____ () C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-06-21 12:26 - 2014-06-21 12:26 - 00126112 ____H (Spotify Ltd) C:\Users\Jordan\Downloads\SpotifySetup.exe
2014-06-20 22:00 - 2014-06-20 21:59 - 01100935 _____ () C:\Users\Jordan\Desktop\UPLOAD.mp4
2014-06-20 21:59 - 2014-06-20 21:59 - 00292384 _____ () C:\Users\Jordan\Desktop\commentary.sfk
2014-06-20 08:02 - 2014-04-08 17:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 22:00 - 2014-06-14 17:04 - 00000000 ____D () C:\Program Files (x86)\OBS

Files to move or delete:
====================
C:\Users\Jordan\GTA V.exe
C:\Users\Jordan\random.dat


Some content of TEMP:
====================
C:\Users\Jordan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 12:39

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 19 July 2014 - 01:41 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1484420633-766531857-169010213-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [7878 2014-07-19] ()
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => "C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll" File Not Found
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {D60EEAF9-C1EC-443F-BBA8-89A146D1C323} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2707060&CUI=UN31285028781133244&UM=1
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll No File
Winsock: Catalog5 07 pcapwsp.dll File Not found ()
Winsock: Catalog5-x64 07 pcapwsp.dll File Not found ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\\Program Files\\Trend Micro\\Titanium\\UIFramework\\Toolbar\\firefoxextension\\components\\npToolbarChrome.dll No File
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:CCA964A4
Task: {7FDBF234-ABD9-447A-8022-9F44A16467E3} - \BackgroundContainer Startup Task No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 Swagman2K14

Swagman2K14
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 19 July 2014 - 02:17 PM

Hello, I did the fixit and rebooted the computer, once I done this, I shut it down and put it into safe mode with networking, it seems I can no longer connect to the internet in safe mode, I'm too scared to run it normally incase there is a rat or Botnet on my PC (replied via my iPhone)

edit: it says I'm connected to the WIFI but displays a yellow triangle over it, trouble shooting doesn't seem to work (I use a USB to connect to the WIFI if that helps) it says no internet access.

2nd edit: it says I have internet connection on normal mode, however, none of the browsers work, on Chrome, it says something about DNS and/or Firewall. Meaning I cannot post the logs until this is resolved :(

Edited by Swagman2K14, 20 July 2014 - 07:05 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 20 July 2014 - 08:06 AM

Try this fix.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

#7 Swagman2K14

Swagman2K14
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 20 July 2014 - 09:14 AM

Hello, I did as you said, when I typed in ipconfig /renew it said "Windows IP Configuration" but did not let me type "Exit", so I don't know if it did what it was suppose to, I still see a "No Internet access" on Safe Mode with networking

Edit: even though I ran as admin, it was not the elevated CMD, I will run in normal mode and try it again.

2nd edit: it now says I have internet access in Safe Mode with Networking but Firefox is coming up with "server not found" when I try to get onto a website and when I tried all browsers, none of them connect to a website

Chrome leaves me with error code: DNS_PROBE_FINISHED_NXDOMAIN

Edited by Swagman2K14, 20 July 2014 - 09:44 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 20 July 2014 - 12:41 PM


Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer
Menu > Tools > Internet Options > Advanced tab
Click the reset button on the bottom of the pane.
Click the Apply button.

Close the browser.

How is it now?

#9 Swagman2K14

Swagman2K14
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 20 July 2014 - 12:56 PM

Hello, the browsers still don't work. Despite it saying Internet Access, I don't think anything actually connects to the internet, when I ran troubleshoot before, I am sure it said something about "Not a valid IP Configuration"

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 21 July 2014 - 06:31 AM

Run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/

and type the following command at the prompt.

netsh winsock reset catalog

When complete type Exit and press the Enter Key.

Then restart your computer.

How is it now?

p.s. Did you try also to power down the computer, router and Modem for one minute and then powering them back.

If that fails please check with your Internet Provider and find out if the IP setings are correct.

#11 Swagman2K14

Swagman2K14
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 21 July 2014 - 07:25 AM

Hello, sorry for being a pain, the internet works for my families PC downstairs and my parents Laptop as well, but not mine. I don't know it calling my ISP would resolve it, do you recommend I contact them or can we cross refer the settings on the laptop and PC etc to see what's different / wrong

Edit: the scan we did above removed a VPN, could this be the reason for it as it would've removed / changed network settings?

Edited by Swagman2K14, 21 July 2014 - 07:29 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 21 July 2014 - 08:01 AM

I would contact my Internet Provider.

You can check the settings of the other computer but do not change anything you are not familiar with. Wait for what they say.

#13 Swagman2K14

Swagman2K14
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 21 July 2014 - 12:25 PM

The IP says that everything looks okay on their side, it seems to have happened since we did the scans / fixes that it happened, is their something we need to do on the computer to get it to work?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 22 July 2014 - 06:34 AM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
p.s.
Can you connect directly to the Modem or router not using the USB?
Is you connection working without usb?

#15 Swagman2K14

Swagman2K14
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 22 July 2014 - 07:53 AM

Hello, without the USB, I am not able to connect to the internet. I am using a PC and the USB is what allows me to connect to the Wi-fi.

 

Luckily, I have a Laptop and so was able to download Minitoolbox and put it onto my Computer via a USB, here are the results:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Jordan (administrator) on 22-07-2014 at 13:48:39
Running from "C:\Users\Jordan\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
300Mbps Wireless USB Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Hardware not present)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : JordanPC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : 300Mbps Wireless USB Adapter
   Physical Address. . . . . . . . . : A0-F3-C1-17-3F-EA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5dcc:8f36:ff98:faca%16(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 22 July 2014 13:40:02
   Lease Expires . . . . . . . . . . : 23 July 2014 13:40:01
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 379646913
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-0B-1B-1C-A0-F3-C1-17-3F-EA
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.Home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  SkyRouter.Home
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2a00:1450:4009:801::1009
 74.125.230.102
 74.125.230.103
 74.125.230.104
 74.125.230.97
 74.125.230.105
 74.125.230.101
 74.125.230.110
 74.125.230.98
 74.125.230.100
 74.125.230.99
 74.125.230.96
 
Ping request could not find host google.com. Please check the name and try again.
Server:  SkyRouter.Home
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...a0 f3 c1 17 3f ea ......300Mbps Wireless USB Adapter
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.5     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.5    281
      192.168.0.5  255.255.255.255         On-link       192.168.0.5    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.5    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.5    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 16    281 fe80::/64                On-link
 16    281 fe80::5dcc:8f36:ff98:faca/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/22/2014 01:47:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (07/22/2014 01:47:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (07/22/2014 01:45:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xbb4
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
Error: (07/22/2014 01:40:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2014 01:40:15 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (07/22/2014 01:38:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (07/22/2014 01:38:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (07/22/2014 01:34:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xe4c
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
Error: (07/22/2014 01:29:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x1168
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
Error: (07/22/2014 01:24:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x1510
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
 
System errors:
=============
Error: (07/22/2014 01:40:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 111.30.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/22/2014 01:40:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.177.1944.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/22/2014 01:40:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.177.1944.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/22/2014 01:40:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.177.1944.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/22/2014 01:40:54 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (07/22/2014 01:40:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (07/22/2014 01:39:04 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (07/22/2014 01:29:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 111.30.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/22/2014 01:29:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.177.1944.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/22/2014 01:29:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.177.1944.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (07/22/2014 01:47:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (07/22/2014 01:47:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (07/22/2014 01:45:31 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.4.40.9453ad3eeeKERNELBASE.dll6.1.7601.1801550b83c8a0eedfade0000c41fbb401cfa5aacdec0a08C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll1029588e-119e-11e4-9ca6-97c8521253fd
 
Error: (07/22/2014 01:40:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2014 01:40:15 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000
 
Error: (07/22/2014 01:38:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (07/22/2014 01:38:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (07/22/2014 01:34:36 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.4.40.9453ad3eeeKERNELBASE.dll6.1.7601.1801550b83c8a0eedfade0000c41fe4c01cfa5a94b1b3de2C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll8a28146b-119c-11e4-89bb-ecf0508eb8ff
 
Error: (07/22/2014 01:29:38 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.4.40.9453ad3eeeKERNELBASE.dll6.1.7601.1801550b83c8a0eedfade0000c41f116801cfa5a89840b953C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dlld88ee9a0-119b-11e4-89bb-ecf0508eb8ff
 
Error: (07/22/2014 01:24:42 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.4.40.9453ad3eeeKERNELBASE.dll6.1.7601.1801550b83c8a0eedfade0000c41f151001cfa5a7e58db11aC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll27a026db-119b-11e4-89bb-ecf0508eb8ff
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-13 12:04:39.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-13 12:04:39.542
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-13 12:04:39.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-13 12:04:39.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-25 19:31:28.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.
 
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users