Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

crypt_s.hhp - also multiple instances of conhost.exe


  • This topic is locked This topic is locked
15 replies to this topic

#1 ElGuapo23

ElGuapo23

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 August 2014 - 09:58 PM

Hi and thanks for your help.  I first noticed this because Task Manager lists multiple (6+) instances of "conhost.exe" using a large amount of memory.

 

I downloaded AVG and it identified "crypt_s.hhp" trojan, but could not remove it.

 

Thanks!!!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 1.6.0_22
Run by Tyler at 19:52:30 on 2014-08-24
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.1319 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Tyler\AppData\Local\Temp\conhost.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\9656\conhost.exe
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\1848\conhost.exe
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\3723\conhost.exe
C:\windows\system32\taskeng.exe
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\9111\conhost.exe
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\9818\conhost.exe
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\4114\conhost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.msn.com
mStart Page = hxxp://lenovo.msn.com
uProxyServer = configure;foxyproxy;in;single;click;141.255.161.77:43874
BHO: b608fb61: {03735BFD-9C77-7CDD-2979-B2FFDFDB4463} -
BHO: <No Name>: {17E75063-681C-4074-AE00-0284FF5BD445} -
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [svchost86x.sys] "C:\Users\Tyler\AppData\Local\Temp\conhost.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Tyler\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0ABAC31A-FB61-41F6-A6CA-9153068AD08B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0ABAC31A-FB61-41F6-A6CA-9153068AD08B}\24622414C69637F64577F6 : DHCPNameServer = 68.105.29.16 68.105.27.16 192.168.3.1
TCP: Interfaces\{0ABAC31A-FB61-41F6-A6CA-9153068AD08B}\24622414C69637F6659656A6F6 : DHCPNameServer = 68.105.29.16 68.105.27.16 192.168.3.1
TCP: Interfaces\{0ABAC31A-FB61-41F6-A6CA-9153068AD08B}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0ABAC31A-FB61-41F6-A6CA-9153068AD08B}\4597C656272E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{0ABAC31A-FB61-41F6-A6CA-9153068AD08B}\478656332656162737 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0ABAC31A-FB61-41F6-A6CA-9153068AD08B}\6427563786742796C6C6D41696E6 : DHCPNameServer = 10.10.10.59 127.0.0.1
TCP: Interfaces\{0ABAC31A-FB61-41F6-A6CA-9153068AD08B}\84F64756C602D202D4F6E64756D6162756 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{4D5BFE70-1E91-4187-8B0E-026E19AA9572} : DHCPNameServer = 198.224.168.135 198.224.171.135
TCP: Interfaces\{8769A1A2-2556-4AFB-9CFF-D99E753569E0} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Tyler\AppData\Local\Citrix\Plugins\79\npappdetector.dll
FF - plugin: C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2010-12-8 39008]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-8 2356912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-7 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-31 366152]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-6-21 341296]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-23 46080]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-7 2320920]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-12-8 28176]
R3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-12-8 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2010-12-8 35104]
R3 dfmirage;dfmirage;C:\windows\System32\drivers\dfmirage.sys [2010-11-10 36432]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-12-8 167816]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-12-7 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-12-7 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-12-7 271872]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-10-31 25416]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-12-8 6952960]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2010-12-8 229456]
R3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2010-12-8 11280]
R3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2010-12-8 79376]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-12-1 282112]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-12-8 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-12-8 579400]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-12-8 242720]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-12-8 347680]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-2-12 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-24 21:48:00    --------    d-----w-    C:\windows\ERUNT
2014-08-24 18:55:54    --------    d-----w-    C:\Users\Tyler\AppData\Roaming\AVG2014
2014-08-24 18:55:13    --------    d-----w-    C:\Users\Tyler\AppData\Roaming\TuneUp Software
2014-08-24 18:53:43    --------    d-----w-    C:\ProgramData\AVG2014
2014-08-24 18:50:05    --------    d--h--w-    C:\ProgramData\Common Files
2014-08-24 18:50:05    --------    d-----w-    C:\Users\Tyler\AppData\Local\MFAData
2014-08-24 18:50:05    --------    d-----w-    C:\Users\Tyler\AppData\Local\Avg2014
2014-08-24 18:50:05    --------    d-----w-    C:\ProgramData\MFAData
2014-08-23 21:24:01    --------    d-----r-    C:\Users\Tyler\Google Drive
2014-08-23 21:08:08    81920    ----a-w-    C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
2014-08-23 00:23:56    11319192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C30323AF-7D26-4652-B155-BA896E49BC3E}\mpengine.dll
2014-08-11 15:40:27    --------    d-----w-    C:\Program Files\iPod
2014-08-11 15:40:26    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-11 15:40:26    --------    d-----w-    C:\Program Files\iTunes
2014-08-11 15:40:26    --------    d-----w-    C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2014-08-25 02:05:58    699568    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-25 02:05:57    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-05 16:20:00    270496    ------w-    C:\windows\System32\MpSigStub.exe
.
============= FINISH: 19:56:38.94 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 25 August 2014 - 02:42 AM

:welcome:

Hello ElGuapo23,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 ElGuapo23

ElGuapo23
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 25 August 2014 - 10:59 AM

Thanks Jo.  Results from these scans below.

 

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 22  
 Java version out of Date!
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Tyler Desktop Malware Fix SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Tyler (administrator) on TYLER-PC on 25-08-2014 08:54:03
Running from C:\Users\Tyler\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
() C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\conhost.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\4636\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\5981\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\6982\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\1767\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\955\conhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-06-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [449608 2011-08-31] (Malwarebytes Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [svchost86x.sys] => C:\Users\Tyler\AppData\Local\Temp\conhost.exe [81920 2014-08-23] (Microsoft) <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe (Microsoft)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: configure;foxyproxy;in;single;click;141.255.161.77:43874
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: b608fb61 -> {03735BFD-9C77-7CDD-2979-B2FFDFDB4463} -> C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll No File
BHO-x32: No Name -> {17E75063-681C-4074-AE00-0284FF5BD445} -> C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Tyler\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\searchplugins\googlecom-in-english.xml
FF Extension: PDF Download - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013-01-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Google Cast) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-09-21]
CHR Extension: (Google Wallet) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [637440 2014-01-02] (FileZilla Project) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-06-23] () [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2010-11-10] (DemoForge, LLC)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25416 2011-08-31] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\gotcha\catchme.sys [X]
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 08:54 - 2014-08-25 08:54 - 00023046 _____ () C:\Users\Tyler\Desktop\FRST.txt
2014-08-25 08:53 - 2014-08-25 08:54 - 00000000 ____D () C:\FRST
2014-08-25 08:52 - 2014-08-25 08:53 - 02103296 _____ (Farbar) C:\Users\Tyler\Desktop\FRST64.exe
2014-08-25 08:35 - 2014-08-25 08:40 - 00000000 ____D () C:\Users\Tyler\Desktop\Malware Fix
2014-08-24 20:27 - 2014-08-24 20:28 - 00000000 ____D () C:\Users\Tyler\Downloads\The Knick S01E03 HDTV x264-KILLERS[ettv]
2014-08-24 19:56 - 2014-08-24 19:57 - 00022430 _____ () C:\Users\Tyler\Desktop\dds.txt
2014-08-24 19:56 - 2014-08-24 19:57 - 00008296 _____ () C:\Users\Tyler\Desktop\attach.txt
2014-08-24 19:51 - 2014-08-24 19:51 - 00688992 ____R (Swearware) C:\Users\Tyler\Downloads\dds.com
2014-08-24 18:04 - 2014-08-24 19:02 - 00038133 _____ () C:\Users\Tyler\Desktop\Fantasy.xlsx
2014-08-24 15:30 - 2014-08-24 15:30 - 00003288 ____N () C:\bootsqm.dat
2014-08-24 14:48 - 2014-08-24 14:48 - 00000000 ____D () C:\windows\ERUNT
2014-08-24 14:47 - 2014-08-24 14:47 - 01016261 _____ (Thisisu) C:\Users\Tyler\Downloads\JRT.exe
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\TuneUp Software
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\AVG2014
2014-08-24 11:53 - 2014-08-24 15:30 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-24 11:50 - 2014-08-24 15:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-24 11:50 - 2014-08-24 15:13 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Avg2014
2014-08-24 11:50 - 2014-08-24 11:50 - 00000000 ____D () C:\Users\Tyler\AppData\Local\MFAData
2014-08-24 11:49 - 2014-08-24 11:49 - 04763296 _____ (AVG Technologies) C:\Users\Tyler\Downloads\avg_free_stb_all_2014_4745_cnet.exe
2014-08-23 16:37 - 2014-08-23 16:42 - 271367212 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E02.HDTV.x264-KILLERS.mp4
2014-08-23 16:33 - 2014-08-23 16:37 - 344019168 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E01.HDTV.x264-KILLERS.mp4
2014-08-23 14:24 - 2014-08-24 14:39 - 00000000 ___RD () C:\Users\Tyler\Google Drive
2014-08-23 14:23 - 2014-08-23 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-23 10:44 - 2014-08-23 10:44 - 00279256 _____ () C:\windows\Minidump\082314-23290-01.dmp
2014-08-21 20:06 - 2014-08-21 20:20 - 1515517986 _____ () C:\Users\Tyler\Downloads\Hard Knocks S09E03 Atlanta Falcons HDTV [KNIX].mp4
2014-08-17 07:57 - 2014-08-17 08:09 - 00000000 ____D () C:\Users\Tyler\Downloads\Chef.2014.HDRip.XViD.AC3-juggs[ETRG]
2014-08-17 07:45 - 2014-08-17 07:46 - 00000000 ____D () C:\Users\Tyler\Downloads\Neighbors.2014.HDRip.XviD-SaM[ETRG]
2014-08-16 09:47 - 2014-08-16 09:49 - 00000000 ____D () C:\Users\Tyler\Downloads\The Foundation
2014-08-16 08:18 - 2014-08-16 08:21 - 373908569 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part5.HDTV.x264-YesTV.mp4
2014-08-16 08:15 - 2014-08-16 08:18 - 323015282 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part4.HDTV.x264-YesTV.mp4
2014-08-16 08:12 - 2014-08-16 08:14 - 332864520 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part3.HDTV.x264-YesTV.mp4
2014-08-16 08:10 - 2014-08-16 08:12 - 201582804 _____ () C:\Users\Tyler\Downloads\Last.Week.Tonight.With.John.Oliver.2014.08.10.HDTV.x264-BAJSKORV.mp4
2014-08-16 08:09 - 2014-08-16 08:24 - 342640263 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part6.HDTV.x264-YesTV.mp4
2014-08-11 08:41 - 2014-08-11 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-11 08:40 - 2014-08-11 08:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-11 08:40 - 2014-08-11 08:41 - 00000000 ____D () C:\Program Files\iTunes
2014-08-11 08:40 - 2014-08-11 08:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-11 08:40 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files\iPod
2014-08-11 08:16 - 2014-08-11 08:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-11 07:29 - 2014-08-23 14:21 - 00000000 ____D () C:\Users\Tyler\Desktop\Michiana 2014
2014-08-10 12:15 - 2014-08-10 12:18 - 00000000 ____D () C:\Users\Tyler\Desktop\iPhone Pics 8-10-14
2014-08-10 11:58 - 2014-08-10 12:01 - 00000000 ____D () C:\Users\Tyler\Desktop\Uncle Mike
2014-08-08 18:13 - 2014-08-08 18:39 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.For.You.S02E04.480p.HDTV.x264-mSD
2014-08-08 18:12 - 2014-08-08 18:19 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E02.HDTV.x264-KILLERS
2014-08-08 18:12 - 2014-08-08 18:16 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E03.HDTV.XviD-AFG
2014-08-08 18:12 - 2014-08-08 18:14 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.for.You.S02E07.Taxi.Service.-.Hot.Dog.Stand.WEBRip.x264.AAC
2014-08-08 18:12 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E01.HDTV.x264-KILLERS
2014-08-08 17:57 - 2014-08-08 17:57 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan For You - Season 1
2014-08-07 20:13 - 2014-08-07 20:18 - 190979930 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E02.HDTV.x264-KILLERS.mp4
2014-08-07 20:13 - 2014-08-07 20:17 - 276322646 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E03.HDTV.x264-KILLERS.mp4
2014-08-07 20:10 - 2014-08-07 20:12 - 210576084 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.S01E01.HDTV.x264-ASAP.mp4
2014-08-06 18:49 - 2014-08-06 18:53 - 314331633 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part2.HDTV.x264-YesTV.mp4
2014-08-01 17:52 - 2014-08-01 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 08:54 - 2014-08-25 08:54 - 00023046 _____ () C:\Users\Tyler\Desktop\FRST.txt
2014-08-25 08:54 - 2014-08-25 08:53 - 00000000 ____D () C:\FRST
2014-08-25 08:53 - 2014-08-25 08:52 - 02103296 _____ (Farbar) C:\Users\Tyler\Desktop\FRST64.exe
2014-08-25 08:43 - 2011-02-11 22:41 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\uTorrent
2014-08-25 08:40 - 2014-08-25 08:35 - 00000000 ____D () C:\Users\Tyler\Desktop\Malware Fix
2014-08-25 08:39 - 2012-06-23 13:38 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-25 08:32 - 2011-12-07 10:50 - 00000000 ____D () C:\Users\Tyler\Desktop\TD
2014-08-25 08:24 - 2012-07-02 20:52 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 08:03 - 2010-12-07 23:45 - 01111124 _____ () C:\windows\WindowsUpdate.log
2014-08-25 08:00 - 2013-12-01 17:47 - 00007891 _____ () C:\windows\BRRBCOM.INI
2014-08-24 20:28 - 2014-08-24 20:27 - 00000000 ____D () C:\Users\Tyler\Downloads\The Knick S01E03 HDTV x264-KILLERS[ettv]
2014-08-24 20:24 - 2012-07-02 20:52 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 19:57 - 2014-08-24 19:56 - 00022430 _____ () C:\Users\Tyler\Desktop\dds.txt
2014-08-24 19:57 - 2014-08-24 19:56 - 00008296 _____ () C:\Users\Tyler\Desktop\attach.txt
2014-08-24 19:51 - 2014-08-24 19:51 - 00688992 ____R (Swearware) C:\Users\Tyler\Downloads\dds.com
2014-08-24 19:28 - 2009-07-13 21:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 19:28 - 2009-07-13 21:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 19:21 - 2012-11-14 16:07 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Dropbox
2014-08-24 19:19 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-24 19:19 - 2009-07-13 21:51 - 00065896 _____ () C:\windows\setupact.log
2014-08-24 19:06 - 2012-06-23 13:38 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-24 19:05 - 2012-06-23 13:38 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-24 19:05 - 2011-06-02 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-24 19:02 - 2014-08-24 18:04 - 00038133 _____ () C:\Users\Tyler\Desktop\Fantasy.xlsx
2014-08-24 17:28 - 2011-02-12 13:03 - 00002046 _____ () C:\Users\Tyler\Documents\Default.rdp
2014-08-24 15:30 - 2014-08-24 15:30 - 00003288 ____N () C:\bootsqm.dat
2014-08-24 15:30 - 2014-08-24 11:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-24 15:30 - 2014-08-24 11:50 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-24 15:30 - 2011-02-12 17:58 - 00122634 _____ () C:\windows\PFRO.log
2014-08-24 15:13 - 2014-08-24 11:50 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Avg2014
2014-08-24 14:48 - 2014-08-24 14:48 - 00000000 ____D () C:\windows\ERUNT
2014-08-24 14:47 - 2014-08-24 14:47 - 01016261 _____ (Thisisu) C:\Users\Tyler\Downloads\JRT.exe
2014-08-24 14:39 - 2014-08-23 14:24 - 00000000 ___RD () C:\Users\Tyler\Google Drive
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\TuneUp Software
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\AVG2014
2014-08-24 11:50 - 2014-08-24 11:50 - 00000000 ____D () C:\Users\Tyler\AppData\Local\MFAData
2014-08-24 11:49 - 2014-08-24 11:49 - 04763296 _____ (AVG Technologies) C:\Users\Tyler\Downloads\avg_free_stb_all_2014_4745_cnet.exe
2014-08-23 17:12 - 2009-07-13 22:13 - 00727182 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-23 16:42 - 2014-08-23 16:37 - 271367212 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E02.HDTV.x264-KILLERS.mp4
2014-08-23 16:37 - 2014-08-23 16:33 - 344019168 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E01.HDTV.x264-KILLERS.mp4
2014-08-23 14:24 - 2011-02-11 22:10 - 00000000 ____D () C:\Users\Tyler
2014-08-23 14:23 - 2014-08-23 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-23 14:23 - 2012-07-02 20:52 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Google
2014-08-23 14:23 - 2012-01-02 12:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-23 14:21 - 2014-08-11 07:29 - 00000000 ____D () C:\Users\Tyler\Desktop\Michiana 2014
2014-08-23 10:44 - 2014-08-23 10:44 - 00279256 _____ () C:\windows\Minidump\082314-23290-01.dmp
2014-08-23 10:44 - 2011-08-03 22:24 - 00000000 ____D () C:\windows\Minidump
2014-08-23 10:44 - 2011-08-03 22:23 - 566832573 _____ () C:\windows\MEMORY.DMP
2014-08-21 21:56 - 2013-05-26 21:36 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\vlc
2014-08-21 20:20 - 2014-08-21 20:06 - 1515517986 _____ () C:\Users\Tyler\Downloads\Hard Knocks S09E03 Atlanta Falcons HDTV [KNIX].mp4
2014-08-20 03:04 - 2014-03-30 09:57 - 00000000 ____D () C:\windows\system32\MRT
2014-08-20 03:01 - 2011-04-03 09:43 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-17 08:09 - 2014-08-17 07:57 - 00000000 ____D () C:\Users\Tyler\Downloads\Chef.2014.HDRip.XViD.AC3-juggs[ETRG]
2014-08-17 07:46 - 2014-08-17 07:45 - 00000000 ____D () C:\Users\Tyler\Downloads\Neighbors.2014.HDRip.XviD-SaM[ETRG]
2014-08-16 09:49 - 2014-08-16 09:47 - 00000000 ____D () C:\Users\Tyler\Downloads\The Foundation
2014-08-16 08:43 - 2012-11-14 16:09 - 00001017 _____ () C:\Users\Tyler\Desktop\Dropbox.lnk
2014-08-16 08:43 - 2012-11-14 16:08 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-16 08:24 - 2014-08-16 08:09 - 342640263 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part6.HDTV.x264-YesTV.mp4
2014-08-16 08:21 - 2014-08-16 08:18 - 373908569 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part5.HDTV.x264-YesTV.mp4
2014-08-16 08:18 - 2014-08-16 08:15 - 323015282 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part4.HDTV.x264-YesTV.mp4
2014-08-16 08:14 - 2014-08-16 08:12 - 332864520 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part3.HDTV.x264-YesTV.mp4
2014-08-16 08:12 - 2014-08-16 08:10 - 201582804 _____ () C:\Users\Tyler\Downloads\Last.Week.Tonight.With.John.Oliver.2014.08.10.HDTV.x264-BAJSKORV.mp4
2014-08-11 08:41 - 2014-08-11 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-11 08:41 - 2014-08-11 08:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-11 08:41 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files\iTunes
2014-08-11 08:41 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-11 08:40 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files\iPod
2014-08-11 08:17 - 2014-08-11 08:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-11 08:16 - 2010-12-08 00:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-11 08:16 - 2010-12-08 00:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-11 08:14 - 2012-03-17 23:27 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-08-10 12:18 - 2014-08-10 12:15 - 00000000 ____D () C:\Users\Tyler\Desktop\iPhone Pics 8-10-14
2014-08-10 12:01 - 2014-08-10 11:58 - 00000000 ____D () C:\Users\Tyler\Desktop\Uncle Mike
2014-08-08 18:39 - 2014-08-08 18:13 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.For.You.S02E04.480p.HDTV.x264-mSD
2014-08-08 18:19 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E02.HDTV.x264-KILLERS
2014-08-08 18:16 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E03.HDTV.XviD-AFG
2014-08-08 18:14 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.for.You.S02E07.Taxi.Service.-.Hot.Dog.Stand.WEBRip.x264.AAC
2014-08-08 18:12 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E01.HDTV.x264-KILLERS
2014-08-08 17:57 - 2014-08-08 17:57 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan For You - Season 1
2014-08-08 17:49 - 2013-03-17 10:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-08 17:49 - 2013-03-17 10:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-08 17:49 - 2012-05-08 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-07 20:18 - 2014-08-07 20:13 - 190979930 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E02.HDTV.x264-KILLERS.mp4
2014-08-07 20:17 - 2014-08-07 20:13 - 276322646 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E03.HDTV.x264-KILLERS.mp4
2014-08-07 20:12 - 2014-08-07 20:10 - 210576084 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.S01E01.HDTV.x264-ASAP.mp4
2014-08-06 18:53 - 2014-08-06 18:49 - 314331633 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part2.HDTV.x264-YesTV.mp4
2014-08-05 09:20 - 2011-04-05 21:08 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-01 17:52 - 2014-08-01 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-01 15:52 - 2014-04-08 20:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-31 18:27 - 2013-03-17 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Files to move or delete:
====================
C:\Users\Tyler\AppData\Local\Temp\conhost.exe


Some content of TEMP:
====================
C:\Users\Tyler\AppData\Local\Temp\conhost.exe
C:\Users\Tyler\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd5dtvd.dll
C:\Users\Tyler\AppData\Local\Temp\e.dll
C:\Users\Tyler\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Tyler\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Tyler\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Tyler\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Tyler\AppData\Local\Temp\nitro_pdf_reader_64.exe
C:\Users\Tyler\AppData\Local\Temp\utt748E.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttA063.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttE083.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttE358.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttFCBB.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-20 04:04

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by Tyler at 2014-08-25 08:55:13
Running from C:\Users\Tyler\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Leawo MP4 Converter version  3.1.0.0 (HKLM-x32\...\{14021E77-2FC1-4972-8C51-08808CD62838}_is1) (Version:  - )
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Cisco AnyConnect VPN Client (HKLM-x32\...\{92083A9A-549D-4057-88E8-223EA08563FA}) (Version: 2.4.1012 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x64 7.0.4.18_WHQL (HKLM\...\Elantech) (Version: 7.0.4.18 - ELAN Microelectronics Corp.)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.43 - FileZilla Project)
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.3.WIN.FullTilt.COM - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.11.1.256 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.5.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.5.0 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.2018.21 - Lenovo EasyCamera)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 0.38.389.2 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Malwarebytes' Anti-Malware version 1.51.2.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.51.2.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4631.1004 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nitro PDF Reader 2 (HKLM\...\{536CE037-9381-4A3F-9B70-4E0523730123}) (Version: 2.0.0.29 - Nitro PDF Software)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.9347 - Barnesandnoble.com)
Oasis2Service 1.0 (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.0 - DDNi)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.8 - Lenovo)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Opera 12.02 (HKLM-x32\...\Opera 12.02.1578) (Version: 12.02.1578 - Opera Software ASA)
Parrot Software Update Tool (HKLM-x32\...\Parrot Flash Update Wizard) (Version:  - )
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.6.2 - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Vimeo Uploader (HKLM-x32\...\vimeo.Duplo.3E2F2984357E7A95AE95C69EF2C5C14640284048.1) (Version: 0.9.5.4 - UNKNOWN)
Vimeo Uploader (x32 Version: 0.9.5 - UNKNOWN) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version:  - )
Web Conference Projector (HKLM-x32\...\Web Conference Projector) (Version: 4 - omNovia Technologies)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
YNAB 4 version 4.3.543 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.543 - YouNeedABudget.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-76126588-1136018720-565919304-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-76126588-1136018720-565919304-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-76126588-1136018720-565919304-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-76126588-1136018720-565919304-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-76126588-1136018720-565919304-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-76126588-1136018720-565919304-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-76126588-1136018720-565919304-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-76126588-1136018720-565919304-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-76126588-1136018720-565919304-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-76126588-1136018720-565919304-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-08-2014 17:28:48 Windows Update
20-08-2014 02:19:32 Windows Update
20-08-2014 10:00:10 Windows Update
24-08-2014 18:52:07 Installed AVG 2014
24-08-2014 18:53:01 Installed AVG 2014
24-08-2014 22:10:00 Removed AVG 2014
24-08-2014 22:13:06 Removed AVG 2014

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2011-06-28 22:25 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EAAC6E9-5F0B-40D2-8BAA-DBC19A8CE562} - \3813001408 No Task File <==== ATTENTION
Task: {18ADA142-A516-4E5F-B9F5-AB24C321C354} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02] (Google Inc.)
Task: {1C9782D4-4254-4FEE-82D3-2A2D8619E629} - \1482442688 No Task File <==== ATTENTION
Task: {4124F602-01BB-4468-A758-27B926209D31} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {43D0B850-73E8-403C-A234-684E8244AD29} - \155661840 No Task File <==== ATTENTION
Task: {56098411-9AE8-4D74-A9D2-0B393AD6C72A} - \3785330144 No Task File <==== ATTENTION
Task: {57198D6B-5984-48B0-B031-F687A54617D9} - \2747878040 No Task File <==== ATTENTION
Task: {593FE65B-2E6C-427F-9C94-CFDF7704676B} - System32\Tasks\winupd => C:\Users\Tyler\AppData\Local\Temp\winupd.exe <==== ATTENTION
Task: {6B941539-1BEF-4309-86A2-0D536777D753} - \1581944864 No Task File <==== ATTENTION
Task: {6C8A55C1-F5EE-4A95-9287-EAD84BCB7F16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {7812EB60-8BD2-4279-ACD1-9F86EFE09EF8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-24] (Adobe Systems Incorporated)
Task: {974F1D1A-46AE-4EDF-A8F3-1F357E361164} - \200976960 No Task File <==== ATTENTION
Task: {AE88AAEB-1411-4A0B-87E2-3BBA33F1C36C} - \253775656 No Task File <==== ATTENTION
Task: {B43E7545-138A-43A1-B21A-38152DA061F7} - \4265050768 No Task File <==== ATTENTION
Task: {E165659B-EA05-4814-96FB-0D12CC2DC38C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02] (Google Inc.)
Task: {EDC2195C-69C7-4126-B4C6-974B1CE7262B} - \2013174096 No Task File <==== ATTENTION
Task: {EE479711-A658-4F23-A09D-7B6022970805} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {FB3F0039-418F-4FA1-8332-4FC1AAE3EE19} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-02-18 20:58 - 2009-12-20 18:42 - 00090624 _____ () C:\windows\System32\Primomonnt.dll
2014-04-08 20:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-05-06 13:07 - 2011-05-06 13:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2010-12-08 00:32 - 2009-12-18 19:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-12-08 00:32 - 2009-12-18 19:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2014-07-09 13:10 - 2014-05-20 09:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-08-11 09:59 - 2009-08-11 09:59 - 00173344 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2011-02-18 23:25 - 2010-03-15 12:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2011-05-06 12:58 - 2011-05-06 12:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
2010-06-23 06:39 - 2010-06-23 06:39 - 00046080 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
2010-12-08 00:44 - 2009-07-15 08:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-12-08 00:44 - 2009-07-15 08:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2010-12-08 00:32 - 2009-12-18 19:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2013-12-01 17:46 - 2005-04-21 21:36 - 00143360 _____ () C:\windows\system32\BrSNMP64.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2011-05-06 13:07 - 2011-05-06 13:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2011-05-06 13:02 - 2011-05-06 13:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
2010-06-23 06:39 - 2010-06-23 06:39 - 00049152 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\DdniCore.dll
2010-06-23 06:39 - 2010-06-23 06:39 - 00033280 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\AspUpdate.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2010-12-08 00:32 - 2009-12-18 19:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-12-08 00:32 - 2009-12-18 19:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2013-01-12 19:14 - 2013-01-12 19:14 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-12-07 23:54 - 2010-03-03 13:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-01 17:52 - 2014-08-01 17:52 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 13:10 - 2014-05-20 03:11 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2014 03:41:18 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (08/24/2014 03:13:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (08/24/2014 03:13:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2279972f-6ef8-4689-9b01-865f90b819cf}

Error: (08/24/2014 03:10:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2279972f-6ef8-4689-9b01-865f90b819cf}


System errors:
=============
Error: (08/25/2014 08:42:55 AM) (Source: DCOM) (EventID: 10016) (User: Tyler-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tyler-PCTylerS-1-5-21-76126588-1136018720-565919304-1001LocalHost (Using LRPC)

Error: (08/25/2014 08:42:55 AM) (Source: DCOM) (EventID: 10016) (User: Tyler-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tyler-PCTylerS-1-5-21-76126588-1136018720-565919304-1001LocalHost (Using LRPC)

Error: (08/25/2014 08:42:55 AM) (Source: DCOM) (EventID: 10016) (User: Tyler-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tyler-PCTylerS-1-5-21-76126588-1136018720-565919304-1001LocalHost (Using LRPC)

Error: (08/25/2014 08:42:55 AM) (Source: DCOM) (EventID: 10016) (User: Tyler-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tyler-PCTylerS-1-5-21-76126588-1136018720-565919304-1001LocalHost (Using LRPC)

Error: (08/25/2014 08:42:55 AM) (Source: DCOM) (EventID: 10016) (User: Tyler-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tyler-PCTylerS-1-5-21-76126588-1136018720-565919304-1001LocalHost (Using LRPC)

Error: (08/25/2014 08:42:55 AM) (Source: DCOM) (EventID: 10016) (User: Tyler-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tyler-PCTylerS-1-5-21-76126588-1136018720-565919304-1001LocalHost (Using LRPC)

Error: (08/25/2014 08:42:55 AM) (Source: DCOM) (EventID: 10016) (User: Tyler-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tyler-PCTylerS-1-5-21-76126588-1136018720-565919304-1001LocalHost (Using LRPC)

Error: (08/25/2014 08:42:55 AM) (Source: DCOM) (EventID: 10016) (User: Tyler-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tyler-PCTylerS-1-5-21-76126588-1136018720-565919304-1001LocalHost (Using LRPC)

Error: (08/25/2014 08:42:55 AM) (Source: DCOM) (EventID: 10016) (User: Tyler-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tyler-PCTylerS-1-5-21-76126588-1136018720-565919304-1001LocalHost (Using LRPC)

Error: (08/25/2014 08:22:26 AM) (Source: DCOM) (EventID: 10016) (User: Tyler-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tyler-PCTylerS-1-5-21-76126588-1136018720-565919304-1001LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (08/24/2014 03:41:18 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (08/24/2014 03:13:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.

Error: (08/24/2014 03:13:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2279972f-6ef8-4689-9b01-865f90b819cf}

Error: (08/24/2014 03:10:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2279972f-6ef8-4689-9b01-865f90b819cf}


CodeIntegrity Errors:
===================================
  Date: 2013-03-10 18:22:51.938
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-10 18:22:51.863
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-28 22:23:06.840
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-28 22:23:06.824
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 51%
Total physical RAM: 3894.85 MB
Available physical RAM: 1895.68 MB
Total Pagefile: 7787.84 MB
Available Pagefile: 5289.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:173.35 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F97CAD14)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================



#4 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 25 August 2014 - 11:46 AM

Hello ElGuapo23,

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\4636\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\5981\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\6982\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\1767\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\955\conhost.exe
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [svchost86x.sys] => C:\Users\Tyler\AppData\Local\Temp\conhost.exe [81920 2014-08-23] (Microsoft) <===== ATTENTION
BHO-x32: b608fb61 -> {03735BFD-9C77-7CDD-2979-B2FFDFDB4463} -> C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll No File
BHO-x32: No Name -> {17E75063-681C-4074-AE00-0284FF5BD445} -> C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll No File
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k
C:\Users\Tyler\AppData\Local\Temp\conhost.exe
Task: {0EAAC6E9-5F0B-40D2-8BAA-DBC19A8CE562} - \3813001408 No Task File <==== ATTENTION
Task: {1C9782D4-4254-4FEE-82D3-2A2D8619E629} - \1482442688 No Task File <==== ATTENTION
Task: {43D0B850-73E8-403C-A234-684E8244AD29} - \155661840 No Task File <==== ATTENTION
Task: {56098411-9AE8-4D74-A9D2-0B393AD6C72A} - \3785330144 No Task File <==== ATTENTION
Task: {57198D6B-5984-48B0-B031-F687A54617D9} - \2747878040 No Task File <==== ATTENTION
Task: {593FE65B-2E6C-427F-9C94-CFDF7704676B} - System32\Tasks\winupd => C:\Users\Tyler\AppData\Local\Temp\winupd.exe <==== ATTENTION
Task: {6B941539-1BEF-4309-86A2-0D536777D753} - \1581944864 No Task File <==== ATTENTION
Task: {974F1D1A-46AE-4EDF-A8F3-1F357E361164} - \200976960 No Task File <==== ATTENTION
Task: {AE88AAEB-1411-4A0B-87E2-3BBA33F1C36C} - \253775656 No Task File <==== ATTENTION
Task: {B43E7545-138A-43A1-B21A-38152DA061F7} - \4265050768 No Task File <==== ATTENTION
Task: {EDC2195C-69C7-4126-B4C6-974B1CE7262B} - \2013174096 No Task File <==== ATTENTION
C:\Users\Tyler\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd5dtvd.dll
C:\Users\Tyler\AppData\Local\Temp\e.dll
C:\Users\Tyler\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Tyler\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Tyler\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Tyler\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Tyler\AppData\Local\Temp\nitro_pdf_reader_64.exe
C:\Users\Tyler\AppData\Local\Temp\utt748E.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttA063.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttE083.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttE358.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttFCBB.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.1.3-win32.exe
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 ElGuapo23

ElGuapo23
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 26 August 2014 - 12:14 AM

Thanks Jo.  I ran FRST64 with the Fix command, then again with the Scan command - logs below.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
Ran by Tyler at 2014-08-25 22:10:47 Run:1
Running from C:\Users\Tyler\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\4636\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\5981\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\6982\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\1767\conhost.exe
(Microsoft) C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\955\conhost.exe
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [svchost86x.sys] => C:\Users\Tyler\AppData\Local\Temp\conhost.exe [81920 2014-08-23] (Microsoft) <===== ATTENTION
BHO-x32: b608fb61 -> {03735BFD-9C77-7CDD-2979-B2FFDFDB4463} -> C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll No File
BHO-x32: No Name -> {17E75063-681C-4074-AE00-0284FF5BD445} -> C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-032.dll No File
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k
C:\Users\Tyler\AppData\Local\Temp\conhost.exe
Task: {0EAAC6E9-5F0B-40D2-8BAA-DBC19A8CE562} - \3813001408 No Task File <==== ATTENTION
Task: {1C9782D4-4254-4FEE-82D3-2A2D8619E629} - \1482442688 No Task File <==== ATTENTION
Task: {43D0B850-73E8-403C-A234-684E8244AD29} - \155661840 No Task File <==== ATTENTION
Task: {56098411-9AE8-4D74-A9D2-0B393AD6C72A} - \3785330144 No Task File <==== ATTENTION
Task: {57198D6B-5984-48B0-B031-F687A54617D9} - \2747878040 No Task File <==== ATTENTION
Task: {593FE65B-2E6C-427F-9C94-CFDF7704676B} - System32\Tasks\winupd => C:\Users\Tyler\AppData\Local\Temp\winupd.exe <==== ATTENTION
Task: {6B941539-1BEF-4309-86A2-0D536777D753} - \1581944864 No Task File <==== ATTENTION
Task: {974F1D1A-46AE-4EDF-A8F3-1F357E361164} - \200976960 No Task File <==== ATTENTION
Task: {AE88AAEB-1411-4A0B-87E2-3BBA33F1C36C} - \253775656 No Task File <==== ATTENTION
Task: {B43E7545-138A-43A1-B21A-38152DA061F7} - \4265050768 No Task File <==== ATTENTION
Task: {EDC2195C-69C7-4126-B4C6-974B1CE7262B} - \2013174096 No Task File <==== ATTENTION
C:\Users\Tyler\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd5dtvd.dll
C:\Users\Tyler\AppData\Local\Temp\e.dll
C:\Users\Tyler\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Tyler\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Tyler\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Tyler\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Tyler\AppData\Local\Temp\nitro_pdf_reader_64.exe
C:\Users\Tyler\AppData\Local\Temp\utt748E.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttA063.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttE083.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttE358.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\uttFCBB.tmp.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Tyler\AppData\Local\Temp\vlc-2.1.3-win32.exe
end
*****************

[2476] C:\Users\Tyler\AppData\Local\Temp\conhost.exe => Process closed successfully.
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\4636\conhost.exe => No running process found
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\5981\conhost.exe => No running process found
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\6982\conhost.exe => No running process found
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\1767\conhost.exe => No running process found
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\955\conhost.exe => No running process found
HKU\S-1-5-21-76126588-1136018720-565919304-1001\Software\Microsoft\Windows\CurrentVersion\Run\\svchost86x.sys => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03735BFD-9C77-7CDD-2979-B2FFDFDB4463}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{03735BFD-9C77-7CDD-2979-B2FFDFDB4463}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E75063-681C-4074-AE00-0284FF5BD445}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{17E75063-681C-4074-AE00-0284FF5BD445}" => Key deleted successfully.
C:\Users\Tyler\AppData\Local\Temp\SessionWin32k => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\conhost.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EAAC6E9-5F0B-40D2-8BAA-DBC19A8CE562}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EAAC6E9-5F0B-40D2-8BAA-DBC19A8CE562}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3813001408" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C9782D4-4254-4FEE-82D3-2A2D8619E629}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C9782D4-4254-4FEE-82D3-2A2D8619E629}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1482442688" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43D0B850-73E8-403C-A234-684E8244AD29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43D0B850-73E8-403C-A234-684E8244AD29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\155661840" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56098411-9AE8-4D74-A9D2-0B393AD6C72A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56098411-9AE8-4D74-A9D2-0B393AD6C72A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3785330144" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57198D6B-5984-48B0-B031-F687A54617D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57198D6B-5984-48B0-B031-F687A54617D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2747878040" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{593FE65B-2E6C-427F-9C94-CFDF7704676B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{593FE65B-2E6C-427F-9C94-CFDF7704676B}" => Key deleted successfully.
C:\Windows\System32\Tasks\winupd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\winupd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B941539-1BEF-4309-86A2-0D536777D753}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B941539-1BEF-4309-86A2-0D536777D753}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1581944864" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{974F1D1A-46AE-4EDF-A8F3-1F357E361164}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{974F1D1A-46AE-4EDF-A8F3-1F357E361164}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\200976960" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE88AAEB-1411-4A0B-87E2-3BBA33F1C36C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE88AAEB-1411-4A0B-87E2-3BBA33F1C36C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\253775656" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B43E7545-138A-43A1-B21A-38152DA061F7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B43E7545-138A-43A1-B21A-38152DA061F7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4265050768" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDC2195C-69C7-4126-B4C6-974B1CE7262B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDC2195C-69C7-4126-B4C6-974B1CE7262B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2013174096" => Key deleted successfully.
C:\Users\Tyler\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd5dtvd.dll => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\e.dll => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\G2MInstallerExtractor.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\handbrake-setup.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\nitro_pdf_reader_64.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\utt748E.tmp.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\uttA063.tmp.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\uttE083.tmp.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\uttE358.tmp.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\uttFCBB.tmp.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.4-win32.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\vlc-2.0.7-win32.exe => Moved successfully.
C:\Users\Tyler\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully.

==== End of Fixlog ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Tyler (administrator) on TYLER-PC on 25-08-2014 22:12:38
Running from C:\Users\Tyler\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
() C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\7478\conhost.exe
() C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\8301\conhost.exe
() C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\7722\conhost.exe
() C:\Users\Tyler\AppData\Local\Temp\SessionWin32k\2556\conhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-06-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [449608 2011-08-31] (Malwarebytes Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe (Microsoft)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: configure;foxyproxy;in;single;click;141.255.161.77:43874
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Tyler\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\searchplugins\googlecom-in-english.xml
FF Extension: PDF Download - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013-01-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Google Cast) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-09-21]
CHR Extension: (Hangouts) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-08-25]
CHR Extension: (Google Wallet) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [637440 2014-01-02] (FileZilla Project) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-06-23] () [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2010-11-10] (DemoForge, LLC)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25416 2011-08-31] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\gotcha\catchme.sys [X]
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 08:55 - 2014-08-25 08:56 - 00038278 _____ () C:\Users\Tyler\Desktop\Addition.txt
2014-08-25 08:54 - 2014-08-25 22:12 - 00022528 _____ () C:\Users\Tyler\Desktop\FRST.txt
2014-08-25 08:53 - 2014-08-25 22:12 - 00000000 ____D () C:\FRST
2014-08-25 08:52 - 2014-08-25 08:53 - 02103296 _____ (Farbar) C:\Users\Tyler\Desktop\FRST64.exe
2014-08-25 08:35 - 2014-08-25 08:40 - 00000000 ____D () C:\Users\Tyler\Desktop\Malware Fix
2014-08-24 20:27 - 2014-08-24 20:28 - 00000000 ____D () C:\Users\Tyler\Downloads\The Knick S01E03 HDTV x264-KILLERS[ettv]
2014-08-24 19:56 - 2014-08-24 19:57 - 00022430 _____ () C:\Users\Tyler\Desktop\dds.txt
2014-08-24 19:56 - 2014-08-24 19:57 - 00008296 _____ () C:\Users\Tyler\Desktop\attach.txt
2014-08-24 19:51 - 2014-08-24 19:51 - 00688992 ____R (Swearware) C:\Users\Tyler\Downloads\dds.com
2014-08-24 18:04 - 2014-08-25 21:40 - 00038826 _____ () C:\Users\Tyler\Desktop\Fantasy.xlsx
2014-08-24 15:30 - 2014-08-24 15:30 - 00003288 ____N () C:\bootsqm.dat
2014-08-24 14:48 - 2014-08-24 14:48 - 00000000 ____D () C:\windows\ERUNT
2014-08-24 14:47 - 2014-08-24 14:47 - 01016261 _____ (Thisisu) C:\Users\Tyler\Downloads\JRT.exe
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\TuneUp Software
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\AVG2014
2014-08-24 11:53 - 2014-08-24 15:30 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-24 11:50 - 2014-08-24 15:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-24 11:50 - 2014-08-24 15:13 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Avg2014
2014-08-24 11:50 - 2014-08-24 11:50 - 00000000 ____D () C:\Users\Tyler\AppData\Local\MFAData
2014-08-24 11:49 - 2014-08-24 11:49 - 04763296 _____ (AVG Technologies) C:\Users\Tyler\Downloads\avg_free_stb_all_2014_4745_cnet.exe
2014-08-23 16:37 - 2014-08-23 16:42 - 271367212 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E02.HDTV.x264-KILLERS.mp4
2014-08-23 16:33 - 2014-08-23 16:37 - 344019168 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E01.HDTV.x264-KILLERS.mp4
2014-08-23 14:24 - 2014-08-24 14:39 - 00000000 ___RD () C:\Users\Tyler\Google Drive
2014-08-23 14:23 - 2014-08-23 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-23 10:44 - 2014-08-23 10:44 - 00279256 _____ () C:\windows\Minidump\082314-23290-01.dmp
2014-08-21 20:06 - 2014-08-21 20:20 - 1515517986 _____ () C:\Users\Tyler\Downloads\Hard Knocks S09E03 Atlanta Falcons HDTV [KNIX].mp4
2014-08-17 07:57 - 2014-08-17 08:09 - 00000000 ____D () C:\Users\Tyler\Downloads\Chef.2014.HDRip.XViD.AC3-juggs[ETRG]
2014-08-17 07:45 - 2014-08-17 07:46 - 00000000 ____D () C:\Users\Tyler\Downloads\Neighbors.2014.HDRip.XviD-SaM[ETRG]
2014-08-16 09:47 - 2014-08-16 09:49 - 00000000 ____D () C:\Users\Tyler\Downloads\The Foundation
2014-08-16 08:18 - 2014-08-16 08:21 - 373908569 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part5.HDTV.x264-YesTV.mp4
2014-08-16 08:15 - 2014-08-16 08:18 - 323015282 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part4.HDTV.x264-YesTV.mp4
2014-08-16 08:12 - 2014-08-16 08:14 - 332864520 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part3.HDTV.x264-YesTV.mp4
2014-08-16 08:10 - 2014-08-16 08:12 - 201582804 _____ () C:\Users\Tyler\Downloads\Last.Week.Tonight.With.John.Oliver.2014.08.10.HDTV.x264-BAJSKORV.mp4
2014-08-16 08:09 - 2014-08-16 08:24 - 342640263 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part6.HDTV.x264-YesTV.mp4
2014-08-11 08:41 - 2014-08-11 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-11 08:40 - 2014-08-11 08:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-11 08:40 - 2014-08-11 08:41 - 00000000 ____D () C:\Program Files\iTunes
2014-08-11 08:40 - 2014-08-11 08:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-11 08:40 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files\iPod
2014-08-11 08:16 - 2014-08-11 08:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-11 07:29 - 2014-08-23 14:21 - 00000000 ____D () C:\Users\Tyler\Desktop\Michiana 2014
2014-08-10 12:15 - 2014-08-10 12:18 - 00000000 ____D () C:\Users\Tyler\Desktop\iPhone Pics 8-10-14
2014-08-10 11:58 - 2014-08-10 12:01 - 00000000 ____D () C:\Users\Tyler\Desktop\Uncle Mike
2014-08-08 18:13 - 2014-08-08 18:39 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.For.You.S02E04.480p.HDTV.x264-mSD
2014-08-08 18:12 - 2014-08-08 18:19 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E02.HDTV.x264-KILLERS
2014-08-08 18:12 - 2014-08-08 18:16 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E03.HDTV.XviD-AFG
2014-08-08 18:12 - 2014-08-08 18:14 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.for.You.S02E07.Taxi.Service.-.Hot.Dog.Stand.WEBRip.x264.AAC
2014-08-08 18:12 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E01.HDTV.x264-KILLERS
2014-08-08 17:57 - 2014-08-08 17:57 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan For You - Season 1
2014-08-07 20:13 - 2014-08-07 20:18 - 190979930 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E02.HDTV.x264-KILLERS.mp4
2014-08-07 20:13 - 2014-08-07 20:17 - 276322646 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E03.HDTV.x264-KILLERS.mp4
2014-08-07 20:10 - 2014-08-07 20:12 - 210576084 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.S01E01.HDTV.x264-ASAP.mp4
2014-08-06 18:49 - 2014-08-06 18:53 - 314331633 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part2.HDTV.x264-YesTV.mp4
2014-08-01 17:52 - 2014-08-01 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 22:13 - 2014-08-25 08:54 - 00022528 _____ () C:\Users\Tyler\Desktop\FRST.txt
2014-08-25 22:12 - 2014-08-25 08:53 - 00000000 ____D () C:\FRST
2014-08-25 21:40 - 2014-08-24 18:04 - 00038826 _____ () C:\Users\Tyler\Desktop\Fantasy.xlsx
2014-08-25 21:39 - 2012-06-23 13:38 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-25 21:24 - 2012-07-02 20:52 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 20:24 - 2012-07-02 20:52 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 15:00 - 2010-12-07 23:45 - 01111861 _____ () C:\windows\WindowsUpdate.log
2014-08-25 08:56 - 2014-08-25 08:55 - 00038278 _____ () C:\Users\Tyler\Desktop\Addition.txt
2014-08-25 08:53 - 2014-08-25 08:52 - 02103296 _____ (Farbar) C:\Users\Tyler\Desktop\FRST64.exe
2014-08-25 08:43 - 2011-02-11 22:41 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\uTorrent
2014-08-25 08:40 - 2014-08-25 08:35 - 00000000 ____D () C:\Users\Tyler\Desktop\Malware Fix
2014-08-25 08:32 - 2011-12-07 10:50 - 00000000 ____D () C:\Users\Tyler\Desktop\TD
2014-08-25 08:00 - 2013-12-01 17:47 - 00007891 _____ () C:\windows\BRRBCOM.INI
2014-08-24 20:28 - 2014-08-24 20:27 - 00000000 ____D () C:\Users\Tyler\Downloads\The Knick S01E03 HDTV x264-KILLERS[ettv]
2014-08-24 19:57 - 2014-08-24 19:56 - 00022430 _____ () C:\Users\Tyler\Desktop\dds.txt
2014-08-24 19:57 - 2014-08-24 19:56 - 00008296 _____ () C:\Users\Tyler\Desktop\attach.txt
2014-08-24 19:51 - 2014-08-24 19:51 - 00688992 ____R (Swearware) C:\Users\Tyler\Downloads\dds.com
2014-08-24 19:28 - 2009-07-13 21:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 19:28 - 2009-07-13 21:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 19:21 - 2012-11-14 16:07 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Dropbox
2014-08-24 19:19 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-24 19:19 - 2009-07-13 21:51 - 00065896 _____ () C:\windows\setupact.log
2014-08-24 19:06 - 2012-06-23 13:38 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-24 19:05 - 2012-06-23 13:38 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-24 19:05 - 2011-06-02 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-24 17:28 - 2011-02-12 13:03 - 00002046 _____ () C:\Users\Tyler\Documents\Default.rdp
2014-08-24 15:30 - 2014-08-24 15:30 - 00003288 ____N () C:\bootsqm.dat
2014-08-24 15:30 - 2014-08-24 11:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-24 15:30 - 2014-08-24 11:50 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-24 15:30 - 2011-02-12 17:58 - 00122634 _____ () C:\windows\PFRO.log
2014-08-24 15:13 - 2014-08-24 11:50 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Avg2014
2014-08-24 14:48 - 2014-08-24 14:48 - 00000000 ____D () C:\windows\ERUNT
2014-08-24 14:47 - 2014-08-24 14:47 - 01016261 _____ (Thisisu) C:\Users\Tyler\Downloads\JRT.exe
2014-08-24 14:39 - 2014-08-23 14:24 - 00000000 ___RD () C:\Users\Tyler\Google Drive
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\TuneUp Software
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\AVG2014
2014-08-24 11:50 - 2014-08-24 11:50 - 00000000 ____D () C:\Users\Tyler\AppData\Local\MFAData
2014-08-24 11:49 - 2014-08-24 11:49 - 04763296 _____ (AVG Technologies) C:\Users\Tyler\Downloads\avg_free_stb_all_2014_4745_cnet.exe
2014-08-23 17:12 - 2009-07-13 22:13 - 00727182 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-23 16:42 - 2014-08-23 16:37 - 271367212 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E02.HDTV.x264-KILLERS.mp4
2014-08-23 16:37 - 2014-08-23 16:33 - 344019168 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E01.HDTV.x264-KILLERS.mp4
2014-08-23 14:24 - 2011-02-11 22:10 - 00000000 ____D () C:\Users\Tyler
2014-08-23 14:23 - 2014-08-23 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-23 14:23 - 2012-07-02 20:52 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Google
2014-08-23 14:23 - 2012-01-02 12:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-23 14:21 - 2014-08-11 07:29 - 00000000 ____D () C:\Users\Tyler\Desktop\Michiana 2014
2014-08-23 10:44 - 2014-08-23 10:44 - 00279256 _____ () C:\windows\Minidump\082314-23290-01.dmp
2014-08-23 10:44 - 2011-08-03 22:24 - 00000000 ____D () C:\windows\Minidump
2014-08-23 10:44 - 2011-08-03 22:23 - 566832573 _____ () C:\windows\MEMORY.DMP
2014-08-21 21:56 - 2013-05-26 21:36 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\vlc
2014-08-21 20:20 - 2014-08-21 20:06 - 1515517986 _____ () C:\Users\Tyler\Downloads\Hard Knocks S09E03 Atlanta Falcons HDTV [KNIX].mp4
2014-08-20 03:04 - 2014-03-30 09:57 - 00000000 ____D () C:\windows\system32\MRT
2014-08-20 03:01 - 2011-04-03 09:43 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-17 08:09 - 2014-08-17 07:57 - 00000000 ____D () C:\Users\Tyler\Downloads\Chef.2014.HDRip.XViD.AC3-juggs[ETRG]
2014-08-17 07:46 - 2014-08-17 07:45 - 00000000 ____D () C:\Users\Tyler\Downloads\Neighbors.2014.HDRip.XviD-SaM[ETRG]
2014-08-16 09:49 - 2014-08-16 09:47 - 00000000 ____D () C:\Users\Tyler\Downloads\The Foundation
2014-08-16 08:43 - 2012-11-14 16:09 - 00001017 _____ () C:\Users\Tyler\Desktop\Dropbox.lnk
2014-08-16 08:43 - 2012-11-14 16:08 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-16 08:24 - 2014-08-16 08:09 - 342640263 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part6.HDTV.x264-YesTV.mp4
2014-08-16 08:21 - 2014-08-16 08:18 - 373908569 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part5.HDTV.x264-YesTV.mp4
2014-08-16 08:18 - 2014-08-16 08:15 - 323015282 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part4.HDTV.x264-YesTV.mp4
2014-08-16 08:14 - 2014-08-16 08:12 - 332864520 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part3.HDTV.x264-YesTV.mp4
2014-08-16 08:12 - 2014-08-16 08:10 - 201582804 _____ () C:\Users\Tyler\Downloads\Last.Week.Tonight.With.John.Oliver.2014.08.10.HDTV.x264-BAJSKORV.mp4
2014-08-11 08:41 - 2014-08-11 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-11 08:41 - 2014-08-11 08:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-11 08:41 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files\iTunes
2014-08-11 08:41 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-11 08:40 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files\iPod
2014-08-11 08:17 - 2014-08-11 08:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-11 08:16 - 2010-12-08 00:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-11 08:16 - 2010-12-08 00:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-11 08:14 - 2012-03-17 23:27 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-08-10 12:18 - 2014-08-10 12:15 - 00000000 ____D () C:\Users\Tyler\Desktop\iPhone Pics 8-10-14
2014-08-10 12:01 - 2014-08-10 11:58 - 00000000 ____D () C:\Users\Tyler\Desktop\Uncle Mike
2014-08-08 18:39 - 2014-08-08 18:13 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.For.You.S02E04.480p.HDTV.x264-mSD
2014-08-08 18:19 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E02.HDTV.x264-KILLERS
2014-08-08 18:16 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E03.HDTV.XviD-AFG
2014-08-08 18:14 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.for.You.S02E07.Taxi.Service.-.Hot.Dog.Stand.WEBRip.x264.AAC
2014-08-08 18:12 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E01.HDTV.x264-KILLERS
2014-08-08 17:57 - 2014-08-08 17:57 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan For You - Season 1
2014-08-08 17:49 - 2013-03-17 10:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-08 17:49 - 2013-03-17 10:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-08 17:49 - 2012-05-08 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-07 20:18 - 2014-08-07 20:13 - 190979930 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E02.HDTV.x264-KILLERS.mp4
2014-08-07 20:17 - 2014-08-07 20:13 - 276322646 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E03.HDTV.x264-KILLERS.mp4
2014-08-07 20:12 - 2014-08-07 20:10 - 210576084 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.S01E01.HDTV.x264-ASAP.mp4
2014-08-06 18:53 - 2014-08-06 18:49 - 314331633 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part2.HDTV.x264-YesTV.mp4
2014-08-05 09:20 - 2011-04-05 21:08 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-01 17:52 - 2014-08-01 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-01 15:52 - 2014-04-08 20:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-31 18:27 - 2013-03-17 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-20 04:04

==================== End Of Log ============================



#6 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 26 August 2014 - 03:37 AM

Hello ElGuapo23,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


P2P - I see you have P2P software uTorrent installed on your machine.
  • Avoid P2P
  • Identity Theft and / or malware infection may happen, when P2P software is running on your computer.
  • Here you will find more information.
  • Please note:
    • If you think you're using a "safe" P2P program, only the program is safe, not the data.
    • You will share files from unsafe sources, and these may be infected.
    • Some bad guys use P2P filesharing as an important chanel to spread their wares.
    I would advice you, uninstall it now.
    You can do this via Start > Control Panel > Add Remove Programs (XP) or Start > Control Panel > Programs and Features (Vista / 7).

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 ElGuapo23

ElGuapo23
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 26 August 2014 - 10:47 AM

Thanks Jo - see logs below.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.26.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Tyler :: TYLER-PC [administrator]

8/26/2014 7:51:47 AM
mbar-log-2014-08-26 (07-51-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 334834
Time elapsed: 39 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe (Trojan.MSIL.ED) -> No action taken. [3069ddecc1ba61d508a23b712bd6b44c]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

# AdwCleaner v3.308 - Report created 26/08/2014 at 08:35:49
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Tyler - TYLER-PC
# Running from : C:\Users\Tyler\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\~0
Folder Found : C:\Users\Tyler\AppData\Local\OpenCandy
Folder Found : C:\Users\Tyler\AppData\Local\PackageAware

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\PrimoPDF\OpenCandy
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1253 octets] - [26/08/2014 08:35:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1313 octets] ##########
 



#8 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 26 August 2014 - 11:00 AM

Hello ElGuapo23,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

 

***


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 ElGuapo23

ElGuapo23
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 26 August 2014 - 01:15 PM

Thanks Jo.  Here are the logs:

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.26.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Tyler :: TYLER-PC [administrator]

8/26/2014 10:10:37 AM
mbar-log-2014-08-26 (10-10-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 334591
Time elapsed: 27 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe (Trojan.MSIL.ED) -> Delete on reboot. [aeebe8e1e09bfe38426886266899fa06]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

 

ComboFix 14-08-26.02 - Tyler 08/26/2014  10:56:01.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2145 [GMT -7:00]
Running from: c:\users\Tyler\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\16fbac33
C:\windowsGABRIOLA.tt2
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-26 to 2014-08-26  )))))))))))))))))))))))))))))))
.
.
2014-08-26 18:10 . 2014-08-26 18:10    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-08-26 18:10 . 2014-08-26 18:10    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-26 15:36 . 2010-08-30 15:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-26 15:35 . 2014-08-26 15:36    --------    d-----w-    C:\AdwCleaner
2014-08-26 14:51 . 2014-08-26 17:49    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-26 14:51 . 2014-08-26 17:10    128728    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-26 14:50 . 2014-08-26 17:10    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-26 14:46 . 2014-08-21 03:43    11319192    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7635503-1936-445B-BE33-10EB039E4165}\mpengine.dll
2014-08-25 15:53 . 2014-08-26 05:14    --------    d-----w-    C:\FRST
2014-08-24 21:48 . 2014-08-24 21:48    --------    d-----w-    c:\windows\ERUNT
2014-08-24 18:55 . 2014-08-24 18:55    --------    d-----w-    c:\users\Tyler\AppData\Roaming\AVG2014
2014-08-24 18:55 . 2014-08-24 18:55    --------    d-----w-    c:\users\Tyler\AppData\Roaming\TuneUp Software
2014-08-24 18:53 . 2014-08-24 22:30    --------    d-----w-    c:\programdata\AVG2014
2014-08-24 18:50 . 2014-08-24 22:30    --------    d-----w-    c:\programdata\MFAData
2014-08-24 18:50 . 2014-08-24 22:13    --------    d-----w-    c:\users\Tyler\AppData\Local\Avg2014
2014-08-24 18:50 . 2014-08-24 18:50    --------    d--h--w-    c:\programdata\Common Files
2014-08-24 18:50 . 2014-08-24 18:50    --------    d-----w-    c:\users\Tyler\AppData\Local\MFAData
2014-08-23 21:24 . 2014-08-24 21:39    --------    d-----r-    c:\users\Tyler\Google Drive
2014-08-15 05:28 . 2014-08-15 05:28    189128    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2014-08-11 15:40 . 2014-08-11 15:40    --------    d-----w-    c:\program files\iPod
2014-08-11 15:40 . 2014-08-11 15:41    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-11 15:40 . 2014-08-11 15:41    --------    d-----w-    c:\program files\iTunes
2014-08-11 15:40 . 2014-08-11 15:41    --------    d-----w-    c:\program files (x86)\iTunes
2014-08-11 15:16 . 2014-08-11 15:16    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-26 14:57 . 2014-04-09 03:28    590536    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-25 02:05 . 2012-06-23 20:38    699568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-25 02:05 . 2011-06-03 05:38    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-20 10:01 . 2011-04-03 16:43    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-08-05 16:20 . 2011-04-06 04:08    270496    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-26 15:00    1730256    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-26 15:00    1730256    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-26 15:00    1730256    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2013-01-30 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-12-27 4522496]
"BrHelp"="c:\program files (x86)\Brother\Brother Help\BrotherHelp.exe" [2013-01-18 2009088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
.
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-8-15 36414752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys;c:\windows\SYSNATIVE\drivers\WDBridge.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe;c:\program files\Lenovo\ReadyComm\AppSvc.exe [x]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys;c:\windows\SYSNATIVE\DRIVERS\dfmirage.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys;c:\windows\SYSNATIVE\DRIVERS\WDMirror.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mbamchameleon
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs    REG_MULTI_SZ       ReadyComm.DirectRouter PS_MDP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 17:29    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 02:05]
.
2014-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 03:52]
.
2014-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-03 03:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-26 15:00    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-26 15:00    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-26 15:00    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = configure;foxyproxy;in;single;click;141.255.161.77:43874
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.105.29.16 68.105.27.16 192.168.3.1
FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-26  11:13:58
ComboFix-quarantined-files.txt  2014-08-26 18:13
ComboFix2.txt  2011-06-29 05:29
.
Pre-Run: 209,714,823,168 bytes free
Post-Run: 213,222,707,200 bytes free
.
- - End Of File - - 83DE0128022C70438F19C93BAA8E7FE9
 



#10 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 26 August 2014 - 02:42 PM

Hello ElGuapo23,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 ElGuapo23

ElGuapo23
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 26 August 2014 - 04:47 PM

Thank you Jo, the computer seems to be running well from what I can tell.  The multiple instances of conhost.exe no longer appear in the Task Manager processes.  Logs below:

 

 

 

# AdwCleaner v3.308 - Report created 26/08/2014 at 13:45:13
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Tyler - TYLER-PC
# Running from : C:\Users\Tyler\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\Users\Tyler\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Tyler\AppData\Local\PackageAware

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\PrimoPDF\OpenCandy
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\prefs.js ]


-\\ Google Chrome v37.0.2062.94

[ File : C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1397 octets] - [26/08/2014 08:35:49]
AdwCleaner[R1].txt - [1456 octets] - [26/08/2014 13:40:19]
AdwCleaner[S0].txt - [1387 octets] - [26/08/2014 13:45:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1447 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tyler on Tue 08/26/2014 at 13:52:54.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Tyler\AppData\Roaming\mozilla\firefox\profiles\0md09pjs.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/26/2014 at 14:03:14.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Tyler (administrator) on TYLER-PC on 26-08-2014 14:43:25
Running from C:\Users\Tyler\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
() C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-06-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [449608 2011-08-31] (Malwarebytes Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-76126588-1136018720-565919304-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: configure;foxyproxy;in;single;click;141.255.161.77:43874
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.29.16 68.105.27.16 192.168.3.1

FireFox:
========
FF ProfilePath: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Tyler\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\searchplugins\googlecom-in-english.xml
FF Extension: PDF Download - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013-01-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Google Cast) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-09-21]
CHR Extension: (Hangouts) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-08-25]
CHR Extension: (Google Wallet) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [637440 2014-01-02] (FileZilla Project) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-06-23] () [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2010-11-10] (DemoForge, LLC)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25416 2011-08-31] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 14:03 - 2014-08-26 14:03 - 00000764 _____ () C:\Users\Tyler\Desktop\JRT.txt
2014-08-26 13:52 - 2014-08-26 13:52 - 00001531 _____ () C:\Users\Tyler\Desktop\AdwCleaner[S0].txt
2014-08-26 13:39 - 2014-08-26 13:39 - 01016261 _____ (Thisisu) C:\Users\Tyler\Desktop\JRT.exe
2014-08-26 11:13 - 2014-08-26 11:13 - 00025272 _____ () C:\ComboFix.txt
2014-08-26 11:03 - 2011-02-11 22:42 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-08-26 11:03 - 2010-12-08 00:28 - 00002435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2014-08-26 11:03 - 2010-12-08 00:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-08-26 10:05 - 2014-08-26 10:09 - 05574195 ____R (Swearware) C:\Users\Tyler\Desktop\ComboFix.exe
2014-08-26 08:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-26 08:35 - 2014-08-26 13:45 - 00000000 ____D () C:\AdwCleaner
2014-08-26 07:51 - 2014-08-26 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-26 07:51 - 2014-08-26 10:10 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 07:50 - 2014-08-26 10:45 - 00000000 ____D () C:\Users\Tyler\Desktop\mbar
2014-08-26 07:50 - 2014-08-26 10:10 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-26 07:48 - 2014-08-26 07:48 - 01364531 _____ () C:\Users\Tyler\Desktop\AdwCleaner.exe
2014-08-26 07:47 - 2014-08-26 07:47 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tyler\Desktop\mbar-1.07.0.1012.exe
2014-08-25 08:55 - 2014-08-25 08:56 - 00038278 _____ () C:\Users\Tyler\Desktop\Addition.txt
2014-08-25 08:54 - 2014-08-26 14:43 - 00022064 _____ () C:\Users\Tyler\Desktop\FRST.txt
2014-08-25 08:53 - 2014-08-26 14:43 - 00000000 ____D () C:\FRST
2014-08-25 08:52 - 2014-08-25 08:53 - 02103296 _____ (Farbar) C:\Users\Tyler\Desktop\FRST64.exe
2014-08-25 08:35 - 2014-08-25 08:40 - 00000000 ____D () C:\Users\Tyler\Desktop\Malware Fix
2014-08-24 20:27 - 2014-08-24 20:28 - 00000000 ____D () C:\Users\Tyler\Downloads\The Knick S01E03 HDTV x264-KILLERS[ettv]
2014-08-24 19:56 - 2014-08-24 19:57 - 00022430 _____ () C:\Users\Tyler\Desktop\dds.txt
2014-08-24 19:56 - 2014-08-24 19:57 - 00008296 _____ () C:\Users\Tyler\Desktop\attach.txt
2014-08-24 19:51 - 2014-08-24 19:51 - 00688992 ____R (Swearware) C:\Users\Tyler\Downloads\dds.com
2014-08-24 18:04 - 2014-08-25 21:40 - 00038826 _____ () C:\Users\Tyler\Desktop\Fantasy.xlsx
2014-08-24 14:48 - 2014-08-24 14:48 - 00000000 ____D () C:\windows\ERUNT
2014-08-24 14:47 - 2014-08-24 14:47 - 01016261 _____ (Thisisu) C:\Users\Tyler\Downloads\JRT.exe
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\TuneUp Software
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\AVG2014
2014-08-24 11:53 - 2014-08-24 15:30 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-24 11:50 - 2014-08-24 15:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-24 11:50 - 2014-08-24 15:13 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Avg2014
2014-08-24 11:50 - 2014-08-24 11:50 - 00000000 ____D () C:\Users\Tyler\AppData\Local\MFAData
2014-08-24 11:49 - 2014-08-24 11:49 - 04763296 _____ (AVG Technologies) C:\Users\Tyler\Downloads\avg_free_stb_all_2014_4745_cnet.exe
2014-08-23 16:37 - 2014-08-23 16:42 - 271367212 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E02.HDTV.x264-KILLERS.mp4
2014-08-23 16:33 - 2014-08-23 16:37 - 344019168 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E01.HDTV.x264-KILLERS.mp4
2014-08-23 14:24 - 2014-08-24 14:39 - 00000000 ___RD () C:\Users\Tyler\Google Drive
2014-08-23 14:23 - 2014-08-23 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-23 10:44 - 2014-08-23 10:44 - 00279256 _____ () C:\windows\Minidump\082314-23290-01.dmp
2014-08-21 20:06 - 2014-08-21 20:20 - 1515517986 _____ () C:\Users\Tyler\Downloads\Hard Knocks S09E03 Atlanta Falcons HDTV [KNIX].mp4
2014-08-17 07:57 - 2014-08-17 08:09 - 00000000 ____D () C:\Users\Tyler\Downloads\Chef.2014.HDRip.XViD.AC3-juggs[ETRG]
2014-08-17 07:45 - 2014-08-17 07:46 - 00000000 ____D () C:\Users\Tyler\Downloads\Neighbors.2014.HDRip.XviD-SaM[ETRG]
2014-08-16 09:47 - 2014-08-16 09:49 - 00000000 ____D () C:\Users\Tyler\Downloads\The Foundation
2014-08-16 08:18 - 2014-08-16 08:21 - 373908569 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part5.HDTV.x264-YesTV.mp4
2014-08-16 08:15 - 2014-08-16 08:18 - 323015282 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part4.HDTV.x264-YesTV.mp4
2014-08-16 08:12 - 2014-08-16 08:14 - 332864520 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part3.HDTV.x264-YesTV.mp4
2014-08-16 08:10 - 2014-08-16 08:12 - 201582804 _____ () C:\Users\Tyler\Downloads\Last.Week.Tonight.With.John.Oliver.2014.08.10.HDTV.x264-BAJSKORV.mp4
2014-08-16 08:09 - 2014-08-16 08:24 - 342640263 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part6.HDTV.x264-YesTV.mp4
2014-08-11 08:41 - 2014-08-11 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-11 08:40 - 2014-08-11 08:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-11 08:40 - 2014-08-11 08:41 - 00000000 ____D () C:\Program Files\iTunes
2014-08-11 08:40 - 2014-08-11 08:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-11 08:40 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files\iPod
2014-08-11 08:16 - 2014-08-11 08:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-11 07:29 - 2014-08-23 14:21 - 00000000 ____D () C:\Users\Tyler\Desktop\Michiana 2014
2014-08-10 12:15 - 2014-08-10 12:18 - 00000000 ____D () C:\Users\Tyler\Desktop\iPhone Pics 8-10-14
2014-08-10 11:58 - 2014-08-10 12:01 - 00000000 ____D () C:\Users\Tyler\Desktop\Uncle Mike
2014-08-08 18:13 - 2014-08-08 18:39 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.For.You.S02E04.480p.HDTV.x264-mSD
2014-08-08 18:12 - 2014-08-08 18:19 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E02.HDTV.x264-KILLERS
2014-08-08 18:12 - 2014-08-08 18:16 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E03.HDTV.XviD-AFG
2014-08-08 18:12 - 2014-08-08 18:14 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.for.You.S02E07.Taxi.Service.-.Hot.Dog.Stand.WEBRip.x264.AAC
2014-08-08 18:12 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E01.HDTV.x264-KILLERS
2014-08-08 17:57 - 2014-08-08 17:57 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan For You - Season 1
2014-08-07 20:13 - 2014-08-07 20:18 - 190979930 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E02.HDTV.x264-KILLERS.mp4
2014-08-07 20:13 - 2014-08-07 20:17 - 276322646 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E03.HDTV.x264-KILLERS.mp4
2014-08-07 20:10 - 2014-08-07 20:12 - 210576084 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.S01E01.HDTV.x264-ASAP.mp4
2014-08-06 18:49 - 2014-08-06 18:53 - 314331633 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part2.HDTV.x264-YesTV.mp4
2014-08-01 17:52 - 2014-08-01 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 14:44 - 2014-08-25 08:54 - 00022064 _____ () C:\Users\Tyler\Desktop\FRST.txt
2014-08-26 14:43 - 2014-08-25 08:53 - 00000000 ____D () C:\FRST
2014-08-26 14:39 - 2012-06-23 13:38 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 14:24 - 2012-07-02 20:52 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 14:03 - 2014-08-26 14:03 - 00000764 _____ () C:\Users\Tyler\Desktop\JRT.txt
2014-08-26 13:54 - 2009-07-13 21:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 13:54 - 2009-07-13 21:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 13:52 - 2014-08-26 13:52 - 00001531 _____ () C:\Users\Tyler\Desktop\AdwCleaner[S0].txt
2014-08-26 13:52 - 2012-11-14 16:07 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Dropbox
2014-08-26 13:51 - 2012-07-02 20:52 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 13:46 - 2014-08-26 07:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-26 13:46 - 2011-02-12 17:58 - 00129518 _____ () C:\windows\PFRO.log
2014-08-26 13:46 - 2010-12-07 23:45 - 01188446 _____ () C:\windows\WindowsUpdate.log
2014-08-26 13:46 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-26 13:46 - 2009-07-13 21:51 - 00066042 _____ () C:\windows\setupact.log
2014-08-26 13:45 - 2014-08-26 08:35 - 00000000 ____D () C:\AdwCleaner
2014-08-26 13:39 - 2014-08-26 13:39 - 01016261 _____ (Thisisu) C:\Users\Tyler\Desktop\JRT.exe
2014-08-26 11:14 - 2011-06-28 22:18 - 00000000 ____D () C:\Qoobox
2014-08-26 11:13 - 2014-08-26 11:13 - 00025272 _____ () C:\ComboFix.txt
2014-08-26 11:10 - 2009-07-13 19:34 - 00000215 _____ () C:\windows\system.ini
2014-08-26 11:03 - 2014-07-04 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-26 10:45 - 2014-08-26 07:50 - 00000000 ____D () C:\Users\Tyler\Desktop\mbar
2014-08-26 10:10 - 2014-08-26 07:51 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 10:10 - 2014-08-26 07:50 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-26 10:09 - 2014-08-26 10:05 - 05574195 ____R (Swearware) C:\Users\Tyler\Desktop\ComboFix.exe
2014-08-26 08:02 - 2014-04-08 20:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-26 07:49 - 2011-02-11 22:41 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\uTorrent
2014-08-26 07:48 - 2014-08-26 07:48 - 01364531 _____ () C:\Users\Tyler\Desktop\AdwCleaner.exe
2014-08-26 07:47 - 2014-08-26 07:47 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tyler\Desktop\mbar-1.07.0.1012.exe
2014-08-25 21:40 - 2014-08-24 18:04 - 00038826 _____ () C:\Users\Tyler\Desktop\Fantasy.xlsx
2014-08-25 08:56 - 2014-08-25 08:55 - 00038278 _____ () C:\Users\Tyler\Desktop\Addition.txt
2014-08-25 08:53 - 2014-08-25 08:52 - 02103296 _____ (Farbar) C:\Users\Tyler\Desktop\FRST64.exe
2014-08-25 08:40 - 2014-08-25 08:35 - 00000000 ____D () C:\Users\Tyler\Desktop\Malware Fix
2014-08-25 08:32 - 2011-12-07 10:50 - 00000000 ____D () C:\Users\Tyler\Desktop\TD
2014-08-25 08:00 - 2013-12-01 17:47 - 00007891 _____ () C:\windows\BRRBCOM.INI
2014-08-24 20:28 - 2014-08-24 20:27 - 00000000 ____D () C:\Users\Tyler\Downloads\The Knick S01E03 HDTV x264-KILLERS[ettv]
2014-08-24 19:57 - 2014-08-24 19:56 - 00022430 _____ () C:\Users\Tyler\Desktop\dds.txt
2014-08-24 19:57 - 2014-08-24 19:56 - 00008296 _____ () C:\Users\Tyler\Desktop\attach.txt
2014-08-24 19:51 - 2014-08-24 19:51 - 00688992 ____R (Swearware) C:\Users\Tyler\Downloads\dds.com
2014-08-24 19:06 - 2012-06-23 13:38 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-24 19:05 - 2012-06-23 13:38 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-24 19:05 - 2011-06-02 22:38 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-24 17:28 - 2011-02-12 13:03 - 00002046 _____ () C:\Users\Tyler\Documents\Default.rdp
2014-08-24 15:30 - 2014-08-24 11:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-24 15:30 - 2014-08-24 11:50 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-24 15:13 - 2014-08-24 11:50 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Avg2014
2014-08-24 14:48 - 2014-08-24 14:48 - 00000000 ____D () C:\windows\ERUNT
2014-08-24 14:47 - 2014-08-24 14:47 - 01016261 _____ (Thisisu) C:\Users\Tyler\Downloads\JRT.exe
2014-08-24 14:39 - 2014-08-23 14:24 - 00000000 ___RD () C:\Users\Tyler\Google Drive
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\TuneUp Software
2014-08-24 11:55 - 2014-08-24 11:55 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\AVG2014
2014-08-24 11:50 - 2014-08-24 11:50 - 00000000 ____D () C:\Users\Tyler\AppData\Local\MFAData
2014-08-24 11:49 - 2014-08-24 11:49 - 04763296 _____ (AVG Technologies) C:\Users\Tyler\Downloads\avg_free_stb_all_2014_4745_cnet.exe
2014-08-23 17:12 - 2009-07-13 22:13 - 00727182 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-23 16:42 - 2014-08-23 16:37 - 271367212 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E02.HDTV.x264-KILLERS.mp4
2014-08-23 16:37 - 2014-08-23 16:33 - 344019168 _____ () C:\Users\Tyler\Downloads\The.Knick.S01E01.HDTV.x264-KILLERS.mp4
2014-08-23 14:24 - 2011-02-11 22:10 - 00000000 ____D () C:\Users\Tyler
2014-08-23 14:23 - 2014-08-23 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-23 14:23 - 2012-07-02 20:52 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Google
2014-08-23 14:23 - 2012-01-02 12:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-23 14:21 - 2014-08-11 07:29 - 00000000 ____D () C:\Users\Tyler\Desktop\Michiana 2014
2014-08-23 10:44 - 2014-08-23 10:44 - 00279256 _____ () C:\windows\Minidump\082314-23290-01.dmp
2014-08-23 10:44 - 2011-08-03 22:24 - 00000000 ____D () C:\windows\Minidump
2014-08-23 10:44 - 2011-08-03 22:23 - 566832573 _____ () C:\windows\MEMORY.DMP
2014-08-21 21:56 - 2013-05-26 21:36 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\vlc
2014-08-21 20:20 - 2014-08-21 20:06 - 1515517986 _____ () C:\Users\Tyler\Downloads\Hard Knocks S09E03 Atlanta Falcons HDTV [KNIX].mp4
2014-08-20 03:04 - 2014-03-30 09:57 - 00000000 ____D () C:\windows\system32\MRT
2014-08-20 03:01 - 2011-04-03 09:43 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-17 08:09 - 2014-08-17 07:57 - 00000000 ____D () C:\Users\Tyler\Downloads\Chef.2014.HDRip.XViD.AC3-juggs[ETRG]
2014-08-17 07:46 - 2014-08-17 07:45 - 00000000 ____D () C:\Users\Tyler\Downloads\Neighbors.2014.HDRip.XviD-SaM[ETRG]
2014-08-16 09:49 - 2014-08-16 09:47 - 00000000 ____D () C:\Users\Tyler\Downloads\The Foundation
2014-08-16 08:43 - 2012-11-14 16:09 - 00001017 _____ () C:\Users\Tyler\Desktop\Dropbox.lnk
2014-08-16 08:43 - 2012-11-14 16:08 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-16 08:24 - 2014-08-16 08:09 - 342640263 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part6.HDTV.x264-YesTV.mp4
2014-08-16 08:21 - 2014-08-16 08:18 - 373908569 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part5.HDTV.x264-YesTV.mp4
2014-08-16 08:18 - 2014-08-16 08:15 - 323015282 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part4.HDTV.x264-YesTV.mp4
2014-08-16 08:14 - 2014-08-16 08:12 - 332864520 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part3.HDTV.x264-YesTV.mp4
2014-08-16 08:12 - 2014-08-16 08:10 - 201582804 _____ () C:\Users\Tyler\Downloads\Last.Week.Tonight.With.John.Oliver.2014.08.10.HDTV.x264-BAJSKORV.mp4
2014-08-11 08:41 - 2014-08-11 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-11 08:41 - 2014-08-11 08:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-11 08:41 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files\iTunes
2014-08-11 08:41 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-11 08:40 - 2014-08-11 08:40 - 00000000 ____D () C:\Program Files\iPod
2014-08-11 08:17 - 2014-08-11 08:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-11 08:16 - 2010-12-08 00:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-11 08:16 - 2010-12-08 00:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-11 08:14 - 2012-03-17 23:27 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-08-10 12:18 - 2014-08-10 12:15 - 00000000 ____D () C:\Users\Tyler\Desktop\iPhone Pics 8-10-14
2014-08-10 12:01 - 2014-08-10 11:58 - 00000000 ____D () C:\Users\Tyler\Desktop\Uncle Mike
2014-08-08 18:39 - 2014-08-08 18:13 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.For.You.S02E04.480p.HDTV.x264-mSD
2014-08-08 18:19 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E02.HDTV.x264-KILLERS
2014-08-08 18:16 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E03.HDTV.XviD-AFG
2014-08-08 18:14 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan.for.You.S02E07.Taxi.Service.-.Hot.Dog.Stand.WEBRip.x264.AAC
2014-08-08 18:12 - 2014-08-08 18:12 - 00000000 ____D () C:\Users\Tyler\Downloads\[ www.torrenting.com ] - Nathan.For.You.S02E01.HDTV.x264-KILLERS
2014-08-08 17:57 - 2014-08-08 17:57 - 00000000 ____D () C:\Users\Tyler\Downloads\Nathan For You - Season 1
2014-08-08 17:49 - 2013-03-17 10:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-08 17:49 - 2013-03-17 10:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-08 17:49 - 2012-05-08 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-07 20:18 - 2014-08-07 20:13 - 190979930 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E02.HDTV.x264-KILLERS.mp4
2014-08-07 20:17 - 2014-08-07 20:13 - 276322646 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.2014.S01E03.HDTV.x264-KILLERS.mp4
2014-08-07 20:12 - 2014-08-07 20:10 - 210576084 _____ () C:\Users\Tyler\Downloads\Youre.the.Worst.S01E01.HDTV.x264-ASAP.mp4
2014-08-06 18:53 - 2014-08-06 18:49 - 314331633 _____ () C:\Users\Tyler\Downloads\World.Series.Of.Poker.2014.The.Big.One.For.One.Drop.Part2.HDTV.x264-YesTV.mp4
2014-08-05 09:20 - 2011-04-05 21:08 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-01 17:52 - 2014-08-01 17:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 18:27 - 2013-03-17 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Tyler\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkjltmx.dll
C:\Users\Tyler\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-20 04:04

==================== End Of Log ============================



#12 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 27 August 2014 - 02:48 AM

Hello ElGuapo23,


1. Java
1.1 Uninstall old Java versions (if present):
  • Please go to Start > Control Panel > Programs and Features .
  • Locate all Java Updates
  • Uninstall them all.
1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.
 

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 ElGuapo23

ElGuapo23
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 28 August 2014 - 02:42 PM

Thanks Jo.  Computer seems to be running well.  MBAM didnt find anything, but ESET did, see logs below:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/28/2014
Scan Time: 7:44:49 AM
Logfile: MBAM Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.28.02
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Tyler

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322834
Time Elapsed: 14 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\conhost.exe.xBAD    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\1007\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\1254\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\1498\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\1767\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\1848\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\2083\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\2214\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\2389\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\2449\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\2556\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\270\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\3550\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\3584\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\3810\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\3825\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\3919\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\4233\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\4513\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\4563\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\4616\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\4832\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\485\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\4856\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\4941\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\5088\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\5113\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\5148\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\5234\svchost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\5314\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\5995\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\6016\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\6235\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\6267\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\6379\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\6681\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\6741\svchost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\6887\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\7233\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\7478\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\7517\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\7590\svchost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\7679\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\7722\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\7990\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\8137\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\8149\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\815\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\8301\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\8388\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\8598\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\8779\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\8959\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\938\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\9761\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\9782\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\9789\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\FRST\Quarantine\C\Users\Tyler\AppData\Local\Temp\SessionWin32k\9882\conhost.exe    a variant of MSIL/TrojanClicker.Agent.NHB trojan
C:\Qoobox\Quarantine\C\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\0md09pjs.default\extensions\{392514f0-6837-4cec-9827-7c09ea67b95b}\chrome\xulcache.jar.vir    JS/Agent.NDB trojan
 



#14 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 28 August 2014 - 03:00 PM

Hi ElGuapo23,

well done. :)

What ESET found is alredy in Quarantine!

C:\FRST\Quarantine\...


It Appears That Your Pc Is Now Clean!



***


Clean up:

We used Combofix.
Deactivate your antivirus software once more.
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

    CF-Uninstall.png
Enable your antivirus software.



***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
start
DeleteQuarantine:
end
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
 

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.



***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
https://secunia.com/vulnerability_scanning/personal/



***


Edited by Jo*, 28 August 2014 - 03:01 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 ElGuapo23

ElGuapo23
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 28 August 2014 - 03:41 PM

Great.  Thanks Jo!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users