Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/2/2014
Scan Time: 8:43:35 AM
Logfile: MBAM-2014-09-02.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.02.06
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365939
Time Elapsed: 25 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.DomaIQ, C:\$RECYCLE.BIN\S-1-5-21-3778843924-91701314-3341541671-1001\$R1RCJYG.exe, Quarantined, [e7b2a623037867cff62360f204fc53ad],
Physical Sectors: 0
(No malicious items detected)
(end)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
# AdwCleaner v3.308 - Report created 02/09/2014 at 09:18:00
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner_3.308.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Google Chrome v27.0.1453.110
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [913 octets] - [02/09/2014 09:18:00]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2238 octets] ##########
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Owner (administrator) on OWNER-PC on 02-09-2014 09:25:27
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596912 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2012-12-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3778843924-91701314-3341541671-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3778843924-91701314-3341541671-1001\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [825808 2013-05-29] (Google Inc.)
HKU\S-1-5-21-3778843924-91701314-3341541671-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3778843924-91701314-3341541671-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKU\S-1-5-21-3778843924-91701314-3341541671-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {A76DF8AB-BD5D-406D-9BC1-33BE1E00F125} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 24.159.64.23
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ei.DictionaryBoss.com/Plugin -> C:\Program Files (x86)\DictionaryBossEI\Installr\1.bin\NPv4EISB.dll No File
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Extension: Playtopus - C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@playtopus.com [2013-06-26]
FF Extension: WordOv - C:\Program Files (x86)\Mozilla Firefox\extensions\exjzanej@rsligfihubxtiyrwg.org [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-27]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [lspeaker@lyricsspeaker.net] - C:\Program Files (x86)\LyricsSpeaker\128.xpi
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [adkpedkkojgaiolglalapeenhoapdlag] - C:\Program Files (x86)\OApps\chrome-sl.crx []
CHR HKLM-x32\...\Chrome\Extension: [aigpiepdfjlnahejechnegkblnkidiom] - C:\Program Files (x86)\LyricsSpeaker\128.crx []
CHR HKLM-x32\...\Chrome\Extension: [ghepdeopemnlhlemlamkihdphpgghghn] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta2669\ch\VideoPlayerV3beta2669.crx []
CHR HKLM-x32\...\Chrome\Extension: [hdkimeogkokcdglcefaalgmgadjibhej] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1679\ch\MediaViewV1alpha1679.crx []
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [jejhmoeapkjibkipedchefnpjadoelkb] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha141\ch\WebexpEnhancedV1alpha141.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [jmidajlhibbpeiagegofgeaeohjpfgog] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha51\ch\MediaViewerV1alpha51.crx [2012-11-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-03-02] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 09:25 - 2014-09-02 09:26 - 00020145 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-02 09:24 - 2014-09-02 09:25 - 00000000 ____D () C:\FRST
2014-09-02 09:24 - 2014-09-02 09:24 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-02 09:14 - 2014-09-02 09:14 - 00001182 _____ () C:\Users\Owner\Desktop\MBAM-2014-09-02.txt
2014-08-29 16:56 - 2014-08-29 16:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-08-29 16:40 - 2014-08-29 16:40 - 00000000 ____D () C:\windows\Sun
2014-08-29 16:35 - 2014-08-29 16:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-29 14:14 - 2014-09-02 09:07 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-29 14:14 - 2014-08-29 14:14 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-29 14:14 - 2014-08-29 14:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-29 14:14 - 2014-08-29 14:14 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-29 14:10 - 2014-08-29 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-29 14:10 - 2014-08-29 14:09 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-29 14:10 - 2014-08-29 14:09 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-29 14:10 - 2014-08-29 14:09 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-29 14:10 - 2014-08-29 14:09 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-29 09:33 - 2014-09-02 09:11 - 00003228 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3778843924-91701314-3341541671-1001
2014-08-29 09:32 - 2014-09-02 09:11 - 00003362 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3778843924-91701314-3341541671-1001
2014-08-29 09:21 - 2014-08-29 09:21 - 00000000 __SHD () C:\AI_RecycleBin
2014-08-29 08:53 - 2014-08-29 08:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-29 08:52 - 2014-08-29 08:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Downloads\revosetup.exe
2014-08-29 08:40 - 2014-08-29 08:40 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.exe
2014-08-29 08:35 - 2014-08-29 08:35 - 00000000 ____D () C:\Users\Owner\Downloads\backups
2014-08-29 08:29 - 2014-08-29 08:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2014-08-28 17:48 - 2014-08-28 17:48 - 00024765 _____ () C:\ComboFix.txt
2014-08-28 10:08 - 2014-09-02 08:31 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3778843924-91701314-3341541671-1001
2014-08-28 10:08 - 2014-09-02 08:31 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3778843924-91701314-3341541671-1001
2014-08-28 10:04 - 2014-08-28 10:04 - 00015892 _____ () C:\windows\system32\.crusader
2014-08-28 09:38 - 2014-08-28 10:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-28 09:37 - 2014-08-28 09:38 - 11193392 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro_x64.exe
2014-08-27 15:50 - 2014-08-27 15:51 - 00000000 ____D () C:\NPE
2014-08-27 15:47 - 2014-08-27 16:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
2014-08-27 15:47 - 2014-08-27 15:47 - 03077584 ____N (Symantec Corporation) C:\Users\Owner\Downloads\NPE.exe
2014-08-27 14:11 - 2014-08-27 14:11 - 01364531 _____ () C:\Users\Owner\Downloads\adwcleaner_3.308.exe
2014-08-27 13:45 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 13:45 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-27 13:45 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 13:40 - 2014-08-27 13:40 - 00000000 ____D () C:\windows\ERUNT
2014-08-27 13:39 - 2014-08-27 13:39 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-08-25 14:04 - 2014-08-25 14:04 - 00000000 ____D () C:\windows\Microsoft Antimalware
2014-08-24 17:58 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-24 17:58 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-24 17:58 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-24 17:58 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-24 17:57 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-24 17:57 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-24 17:57 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-24 17:57 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-24 17:57 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-24 17:57 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-24 17:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-24 17:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-24 17:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-24 17:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-22 23:13 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2014-08-22 23:13 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2014-08-22 23:13 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-08-22 23:13 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-08-22 23:13 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-08-22 23:13 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2014-08-22 23:13 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2014-08-22 23:13 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2014-08-22 16:35 - 2014-08-22 16:35 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller (1).exe
2014-08-22 16:34 - 2014-08-28 17:12 - 05574834 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-08-15 03:04 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-15 03:04 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-15 03:04 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-15 03:04 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-15 03:04 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-15 03:04 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 03:03 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:03 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 14:59 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-14 14:59 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-14 14:59 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-14 14:59 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-14 14:59 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-14 14:59 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-14 14:59 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-14 14:59 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-14 14:59 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-14 14:59 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-14 14:59 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-14 14:59 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-14 14:59 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-14 14:59 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-14 14:58 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-14 14:58 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-14 14:58 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-14 14:58 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-14 14:58 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-14 14:58 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-14 14:58 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-14 14:58 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-14 14:58 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-14 14:58 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-14 14:58 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-14 14:58 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-14 14:58 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-14 14:58 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-14 14:58 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-14 14:58 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-14 14:58 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-14 14:58 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-14 14:58 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-14 14:58 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-14 14:58 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-14 14:58 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-14 14:58 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-14 14:58 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 14:58 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-14 14:58 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-14 14:58 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-14 14:58 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-14 14:58 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-14 14:58 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-14 14:58 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-14 14:58 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-14 14:58 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-14 14:58 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-14 14:58 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-14 14:58 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-14 14:58 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 14:58 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-14 14:58 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-14 14:58 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-14 14:58 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-14 14:58 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-14 14:58 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-14 14:58 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-14 14:58 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-14 14:58 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-14 14:58 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-14 14:58 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-14 14:58 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-14 14:58 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-14 14:58 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-14 14:58 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-14 14:58 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-14 14:58 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-14 14:58 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-14 14:58 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-14 14:58 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-14 14:58 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-14 14:58 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-14 14:58 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-14 14:58 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-14 14:58 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-14 14:57 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-14 14:57 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 14:57 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-14 14:57 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-14 14:57 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-14 14:57 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-14 14:57 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-14 14:57 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-07 09:06 - 2014-08-07 09:06 - 00000000 ____D () C:\Users\Owner\Downloads\tdsskiller
2014-08-07 09:02 - 2014-08-07 09:02 - 04161313 _____ () C:\Users\Owner\Downloads\tdsskiller.zip
2014-08-07 08:51 - 2014-08-07 10:35 - 00000000 ____D () C:\ProgramData\UpdateServer
2014-08-06 10:38 - 2014-04-05 08:21 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 09:26 - 2014-09-02 09:25 - 00020145 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-02 09:25 - 2014-09-02 09:24 - 00000000 ____D () C:\FRST
2014-09-02 09:24 - 2014-09-02 09:24 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-02 09:19 - 2014-05-24 19:23 - 00000000 ____D () C:\AdwCleaner
2014-09-02 09:19 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 09:19 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 09:16 - 2011-09-17 10:47 - 02012329 _____ () C:\windows\WindowsUpdate.log
2014-09-02 09:14 - 2014-09-02 09:14 - 00001182 _____ () C:\Users\Owner\Desktop\MBAM-2014-09-02.txt
2014-09-02 09:12 - 2014-05-24 21:06 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 09:11 - 2014-08-29 09:33 - 00003228 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3778843924-91701314-3341541671-1001
2014-09-02 09:11 - 2014-08-29 09:32 - 00003362 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3778843924-91701314-3341541671-1001
2014-09-02 09:10 - 2010-11-20 22:47 - 01281422 _____ () C:\windows\PFRO.log
2014-09-02 09:10 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-02 09:10 - 2009-07-13 23:51 - 00089399 _____ () C:\windows\setupact.log
2014-09-02 09:07 - 2014-08-29 14:14 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 08:31 - 2014-08-28 10:08 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3778843924-91701314-3341541671-1001
2014-09-02 08:31 - 2014-08-28 10:08 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3778843924-91701314-3341541671-1001
2014-08-29 16:56 - 2014-08-29 16:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-08-29 16:40 - 2014-08-29 16:40 - 00000000 ____D () C:\windows\Sun
2014-08-29 16:35 - 2014-08-29 16:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-29 14:14 - 2014-08-29 14:14 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-29 14:14 - 2014-08-29 14:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-29 14:14 - 2014-08-29 14:14 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-29 14:10 - 2014-08-29 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-29 14:09 - 2014-08-29 14:10 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-29 14:09 - 2014-08-29 14:10 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-29 14:09 - 2014-08-29 14:10 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-29 14:09 - 2014-08-29 14:10 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-29 14:09 - 2011-07-21 20:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-29 09:31 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-08-29 09:23 - 2013-05-18 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\Strongvault Online Backup
2014-08-29 09:21 - 2014-08-29 09:21 - 00000000 __SHD () C:\AI_RecycleBin
2014-08-29 09:14 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-29 08:53 - 2014-08-29 08:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-29 08:52 - 2014-08-29 08:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Downloads\revosetup.exe
2014-08-29 08:40 - 2014-08-29 08:40 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.exe
2014-08-29 08:35 - 2014-08-29 08:35 - 00000000 ____D () C:\Users\Owner\Downloads\backups
2014-08-29 08:29 - 2014-08-29 08:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2014-08-28 19:01 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-08-28 17:48 - 2014-08-28 17:48 - 00024765 _____ () C:\ComboFix.txt
2014-08-28 17:48 - 2014-05-24 20:08 - 00000000 ____D () C:\Qoobox
2014-08-28 17:41 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-08-28 17:13 - 2014-06-22 22:49 - 00000258 __RSH () C:\Users\Owner\ntuser.pol
2014-08-28 17:13 - 2014-06-21 22:33 - 00912228 _____ () C:\windows\SysWOW64\helper.dat
2014-08-28 17:13 - 2011-11-11 16:29 - 00000000 ____D () C:\Users\Owner
2014-08-28 17:12 - 2014-08-22 16:34 - 05574834 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-08-28 14:25 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\IME
2014-08-28 10:05 - 2014-08-28 09:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-28 10:04 - 2014-08-28 10:04 - 00015892 _____ () C:\windows\system32\.crusader
2014-08-28 09:38 - 2014-08-28 09:37 - 11193392 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro_x64.exe
2014-08-28 03:19 - 2009-07-13 23:45 - 00267672 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 16:10 - 2014-08-27 15:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
2014-08-27 16:06 - 2014-06-21 20:38 - 00000000 ____D () C:\Program Files\pcmax
2014-08-27 15:51 - 2014-08-27 15:50 - 00000000 ____D () C:\NPE
2014-08-27 15:47 - 2014-08-27 15:47 - 03077584 ____N (Symantec Corporation) C:\Users\Owner\Downloads\NPE.exe
2014-08-27 15:47 - 2011-09-17 11:46 - 00000000 ____D () C:\ProgramData\Norton
2014-08-27 15:45 - 2014-06-21 22:10 - 00000000 ____D () C:\Program Files (x86)\ISTsearch
2014-08-27 14:11 - 2014-08-27 14:11 - 01364531 _____ () C:\Users\Owner\Downloads\adwcleaner_3.308.exe
2014-08-27 13:40 - 2014-08-27 13:40 - 00000000 ____D () C:\windows\ERUNT
2014-08-27 13:39 - 2014-08-27 13:39 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-08-27 13:38 - 2009-07-14 00:13 - 00783226 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-25 14:04 - 2014-08-25 14:04 - 00000000 ____D () C:\windows\Microsoft Antimalware
2014-08-22 21:07 - 2014-08-27 13:45 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-27 13:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-27 13:45 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 16:35 - 2014-08-22 16:35 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller (1).exe
2014-08-22 16:30 - 2014-05-24 20:04 - 00000000 ____D () C:\windows\erdnt
2014-08-22 09:02 - 2011-12-28 20:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-08-15 20:29 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\Offline Web Pages
2014-08-15 08:29 - 2013-06-06 12:59 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-08-15 03:56 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-15 03:23 - 2014-05-25 05:47 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 03:16 - 2012-03-15 16:23 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 03:01 - 2014-05-26 00:46 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-13 15:50 - 2011-07-21 21:00 - 00000000 ____D () C:\windows\en
2014-08-12 08:24 - 2012-05-26 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-08-07 12:28 - 2014-06-21 21:47 - 00000000 ____D () C:\ProgramData\MediaDev
2014-08-07 12:28 - 2009-07-13 23:45 - 00000000 ____D () C:\windows\Setup
2014-08-07 10:35 - 2014-08-07 08:51 - 00000000 ____D () C:\ProgramData\UpdateServer
2014-08-07 10:35 - 2014-06-21 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\3539
2014-08-07 10:35 - 2014-06-21 21:42 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-08-07 09:06 - 2014-08-07 09:06 - 00000000 ____D () C:\Users\Owner\Downloads\tdsskiller
2014-08-07 09:02 - 2014-08-07 09:02 - 04161313 _____ () C:\Users\Owner\Downloads\tdsskiller.zip
2014-08-07 08:33 - 2014-06-21 22:34 - 00008783 _____ () C:\windows\SysWOW64\main.dat
2014-08-07 08:33 - 2014-06-21 22:34 - 00000205 _____ () C:\windows\SysWOW64\user.dat
2014-08-07 08:33 - 2013-06-06 17:32 - 00000000 ____D () C:\Program Files (x86)\SoundFrost
2014-08-07 08:33 - 2011-12-27 16:37 - 00000000 ____D () C:\ProgramData\Origin
2014-08-07 08:26 - 2011-12-27 16:37 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-06 21:06 - 2014-08-14 14:57 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-14 14:57 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-06 10:47 - 2012-05-20 11:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-06 10:47 - 2012-05-20 11:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-06 10:47 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\TAPI
2014-08-06 03:06 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-06 03:05 - 2012-05-20 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-05 15:45 - 2014-02-25 20:58 - 00883045 _____ () C:\Users\Owner\AppData\Local\viewer.txt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-07 04:25
==================== End Of Log ============================