Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Infectious


  • This topic is locked This topic is locked
18 replies to this topic

#1 melegy

melegy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 05 September 2014 - 01:40 PM

Hello, I have weird behaviors on my laptop. Sometimes it shuts down without any warning or notifications and the battery is fully charged, and some other things. The report generated by FRST.txt is pasted below and Addition.txt is attached. Does the report shows any possibility of infliction and does a spyware could be hidden and undiscovered. Note that there a strong indications that it's not hardware, and there is a spyware.

 

 

 

==================================================================================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Owner (administrator) on OWNER-PC on 05-09-2014 14:17:58
Running from C:\Users\Owner\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Oracle Corporation) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
() C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
(http://subversion.apache.org/) C:\Program Files\SlikSvn\bin\svnserve.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Spigot, Inc.) C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Dev\eclipse\eclipse\eclipse.exe
(Oracle Corporation) C:\Windows\System32\javaw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1597376 2014-09-04] (Bitdefender)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [WinSat] => winsat dwm -xml results.xml
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-774939801-2067208826-1440467235-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-774939801-2067208826-1440467235-1001\...\Run: [uTorrent] => C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-31] (BitTorrent Inc.)
HKU\S-1-5-21-774939801-2067208826-1440467235-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-774939801-2067208826-1440467235-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [815088 2014-09-04] (Bitdefender)
HKU\S-1-5-21-774939801-2067208826-1440467235-1001\...\Run: [SearchProtection] => C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE [878440 2014-07-31] (Spigot, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA0328FEBDAAACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,ar-EG;q=0.5,ar;q=0.3
SearchScopes: HKCU - DefaultScope {62E4549E-1B42-4C0F-85F0-FDBB3997CC5F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {62E4549E-1B42-4C0F-85F0-FDBB3997CC5F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.5 68.10.16.30 68.100.16.30
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-07-29]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-29]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> EE90332918D361E816D341DF89D5C8A6FB82766037541C8754106361848DF4B3
CHR DefaultSearchKeyword: Default -> E1283B032A4F5D1F2C26DF2371A5F5D6F6B4A4C2250D4D5D1B1B10052C1BD4AB
CHR DefaultSearchURL: Default -> 6F54BF00285AADEAF366ADB9C68F560D11C107B725F18FA008CD2FEBDAC97380
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-04-02]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (Bitdefender Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-07-30]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-19]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [77632 2014-08-25] (Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-04-27] (Microsoft Corporation)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] () [File not signed]
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation) [File not signed]
R2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] () [File not signed]
R2 OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-02] () [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 svnserve; C:\Program Files\SlikSvn\bin\svnserve.exe [201728 2014-05-08] (http://subversion.apache.org/) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-09-04] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1518560 2014-09-04] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-25] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2013-07-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-25] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-11-19] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-25] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 19:19 - 2014-09-04 19:19 - 00000728 _____ () C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2014-09-04 19:19 - 2014-09-04 19:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-04 19:19 - 2014-09-04 19:19 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-04 19:14 - 2014-09-04 19:16 - 00000000 ____D () C:\Users\Owner\Documents\Driver
2014-09-04 19:01 - 2014-09-04 19:02 - 167371160 _____ () C:\Users\Owner\Downloads\VGA_Intel_Win81_64_VER101810330802.zip
2014-09-04 12:11 - 2014-09-04 14:54 - 00031922 _____ () C:\Users\Owner\Downloads\Shortcut.txt
2014-09-04 12:10 - 2014-09-04 14:54 - 00026816 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-04 12:08 - 2014-09-05 14:18 - 00000000 ____D () C:\FRST
2014-09-04 12:08 - 2014-09-05 14:17 - 00017867 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-04 12:07 - 2014-09-04 12:07 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-04 10:47 - 2014-09-04 10:51 - 01294800 _____ (Bitdefender S.R.L) C:\Users\Owner\Downloads\BDSysLog_i.exe
2014-09-04 10:28 - 2014-09-04 10:28 - 00688992 _____ (Swearware) C:\Users\Owner\Downloads\dds.com
2014-09-02 10:22 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-02 10:22 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-09-02 10:22 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-09-02 00:12 - 2014-09-02 00:12 - 00293376 _____ () C:\Users\Owner\Downloads\J2EE.ppt
2014-09-02 00:10 - 2014-09-02 00:10 - 00692736 _____ () C:\Users\Owner\Downloads\J2EE-Overview.ppt
2014-09-02 00:07 - 2014-09-02 00:07 - 01959424 _____ () C:\Users\Owner\Downloads\Lec06-J2EE.ppt
2014-08-30 02:43 - 2014-08-30 02:48 - 00001449 _____ () C:\WINDOWS\system32\bdsandbox.txt
2014-08-26 20:48 - 2014-08-01 20:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-26 20:48 - 2014-08-01 20:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-26 14:08 - 2014-08-26 10:25 - 00075429 ____H () C:\Users\Owner\Documents\~WRL0003.tmp
2014-08-26 10:37 - 2014-08-26 10:37 - 00074752 _____ () C:\Users\Owner\Downloads\MySQLOracle.ppt
2014-08-26 01:26 - 2014-08-26 01:27 - 00000000 ____D () C:\Users\Owner\Documents\TCP
2014-08-26 01:25 - 2014-08-26 01:26 - 00000000 ____D () C:\Users\Owner\Documents\logos
2014-08-25 15:27 - 2014-08-25 15:27 - 00009320 _____ () C:\Users\Owner\Documents\Skills.xlsx
2014-08-25 11:04 - 2014-08-25 11:04 - 00006174 _____ () C:\Users\Owner\Documents\New Microsoft Excel Worksheet.xlsx
2014-08-24 20:43 - 2014-08-24 20:43 - 00008949 _____ () C:\Users\Owner\Documents\Snippets.java
2014-08-22 16:29 - 2014-08-22 16:29 - 00524800 _____ () C:\Users\Owner\Downloads\11_ Instruction Sets addressing modes .ppt
2014-08-20 20:53 - 2014-09-01 20:35 - 00000098 _____ () C:\Users\Owner\Documents\notes.txt
2014-08-15 18:40 - 2014-08-15 18:40 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-08-15 13:59 - 2014-08-15 13:59 - 00695808 _____ () C:\Users\Owner\Downloads\simutools08-keynote-final.ppt
2014-08-15 13:59 - 2014-08-15 13:59 - 00695808 _____ () C:\Users\Owner\Downloads\simutools08-keynote-final (1).ppt
2014-08-14 18:03 - 2014-08-14 18:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-08-14 18:02 - 2014-08-15 18:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-14 18:02 - 2014-08-15 18:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-14 18:00 - 2014-08-14 18:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2014-08-13 21:03 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-13 20:26 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-13 20:26 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-13 20:26 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-13 20:26 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-13 20:26 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-13 20:26 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-13 20:26 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-13 20:26 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-13 20:26 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-13 20:26 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-13 20:26 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-13 20:26 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-13 20:26 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-13 20:26 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-13 20:26 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-13 20:26 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-13 20:26 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-13 20:26 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-13 20:26 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-13 20:26 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-13 20:26 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-13 20:26 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-13 20:26 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-13 20:26 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-13 20:25 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-13 20:25 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-13 20:25 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-13 20:25 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-13 20:25 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-13 20:25 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-13 20:25 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 20:25 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-13 20:25 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-13 20:25 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-13 20:25 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-13 20:23 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-13 20:23 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-13 20:23 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-13 20:23 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-13 20:23 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-13 20:11 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-13 20:11 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-13 20:11 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-13 20:11 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-13 20:11 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-13 20:11 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-13 20:11 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-13 20:11 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-13 20:11 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-13 20:11 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-13 20:11 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-13 20:11 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-13 20:11 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-13 20:11 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-13 20:11 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-13 20:11 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-13 20:11 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-13 20:11 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-13 20:11 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-13 20:11 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-13 20:11 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-13 20:11 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-13 20:11 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-13 20:11 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-13 20:11 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-13 20:11 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-13 20:11 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-13 20:11 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-13 20:11 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-13 20:11 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-13 20:11 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-13 20:11 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-13 20:11 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-13 20:11 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-13 20:11 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-13 20:11 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-13 20:11 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-13 20:11 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-13 20:11 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-13 20:11 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-13 20:11 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-13 20:10 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-13 20:10 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-13 20:10 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-13 20:10 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-13 20:10 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-13 20:10 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-13 20:10 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-13 20:10 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-13 20:10 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-13 20:10 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-13 20:10 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-13 20:10 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-13 20:10 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-13 20:10 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-13 20:10 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-13 20:10 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-13 20:10 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-13 20:10 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-13 20:10 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-13 20:10 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-13 20:10 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-13 20:10 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-13 20:10 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-13 20:10 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-13 20:10 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-13 20:10 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-13 20:10 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-13 20:10 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-13 20:10 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-13 20:10 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-13 20:10 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-13 20:10 - 2014-05-02 19:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-13 20:10 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-13 20:10 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-13 20:10 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-13 20:10 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-13 20:10 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-13 20:10 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-13 20:10 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-13 20:10 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-13 18:22 - 2014-08-24 00:18 - 00000409 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-08-12 14:15 - 2014-08-24 20:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Notepad++
2014-08-12 14:15 - 2014-08-12 14:16 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-12 14:15 - 2014-08-12 14:15 - 00001065 _____ () C:\Users\Owner\Desktop\Notepad++.lnk
2014-08-12 14:15 - 2014-08-12 14:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-12 14:15 - 2014-08-12 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-12 13:42 - 2014-08-12 13:52 - 07920175 _____ () C:\Users\Owner\Downloads\npp.6.6.8.Installer.exe
2014-08-12 13:40 - 2014-08-12 13:40 - 00004060 _____ () C:\Users\Owner\Downloads\source.zip
2014-08-10 12:30 - 2014-08-10 12:30 - 00332800 _____ () C:\Users\Owner\Downloads\lecture16.ppt
2014-08-10 11:46 - 2014-08-10 11:46 - 00000250 _____ () C:\Users\Owner\Downloads\copy_kernel.sh
2014-08-08 14:49 - 2014-08-08 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subversion
2014-08-08 14:49 - 2014-08-08 14:49 - 00000000 ____D () C:\Program Files\SlikSvn
2014-08-07 06:18 - 2014-09-04 16:24 - 00000000 ____D () C:\Users\Owner\Documents\Books
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-05 14:18 - 2014-09-04 12:08 - 00017867 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-05 14:18 - 2014-09-04 12:08 - 00000000 ____D () C:\FRST
2014-09-05 14:15 - 2014-05-16 16:22 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{774D12ED-3693-41FB-9647-2385D4606D59}
2014-09-05 14:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-05 13:49 - 2014-03-19 22:10 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-05 13:33 - 2014-05-08 23:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-05 13:32 - 2014-08-05 23:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Eclipse
2014-09-05 09:47 - 2014-04-26 22:44 - 01663447 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-05 09:28 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-04 19:20 - 2013-08-22 10:46 - 00301949 _____ () C:\WINDOWS\setupact.log
2014-09-04 19:19 - 2014-09-04 19:19 - 00000728 _____ () C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2014-09-04 19:19 - 2014-09-04 19:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-04 19:19 - 2014-09-04 19:19 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-04 19:19 - 2014-04-26 22:27 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-04 19:18 - 2014-02-26 20:11 - 00000000 ____D () C:\Intel
2014-09-04 19:16 - 2014-09-04 19:14 - 00000000 ____D () C:\Users\Owner\Documents\Driver
2014-09-04 19:15 - 2013-09-23 11:32 - 00449528 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2014-09-04 19:02 - 2014-09-04 19:01 - 167371160 _____ () C:\Users\Owner\Downloads\VGA_Intel_Win81_64_VER101810330802.zip
2014-09-04 16:24 - 2014-08-07 06:18 - 00000000 ____D () C:\Users\Owner\Documents\Books
2014-09-04 14:54 - 2014-09-04 12:11 - 00031922 _____ () C:\Users\Owner\Downloads\Shortcut.txt
2014-09-04 14:54 - 2014-09-04 12:10 - 00026816 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-04 13:07 - 2014-04-02 22:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-09-04 13:05 - 2014-07-23 23:34 - 00000000 ____D () C:\Users\Owner\Downloads\Muppets Most Wanted (2014)
2014-09-04 12:15 - 2014-02-26 20:33 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-774939801-2067208826-1440467235-1001
2014-09-04 12:07 - 2014-09-04 12:07 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-04 11:36 - 2014-06-21 16:05 - 00000000 ____D () C:\Users\Owner\Tracing
2014-09-04 11:36 - 2014-03-19 22:11 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-04 11:36 - 2014-03-19 22:10 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 11:32 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-04 11:31 - 2013-08-22 10:44 - 00481880 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-04 11:29 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-04 11:28 - 2014-04-26 22:35 - 00000000 ____D () C:\Users\Owner
2014-09-04 11:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-04 10:51 - 2014-09-04 10:47 - 01294800 _____ (Bitdefender S.R.L) C:\Users\Owner\Downloads\BDSysLog_i.exe
2014-09-04 10:28 - 2014-09-04 10:28 - 00688992 _____ (Swearware) C:\Users\Owner\Downloads\dds.com
2014-09-04 10:12 - 2014-03-18 06:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-02 10:27 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-02 09:57 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-02 09:52 - 2014-03-18 05:54 - 00015872 _____ () C:\WINDOWS\PFRO.log
2014-09-02 00:12 - 2014-09-02 00:12 - 00293376 _____ () C:\Users\Owner\Downloads\J2EE.ppt
2014-09-02 00:12 - 2014-02-26 19:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-09-02 00:10 - 2014-09-02 00:10 - 00692736 _____ () C:\Users\Owner\Downloads\J2EE-Overview.ppt
2014-09-02 00:07 - 2014-09-02 00:07 - 01959424 _____ () C:\Users\Owner\Downloads\Lec06-J2EE.ppt
2014-09-01 20:35 - 2014-08-20 20:53 - 00000098 _____ () C:\Users\Owner\Documents\notes.txt
2014-09-01 00:14 - 2014-08-05 23:24 - 00000000 ____D () C:\Users\Owner\Documents\Files
2014-08-30 02:48 - 2014-08-30 02:43 - 00001449 _____ () C:\WINDOWS\system32\bdsandbox.txt
2014-08-26 22:06 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-26 20:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-26 20:41 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-26 20:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-26 20:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-26 20:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-26 10:37 - 2014-08-26 10:37 - 00074752 _____ () C:\Users\Owner\Downloads\MySQLOracle.ppt
2014-08-26 10:25 - 2014-08-26 14:08 - 00075429 ____H () C:\Users\Owner\Documents\~WRL0003.tmp
2014-08-26 01:27 - 2014-08-26 01:26 - 00000000 ____D () C:\Users\Owner\Documents\TCP
2014-08-26 01:26 - 2014-08-26 01:25 - 00000000 ____D () C:\Users\Owner\Documents\logos
2014-08-25 18:16 - 2014-02-26 21:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-25 18:10 - 2014-02-26 21:27 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-25 15:27 - 2014-08-25 15:27 - 00009320 _____ () C:\Users\Owner\Documents\Skills.xlsx
2014-08-25 12:22 - 2014-07-29 00:15 - 01260120 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2014-08-25 12:22 - 2014-07-29 00:15 - 00647752 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2014-08-25 12:18 - 2014-07-29 00:07 - 00419616 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2014-08-25 11:42 - 2014-08-05 23:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-08-25 11:04 - 2014-08-25 11:04 - 00006174 _____ () C:\Users\Owner\Documents\New Microsoft Excel Worksheet.xlsx
2014-08-24 20:43 - 2014-08-24 20:43 - 00008949 _____ () C:\Users\Owner\Documents\Snippets.java
2014-08-24 20:08 - 2014-08-12 14:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Notepad++
2014-08-24 00:29 - 2014-04-28 03:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-24 00:21 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-24 00:18 - 2014-08-13 18:22 - 00000409 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-08-22 20:42 - 2014-09-02 10:22 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 16:29 - 2014-08-22 16:29 - 00524800 _____ () C:\Users\Owner\Downloads\11_ Instruction Sets addressing modes .ppt
2014-08-15 18:41 - 2014-08-14 18:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-15 18:40 - 2014-08-15 18:40 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-08-15 18:40 - 2014-08-14 18:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-15 13:59 - 2014-08-15 13:59 - 00695808 _____ () C:\Users\Owner\Downloads\simutools08-keynote-final.ppt
2014-08-15 13:59 - 2014-08-15 13:59 - 00695808 _____ () C:\Users\Owner\Downloads\simutools08-keynote-final (1).ppt
2014-08-14 18:03 - 2014-08-14 18:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-08-14 18:01 - 2014-08-14 18:00 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2014-08-13 20:06 - 2014-03-18 06:13 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-13 19:41 - 2014-03-18 06:13 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-13 19:41 - 2014-03-18 06:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-13 19:41 - 2014-03-18 06:13 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-13 19:41 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-13 19:41 - 2013-08-22 07:44 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-13 19:41 - 2013-08-22 07:22 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-13 19:41 - 2013-08-22 07:21 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-13 19:41 - 2013-08-22 07:10 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-13 19:41 - 2013-08-22 07:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-13 19:41 - 2013-08-22 06:32 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-13 19:41 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-13 19:41 - 2013-08-21 23:55 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-13 19:41 - 2013-08-21 23:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-13 19:41 - 2013-08-21 23:45 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-13 19:41 - 2013-08-21 23:40 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-13 19:41 - 2013-08-21 23:16 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-13 19:38 - 2014-06-11 15:57 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-12 14:16 - 2014-08-12 14:15 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-12 14:15 - 2014-08-12 14:15 - 00001065 _____ () C:\Users\Owner\Desktop\Notepad++.lnk
2014-08-12 14:15 - 2014-08-12 14:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-12 14:15 - 2014-08-12 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-12 13:52 - 2014-08-12 13:42 - 07920175 _____ () C:\Users\Owner\Downloads\npp.6.6.8.Installer.exe
2014-08-12 13:40 - 2014-08-12 13:40 - 00004060 _____ () C:\Users\Owner\Downloads\source.zip
2014-08-10 12:30 - 2014-08-10 12:30 - 00332800 _____ () C:\Users\Owner\Downloads\lecture16.ppt
2014-08-10 11:46 - 2014-08-10 11:46 - 00000250 _____ () C:\Users\Owner\Downloads\copy_kernel.sh
2014-08-08 14:51 - 2014-08-05 22:43 - 00000000 ____D () C:\Dev
2014-08-08 14:49 - 2014-08-08 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subversion
2014-08-08 14:49 - 2014-08-08 14:49 - 00000000 ____D () C:\Program Files\SlikSvn
2014-08-06 22:12 - 2014-09-02 10:22 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-04 23:31
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 AM

Posted 06 September 2014 - 06:49 AM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello :)

I've researched your log and found a known adware/malware program called Search Protection which we will deal with at this time. We'll also run some scans to look for anything deeper on the machine.

We'll give your machine a good looking over and clear it of any malware. If the problems you described persist, then we'll get some of our hardware techs to take a look. :thumbsup2:

Note: Please move FRST64.exe from here: C:\Users\Owner\Downloads to your Desktop or the fix will not work.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls and P2P Warning


Please uninstall the following programs from your machine as Search Protection is an adware/malware program, and Akamai Net Session uses pseudo P2P technology and gives little regard to the security of your machine.
  • Search Protection
  • Akamai Net Session
The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
(Spigot, Inc.) C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Users\Owner\AppData\Roaming\Search Protection
HKU\S-1-5-21-774939801-2067208826-1440467235-1001\...\Run: [SearchProtection] => C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE [878440 2014-07-31] (Spigot, Inc.)
C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Note: Please post each log as a separate reply to me in this thread. It makes them so much easier to analyze. :)

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 melegy

melegy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 06 September 2014 - 03:32 PM

Hello Pystryker,

 

Thanks for helping, the reason for searching my laptop for a spyware is that I have someone sharing my network and he is able to know what on my laptop and what I'm doing.



#4 melegy

melegy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 06 September 2014 - 03:34 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Owner at 2014-09-06 14:56:43 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
(Spigot, Inc.) C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Users\Owner\AppData\Roaming\Search Protection
HKU\S-1-5-21-774939801-2067208826-1440467235-1001\...\Run: [SearchProtection] => C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE [878440 2014-07-31] (Spigot, Inc.)
C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End
*****************
 
C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe => No running process found
"C:\Users\Owner\AppData\Roaming\Search Protection" => File/Directory not found.
HKU\S-1-5-21-774939801-2067208826-1440467235-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value not found.
C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 1.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#5 melegy

melegy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 06 September 2014 - 03:36 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Owner on Sat 09/06/2014 at 15:27:06.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/06/2014 at 15:35:50.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.309 - Report created 06/09/2014 at 16:19:55
# Updated 02/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1173 octets] - [06/09/2014 16:18:24]
AdwCleaner[S0].txt - [1040 octets] - [06/09/2014 16:19:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1100 octets] ##########


#6 melegy

melegy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 06 September 2014 - 03:38 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Owner (administrator) on OWNER-PC on 06-09-2014 16:26:04
Running from C:\Users\Owner\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Oracle Corporation) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
() C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
(http://subversion.apache.org/) C:\Program Files\SlikSvn\bin\svnserve.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\ByteCodeGenerator.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1597376 2014-09-04] (Bitdefender)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-774939801-2067208826-1440467235-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-774939801-2067208826-1440467235-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [815088 2014-09-04] (Bitdefender)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA0328FEBDAAACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,ar-EG;q=0.5,ar;q=0.3
SearchScopes: HKCU - {62E4549E-1B42-4C0F-85F0-FDBB3997CC5F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-07-29]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-29]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> E1283B032A4F5D1F2C26DF2371A5F5D6F6B4A4C2250D4D5D1B1B10052C1BD4AB
CHR DefaultSearchURL: Default -> 6F54BF00285AADEAF366ADB9C68F560D11C107B725F18FA008CD2FEBDAC97380
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-04-02]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (Bitdefender Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-07-30]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-19]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [77632 2014-08-25] (Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-04-27] (Microsoft Corporation)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] () [File not signed]
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation) [File not signed]
R2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] () [File not signed]
R2 OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-02] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 svnserve; C:\Program Files\SlikSvn\bin\svnserve.exe [201728 2014-05-08] (http://subversion.apache.org/) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-09-04] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1518560 2014-09-04] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-25] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2013-07-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-25] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-11-19] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-25] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 16:26 - 2014-09-06 16:26 - 00015736 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-06 16:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-09-06 16:17 - 2014-09-06 16:20 - 00000000 ____D () C:\AdwCleaner
2014-09-06 16:13 - 2014-09-06 16:13 - 01370467 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-06 16:10 - 2014-09-06 16:10 - 01370467 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-09-06 16:08 - 2014-09-06 16:08 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-09-06 15:35 - 2014-09-06 15:35 - 00000622 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-06 15:27 - 2014-09-06 15:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-06 15:21 - 2014-09-06 15:21 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-06 15:03 - 2014-09-06 15:03 - 00000000 ____D () C:\Users\Owner\Desktop\fixlog
2014-09-06 15:00 - 2014-09-06 15:00 - 00015868 _____ () C:\WINDOWS\system32\results.xml
2014-09-06 14:56 - 2014-09-06 14:56 - 00000218 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2014-09-06 13:34 - 2014-09-06 13:34 - 02007668 _____ () C:\Users\Owner\Documents\log.pcapng
2014-09-06 12:47 - 2014-09-06 12:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\gtk-2.0
2014-09-06 03:22 - 2014-09-06 03:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Wireshark
2014-09-06 03:19 - 2014-09-06 03:19 - 00001842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-09-06 03:19 - 2014-09-06 03:19 - 00001555 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-09-06 03:19 - 2014-09-06 03:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-06 03:19 - 2014-09-06 03:19 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-06 03:18 - 2014-09-06 03:20 - 00000000 ____D () C:\Program Files\Wireshark
2014-09-06 03:17 - 2014-09-06 03:18 - 35531552 _____ (Wireshark development team) C:\Users\Owner\Downloads\Wireshark-win64-1.12.0.exe
2014-09-06 01:30 - 2014-09-06 01:32 - 97488960 _____ (Oracle Corporation.) C:\Users\Owner\Downloads\java_ee_sdk-7-windows.exe
2014-09-04 19:19 - 2014-09-04 19:19 - 00000728 _____ () C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2014-09-04 19:19 - 2014-09-04 19:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-04 19:19 - 2014-09-04 19:19 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-09-04 19:14 - 2014-09-04 19:16 - 00000000 ____D () C:\Users\Owner\Documents\Driver
2014-09-04 19:01 - 2014-09-04 19:02 - 167371160 _____ () C:\Users\Owner\Downloads\VGA_Intel_Win81_64_VER101810330802.zip
2014-09-04 12:11 - 2014-09-04 14:54 - 00031922 _____ () C:\Users\Owner\Downloads\Shortcut.txt
2014-09-04 12:10 - 2014-09-05 14:38 - 00024696 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-04 12:08 - 2014-09-06 16:26 - 00000000 ____D () C:\FRST
2014-09-04 12:08 - 2014-09-05 14:19 - 00048704 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-04 12:07 - 2014-09-04 12:07 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-04 10:47 - 2014-09-04 10:51 - 01294800 _____ (Bitdefender S.R.L) C:\Users\Owner\Downloads\BDSysLog_i.exe
2014-09-04 10:28 - 2014-09-04 10:28 - 00688992 _____ (Swearware) C:\Users\Owner\Downloads\dds.com
2014-09-02 10:22 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-02 10:22 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-09-02 10:22 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-09-02 00:12 - 2014-09-02 00:12 - 00293376 _____ () C:\Users\Owner\Downloads\J2EE.ppt
2014-09-02 00:10 - 2014-09-02 00:10 - 00692736 _____ () C:\Users\Owner\Downloads\J2EE-Overview.ppt
2014-09-02 00:07 - 2014-09-02 00:07 - 01959424 _____ () C:\Users\Owner\Downloads\Lec06-J2EE.ppt
2014-08-30 02:43 - 2014-08-30 02:48 - 00001449 _____ () C:\WINDOWS\system32\bdsandbox.txt
2014-08-26 20:48 - 2014-08-01 20:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-26 20:48 - 2014-08-01 20:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-26 14:08 - 2014-08-26 10:25 - 00075429 ____H () C:\Users\Owner\Documents\~WRL0003.tmp
2014-08-26 10:37 - 2014-08-26 10:37 - 00074752 _____ () C:\Users\Owner\Downloads\MySQLOracle.ppt
2014-08-26 01:26 - 2014-08-26 01:27 - 00000000 ____D () C:\Users\Owner\Documents\TCP
2014-08-26 01:25 - 2014-08-26 01:26 - 00000000 ____D () C:\Users\Owner\Documents\logos
2014-08-25 15:27 - 2014-08-25 15:27 - 00009320 _____ () C:\Users\Owner\Documents\Skills.xlsx
2014-08-25 11:04 - 2014-08-25 11:04 - 00006174 _____ () C:\Users\Owner\Documents\New Microsoft Excel Worksheet.xlsx
2014-08-24 20:43 - 2014-08-24 20:43 - 00008949 _____ () C:\Users\Owner\Documents\Snippets.java
2014-08-22 16:29 - 2014-08-22 16:29 - 00524800 _____ () C:\Users\Owner\Downloads\11_ Instruction Sets addressing modes .ppt
2014-08-20 20:53 - 2014-09-01 20:35 - 00000098 _____ () C:\Users\Owner\Documents\notes.txt
2014-08-15 18:40 - 2014-08-15 18:40 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-08-15 13:59 - 2014-08-15 13:59 - 00695808 _____ () C:\Users\Owner\Downloads\simutools08-keynote-final.ppt
2014-08-15 13:59 - 2014-08-15 13:59 - 00695808 _____ () C:\Users\Owner\Downloads\simutools08-keynote-final (1).ppt
2014-08-14 18:03 - 2014-08-14 18:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-08-14 18:02 - 2014-08-15 18:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-14 18:02 - 2014-08-15 18:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-14 18:00 - 2014-08-14 18:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2014-08-13 21:03 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-13 20:26 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-13 20:26 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-13 20:26 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-13 20:26 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-13 20:26 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-13 20:26 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-13 20:26 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-13 20:26 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-13 20:26 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-13 20:26 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-13 20:26 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-13 20:26 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-13 20:26 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-13 20:26 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-13 20:26 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-13 20:26 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-13 20:26 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-13 20:26 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-13 20:26 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-13 20:26 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-13 20:26 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-13 20:26 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-13 20:26 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-13 20:26 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-13 20:25 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-13 20:25 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-13 20:25 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-13 20:25 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-13 20:25 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-13 20:25 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-13 20:25 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 20:25 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-13 20:25 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-13 20:25 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-13 20:25 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-13 20:23 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-13 20:23 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-13 20:23 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-13 20:23 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-13 20:23 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-13 20:11 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-13 20:11 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-13 20:11 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-13 20:11 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-13 20:11 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-13 20:11 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-13 20:11 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-13 20:11 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-13 20:11 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-13 20:11 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-13 20:11 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-13 20:11 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-13 20:11 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-13 20:11 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-13 20:11 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-13 20:11 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-13 20:11 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-13 20:11 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-13 20:11 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-13 20:11 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-13 20:11 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-13 20:11 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-13 20:11 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-13 20:11 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-13 20:11 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-13 20:11 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-13 20:11 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-13 20:11 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-13 20:11 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-13 20:11 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-13 20:11 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-13 20:11 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-13 20:11 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-13 20:11 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-13 20:11 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-13 20:11 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-13 20:11 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-13 20:11 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-13 20:11 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-13 20:11 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-13 20:11 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-13 20:10 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-13 20:10 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-13 20:10 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-13 20:10 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-13 20:10 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-13 20:10 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-13 20:10 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-13 20:10 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-13 20:10 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-13 20:10 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-13 20:10 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-13 20:10 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-13 20:10 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-13 20:10 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-13 20:10 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-13 20:10 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-13 20:10 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-13 20:10 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-13 20:10 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-13 20:10 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-13 20:10 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-13 20:10 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-13 20:10 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-13 20:10 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-13 20:10 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-13 20:10 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-13 20:10 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-13 20:10 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-13 20:10 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-13 20:10 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-13 20:10 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-13 20:10 - 2014-05-02 19:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-13 20:10 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-13 20:10 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-13 20:10 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-13 20:10 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-13 20:10 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-13 20:10 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-13 20:10 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-13 20:10 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-13 18:22 - 2014-08-24 00:18 - 00000409 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-08-12 14:15 - 2014-08-24 20:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Notepad++
2014-08-12 14:15 - 2014-08-12 14:16 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-12 14:15 - 2014-08-12 14:15 - 00001065 _____ () C:\Users\Owner\Desktop\Notepad++.lnk
2014-08-12 14:15 - 2014-08-12 14:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-12 14:15 - 2014-08-12 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-12 13:42 - 2014-08-12 13:52 - 07920175 _____ () C:\Users\Owner\Downloads\npp.6.6.8.Installer.exe
2014-08-12 13:40 - 2014-08-12 13:40 - 00004060 _____ () C:\Users\Owner\Downloads\source.zip
2014-08-10 12:30 - 2014-08-10 12:30 - 00332800 _____ () C:\Users\Owner\Downloads\lecture16.ppt
2014-08-10 11:46 - 2014-08-10 11:46 - 00000250 _____ () C:\Users\Owner\Downloads\copy_kernel.sh
2014-08-08 14:49 - 2014-08-08 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subversion
2014-08-08 14:49 - 2014-08-08 14:49 - 00000000 ____D () C:\Program Files\SlikSvn
2014-08-07 06:18 - 2014-09-06 00:48 - 00000000 ____D () C:\Users\Owner\Documents\Books
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 16:26 - 2014-09-06 16:26 - 00015736 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-06 16:26 - 2014-09-04 12:08 - 00000000 ____D () C:\FRST
2014-09-06 16:23 - 2014-03-19 22:11 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-06 16:23 - 2014-03-19 22:10 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 16:22 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-06 16:21 - 2014-04-26 22:44 - 01958074 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-06 16:21 - 2014-03-18 05:54 - 00017062 _____ () C:\WINDOWS\PFRO.log
2014-09-06 16:21 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-06 16:20 - 2014-09-06 16:17 - 00000000 ____D () C:\AdwCleaner
2014-09-06 16:13 - 2014-09-06 16:13 - 01370467 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-06 16:10 - 2014-09-06 16:10 - 01370467 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-09-06 16:08 - 2014-09-06 16:08 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-09-06 16:08 - 2014-05-16 16:22 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{774D12ED-3693-41FB-9647-2385D4606D59}
2014-09-06 16:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-06 15:49 - 2014-03-19 22:10 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 15:36 - 2014-02-26 20:33 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-774939801-2067208826-1440467235-1001
2014-09-06 15:35 - 2014-09-06 15:35 - 00000622 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-06 15:33 - 2014-05-08 23:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-06 15:27 - 2014-09-06 15:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-06 15:21 - 2014-09-06 15:21 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-06 15:03 - 2014-09-06 15:03 - 00000000 ____D () C:\Users\Owner\Desktop\fixlog
2014-09-06 15:01 - 2014-06-21 16:05 - 00000000 ____D () C:\Users\Owner\Tracing
2014-09-06 15:00 - 2014-09-06 15:00 - 00015868 _____ () C:\WINDOWS\system32\results.xml
2014-09-06 14:56 - 2014-09-06 14:56 - 00000218 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2014-09-06 13:34 - 2014-09-06 13:34 - 02007668 _____ () C:\Users\Owner\Documents\log.pcapng
2014-09-06 12:47 - 2014-09-06 12:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\gtk-2.0
2014-09-06 03:22 - 2014-09-06 03:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Wireshark
2014-09-06 03:20 - 2014-09-06 03:18 - 00000000 ____D () C:\Program Files\Wireshark
2014-09-06 03:19 - 2014-09-06 03:19 - 00001842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-09-06 03:19 - 2014-09-06 03:19 - 00001555 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-09-06 03:19 - 2014-09-06 03:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-06 03:19 - 2014-09-06 03:19 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-06 03:18 - 2014-09-06 03:17 - 35531552 _____ (Wireshark development team) C:\Users\Owner\Downloads\Wireshark-win64-1.12.0.exe
2014-09-06 01:32 - 2014-09-06 01:30 - 97488960 _____ (Oracle Corporation.) C:\Users\Owner\Downloads\java_ee_sdk-7-windows.exe
2014-09-06 00:48 - 2014-08-07 06:18 - 00000000 ____D () C:\Users\Owner\Documents\Books
2014-09-05 16:21 - 2014-03-18 06:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-05 14:38 - 2014-09-04 12:10 - 00024696 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-05 14:19 - 2014-09-04 12:08 - 00048704 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-05 13:32 - 2014-08-05 23:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Eclipse
2014-09-05 09:28 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-04 19:20 - 2013-08-22 10:46 - 00301949 _____ () C:\WINDOWS\setupact.log
2014-09-04 19:19 - 2014-09-04 19:19 - 00000728 _____ () C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2014-09-04 19:19 - 2014-09-04 19:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-04 19:19 - 2014-09-04 19:19 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-09-04 19:19 - 2014-04-26 22:27 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-04 19:18 - 2014-02-26 20:11 - 00000000 ____D () C:\Intel
2014-09-04 19:16 - 2014-09-04 19:14 - 00000000 ____D () C:\Users\Owner\Documents\Driver
2014-09-04 19:15 - 2013-09-23 11:32 - 00449528 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2014-09-04 19:02 - 2014-09-04 19:01 - 167371160 _____ () C:\Users\Owner\Downloads\VGA_Intel_Win81_64_VER101810330802.zip
2014-09-04 14:54 - 2014-09-04 12:11 - 00031922 _____ () C:\Users\Owner\Downloads\Shortcut.txt
2014-09-04 13:05 - 2014-07-23 23:34 - 00000000 ____D () C:\Users\Owner\Downloads\Muppets Most Wanted (2014)
2014-09-04 12:07 - 2014-09-04 12:07 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-04 11:31 - 2013-08-22 10:44 - 00481880 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-04 11:28 - 2014-04-26 22:35 - 00000000 ____D () C:\Users\Owner
2014-09-04 11:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-04 10:51 - 2014-09-04 10:47 - 01294800 _____ (Bitdefender S.R.L) C:\Users\Owner\Downloads\BDSysLog_i.exe
2014-09-04 10:28 - 2014-09-04 10:28 - 00688992 _____ (Swearware) C:\Users\Owner\Downloads\dds.com
2014-09-02 10:27 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-02 09:57 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-02 00:12 - 2014-09-02 00:12 - 00293376 _____ () C:\Users\Owner\Downloads\J2EE.ppt
2014-09-02 00:12 - 2014-02-26 19:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-09-02 00:10 - 2014-09-02 00:10 - 00692736 _____ () C:\Users\Owner\Downloads\J2EE-Overview.ppt
2014-09-02 00:07 - 2014-09-02 00:07 - 01959424 _____ () C:\Users\Owner\Downloads\Lec06-J2EE.ppt
2014-09-01 20:35 - 2014-08-20 20:53 - 00000098 _____ () C:\Users\Owner\Documents\notes.txt
2014-09-01 00:14 - 2014-08-05 23:24 - 00000000 ____D () C:\Users\Owner\Documents\Files
2014-08-30 02:48 - 2014-08-30 02:43 - 00001449 _____ () C:\WINDOWS\system32\bdsandbox.txt
2014-08-26 22:06 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-26 20:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-26 20:41 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-26 20:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-26 20:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-26 20:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-26 10:37 - 2014-08-26 10:37 - 00074752 _____ () C:\Users\Owner\Downloads\MySQLOracle.ppt
2014-08-26 10:25 - 2014-08-26 14:08 - 00075429 ____H () C:\Users\Owner\Documents\~WRL0003.tmp
2014-08-26 01:27 - 2014-08-26 01:26 - 00000000 ____D () C:\Users\Owner\Documents\TCP
2014-08-26 01:26 - 2014-08-26 01:25 - 00000000 ____D () C:\Users\Owner\Documents\logos
2014-08-25 18:16 - 2014-02-26 21:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-25 18:10 - 2014-02-26 21:27 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-25 15:27 - 2014-08-25 15:27 - 00009320 _____ () C:\Users\Owner\Documents\Skills.xlsx
2014-08-25 12:22 - 2014-07-29 00:15 - 01260120 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2014-08-25 12:22 - 2014-07-29 00:15 - 00647752 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2014-08-25 12:18 - 2014-07-29 00:07 - 00419616 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2014-08-25 11:42 - 2014-08-05 23:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-08-25 11:04 - 2014-08-25 11:04 - 00006174 _____ () C:\Users\Owner\Documents\New Microsoft Excel Worksheet.xlsx
2014-08-24 20:43 - 2014-08-24 20:43 - 00008949 _____ () C:\Users\Owner\Documents\Snippets.java
2014-08-24 20:08 - 2014-08-12 14:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Notepad++
2014-08-24 00:29 - 2014-04-28 03:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-24 00:21 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-24 00:18 - 2014-08-13 18:22 - 00000409 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-08-22 20:42 - 2014-09-02 10:22 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 16:29 - 2014-08-22 16:29 - 00524800 _____ () C:\Users\Owner\Downloads\11_ Instruction Sets addressing modes .ppt
2014-08-15 18:41 - 2014-08-14 18:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-15 18:40 - 2014-08-15 18:40 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-08-15 18:40 - 2014-08-14 18:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-15 13:59 - 2014-08-15 13:59 - 00695808 _____ () C:\Users\Owner\Downloads\simutools08-keynote-final.ppt
2014-08-15 13:59 - 2014-08-15 13:59 - 00695808 _____ () C:\Users\Owner\Downloads\simutools08-keynote-final (1).ppt
2014-08-14 18:03 - 2014-08-14 18:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-08-14 18:01 - 2014-08-14 18:00 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2014-08-13 20:06 - 2014-03-18 06:13 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-13 19:41 - 2014-03-18 06:13 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-13 19:41 - 2014-03-18 06:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-13 19:41 - 2014-03-18 06:13 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-13 19:41 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-13 19:41 - 2013-08-22 07:44 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-13 19:41 - 2013-08-22 07:22 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-13 19:41 - 2013-08-22 07:21 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-13 19:41 - 2013-08-22 07:10 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-13 19:41 - 2013-08-22 07:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-13 19:41 - 2013-08-22 06:32 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-13 19:41 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-13 19:41 - 2013-08-21 23:55 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-13 19:41 - 2013-08-21 23:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-13 19:41 - 2013-08-21 23:45 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-13 19:41 - 2013-08-21 23:40 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-13 19:41 - 2013-08-21 23:16 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-13 19:38 - 2014-06-11 15:57 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-12 14:16 - 2014-08-12 14:15 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-12 14:15 - 2014-08-12 14:15 - 00001065 _____ () C:\Users\Owner\Desktop\Notepad++.lnk
2014-08-12 14:15 - 2014-08-12 14:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-12 14:15 - 2014-08-12 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-12 13:52 - 2014-08-12 13:42 - 07920175 _____ () C:\Users\Owner\Downloads\npp.6.6.8.Installer.exe
2014-08-12 13:40 - 2014-08-12 13:40 - 00004060 _____ () C:\Users\Owner\Downloads\source.zip
2014-08-10 12:30 - 2014-08-10 12:30 - 00332800 _____ () C:\Users\Owner\Downloads\lecture16.ppt
2014-08-10 11:46 - 2014-08-10 11:46 - 00000250 _____ () C:\Users\Owner\Downloads\copy_kernel.sh
2014-08-08 14:51 - 2014-08-05 22:43 - 00000000 ____D () C:\Dev
2014-08-08 14:49 - 2014-08-08 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subversion
2014-08-08 14:49 - 2014-08-08 14:49 - 00000000 ____D () C:\Program Files\SlikSvn
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 15:36
 
==================== End Of Log ============================


#7 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 AM

Posted 06 September 2014 - 05:43 PM

Hello Pystryker,



Thanks for helping, the reason for searching my laptop for a spyware is that I have someone sharing my network and he is able to know what on my laptop and what I'm doing.


Hello :)

You're quite welcome, let's continue. :thumbsup2:


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Things I need to see in your next post:

TDSSKiller Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#8 melegy

melegy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 07 September 2014 - 01:04 PM

13:33:45.0555 0x0aac  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
13:33:45.0555 0x0aac  UEFI system
13:34:27.0457 0x0aac  ============================================================
13:34:27.0458 0x0aac  Current date / time: 2014/09/07 13:34:27.0457
13:34:27.0458 0x0aac  SystemInfo:
13:34:27.0458 0x0aac  
13:34:27.0458 0x0aac  OS Version: 6.3.9600 ServicePack: 0.0
13:34:27.0458 0x0aac  Product type: Workstation
13:34:27.0458 0x0aac  ComputerName: OWNER-PC
13:34:27.0459 0x0aac  UserName: Owner
13:34:27.0459 0x0aac  Windows directory: C:\WINDOWS
13:34:27.0459 0x0aac  System windows directory: C:\WINDOWS
13:34:27.0459 0x0aac  Running under WOW64
13:34:27.0459 0x0aac  Processor architecture: Intel x64
13:34:27.0459 0x0aac  Number of processors: 4
13:34:27.0459 0x0aac  Page size: 0x1000
13:34:27.0459 0x0aac  Boot type: Normal boot
13:34:27.0459 0x0aac  ============================================================
13:34:27.0810 0x0aac  KLMD registered as C:\WINDOWS\system32\drivers\51758643.sys
13:34:28.0659 0x0aac  System UUID: {051BAF6A-16FE-7ED8-AC7D-6A0BFCDF8A71}
13:34:30.0031 0x0aac  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:34:30.0054 0x0aac  ============================================================
13:34:30.0055 0x0aac  \Device\Harddisk0\DR0:
13:34:30.0055 0x0aac  GPT partitions:
13:34:30.0056 0x0aac  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {032F6B26-0365-4DCB-9DD8-10E438A120EE}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
13:34:30.0056 0x0aac  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {8F54BC56-98ED-4893-A860-76899203DE9C}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
13:34:30.0056 0x0aac  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {693B219C-2458-4FAA-AFAE-660E9A9EF4DD}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
13:34:30.0057 0x0aac  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6EDE0767-6AB8-4175-B63C-84CEC863B13E}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0x3A19C800
13:34:30.0057 0x0aac  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {01820728-D182-49E9-8B55-E40020828F36}, Name: , StartLBA 0x3A2A5000, BlocksNum 0xE1000
13:34:30.0057 0x0aac  MBR partitions:
13:34:30.0057 0x0aac  ============================================================
13:34:30.0096 0x0aac  C: <-> \Device\Harddisk0\DR0\Partition4
13:34:30.0096 0x0aac  ============================================================
13:34:30.0096 0x0aac  Initialize success
13:34:30.0097 0x0aac  ============================================================
13:35:38.0619 0x1548  KLMD registered as C:\WINDOWS\system32\drivers\58023583.sys
13:35:39.0436 0x1548  Deinitialize success
 


#9 melegy

melegy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 07 September 2014 - 01:39 PM

Attached File  TDSSKiller.3.0.0.40_07.09.2014_13.42.30_log.txt   413.92KB   2 downloads



#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 AM

Posted 07 September 2014 - 03:30 PM

Hi :)

Please don't attach the logs unless requested. Post them as replies in the thread. It makes it much easier to analyze. :)


The TDSSKiller log is clear, so let's scan for remnants and out of date programs.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 melegy

melegy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 08 September 2014 - 10:21 AM

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# product=EOS

# version=8

# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=ba32df2768be1f4ebd95ec85a26059e0

# engine=20043

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-09-08 03:01:45

# local_time=2014-09-08 11:01:45 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.3.9600 NT 

# compatibility_mode_1='Bitdefender Antivirus'

# compatibility_mode=2065 16777213 100 100 0 113090614 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 9829909 17593225 0 0

# scanned=175591

# found=1

# cleaned=0

# scan_time=43463

sh=6D2ABF62B76C9A7340F8A1EA0C7D1466B0C5C20A ft=1 fh=553058846c7b9dff vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\pal_install_r132028.exe"


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/7/2014

Scan Time: 9:40:17 PM

Logfile: MBAM.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.07.08

Rootkit Database: v2014.08.21.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: moham_000

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 348440

Time Elapsed: 18 min, 56 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



#12 melegy

melegy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 08 September 2014 - 10:22 AM

 Results of screen317's Security Check version 0.99.87  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Bitdefender Antivirus   

Windows Defender        

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 14.0.0.145  

 Adobe Reader XI  

 Google Chrome 37.0.2062.102  

 Google Chrome 37.0.2062.103  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 Bitdefender Bitdefender 2015 vsserv.exe  

 Bitdefender Bitdefender 2015 updatesrv.exe  

 Bitdefender Bitdefender SafeBox safeboxservice.exe  

 Bitdefender Bitdefender 2015 bdagent.exe  

 Bitdefender Bitdefender 2015 bdwtxag.exe  

 Bitdefender Bitdefender 2015 Antispam32 bdwtxapps.exe 

 Bitdefender Bitdefender 2015 bdwtxcr.exe  

 Bitdefender Bitdefender 2015 downloader.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 



#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 AM

Posted 08 September 2014 - 07:25 PM

Excellent, only one small infected file to get rid of. :thumbsup2:

Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Users\Owner\Downloads\pal_install_r132028.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 AM

Posted 11 September 2014 - 05:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 AM

Posted 15 September 2014 - 09:03 PM

Topic re-opened at user's request.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log[/b]

Edited by pystryker, 15 September 2014 - 09:18 PM.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users