Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pain in the but SysWOW64


  • Please log in to reply
5 replies to this topic

#1 zagene

zagene

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 08 September 2014 - 03:10 PM

Hi, my son collected SysWOW64 for me while trying to download something (my fault as I was to busy to help him and his PC also so infected its a total nightmare).

Could you please help me remove this from my PC.

Alreay performed the following tasks.

 

Registry backup with Erhunt in safe mode

Security Check log:

Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55  
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Mozilla Firefox (31.0)
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

DDX Scan text file

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.55.2
Run by Eugene at 21:55:44 on 2014-09-08
Microsoft Windows 7 Professional   6.1.7601.1.1252.27.1033.18.12279.9483 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
C:\Users\Eugene\AppData\Local\DOSInterpreterPrivacy\DOSInterpreterPrivacy.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\SysWOW64\DockPathShareware\DockPathShareware.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.za
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:40560
uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge] <no file>
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: Interfaces\{486DD572-1BD0-4489-AE4E-68779D379601} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{53738037-7DB1-4C73-AA44-1792151137C3} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\azw8cqf0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-6-3 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-6-3 15920]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-6-3 56208]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\System32\drivers\tdrpm251.sys [2013-6-3 1455648]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-11-7 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-11-7 38144]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-6-3 2326920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-10-7 218112]
R2 DockPathShareware;DockPathShareware;C:\Windows\SysWOW64\DockPathShareware\DockPathShareware.exe [2014-9-5 60453]
R2 DOSInterpreterPrivacy.exe;DOSInterpreterPrivacy.exe;C:\Users\Eugene\AppData\Local\DOSInterpreterPrivacy\DOSInterpreterPrivacy.exe [2014-9-5 89125]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-6-3 250400]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-7-28 86016]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-3-15 97280]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-3-15 217088]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Blackberry Device Manager;Blackberry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-1-18 577536]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-4-16 108800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2014-7-28 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2014-7-28 13952]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2014-7-28 415744]
S3 ExpressInvoiceService;Express Invoice;C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2013-6-8 2070020]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-6-6 1432400]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2014-7-28 98816]
S3 huawei_cdcecm;huawei_cdcecm;C:\Windows\System32\drivers\ew_jucdcecm.sys [2014-7-28 69632]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2014-7-28 28672]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-12 111616]
S3 InventoriaService;Inventoria Stock Manager;C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [2013-6-8 1644036]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-4-16 206080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USB18PRG;mikroElektronika USB18F Device (x64 Platform);C:\Windows\System32\drivers\USB18PRG.sys [2009-11-17 53320]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-6-3 19968]
S3 UsbSagemComm;Sagem MorphoSmart Usb Driver;C:\Windows\System32\drivers\UsbSagMso_x64.sys [2014-7-29 69976]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-09-07 21:24:49    --------    d-----w-    C:\FRST
2014-09-07 20:39:25    --------    d-----w-    C:\HijackThis
2014-09-06 02:30:55    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A88B52E-800B-4E02-A537-E03C120A0257}\offreg.dll
2014-09-05 23:42:14    11319192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A88B52E-800B-4E02-A537-E03C120A0257}\mpengine.dll
2014-09-05 19:19:21    --------    d-----w-    C:\Users\Eugene\AppData\Local\DOSInterpreterPrivacy
2014-09-05 17:16:22    --------    d-----w-    C:\Program Files\Enigma Software Group
2014-09-05 17:16:10    --------    d-----w-    C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-05 17:16:07    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-09-05 16:23:44    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-09-05 16:23:04    388608    ----a-w-    C:\HijackThis.exe
2014-09-05 16:22:56    --------    d-----w-    C:\AdwCleaner
2014-09-05 13:04:41    --------    d-----w-    C:\Windows\SysWow64\DockPathShareware
2014-08-30 13:48:17    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-30 13:48:17    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-30 13:48:17    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-23 07:23:07    --------    d-----w-    C:\ProgramData\Package Cache
2014-08-23 07:23:04    --------    d-----w-    C:\Program Files (x86)\Seagate
2014-08-21 16:32:59    2620928    ----a-w-    C:\Windows\System32\wucltux.dll
2014-08-21 16:32:55    97792    ----a-w-    C:\Windows\System32\wudriver.dll
2014-08-21 16:32:55    92672    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2014-08-21 16:32:51    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-08-21 16:32:51    33792    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2014-08-21 16:32:51    198600    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-08-21 16:32:51    179656    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2014-08-12 21:02:16    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-12 21:02:16    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-12 21:02:16    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-12 21:02:16    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-12 21:02:15    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-12 21:02:15    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-12 21:02:09    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-12 21:02:09    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-12 20:51:39    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-08-12 20:51:39    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-08-12 20:51:38    529920    ----a-w-    C:\Windows\System32\aepdu.dll
2014-08-12 20:51:38    424448    ----a-w-    C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-08-05 07:20:00    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-07-27 16:56:27    230840    ----a-w-    C:\Windows\System32\drivers\truecrypt.sys
2014-07-25 14:02:12    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15    5824512    ----a-w-    C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47    4204032    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29    2087936    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49    2001920    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06    2266624    ----a-w-    C:\Windows\System32\wininet.dll
2014-07-25 10:05:23    1792512    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-10 16:24:05    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 16:24:05    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-09 02:03:23    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 21:56:13.70 ===============

 

Farbar Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Eugene (administrator) on AURORA7 on 08-09-2014 21:59:11
Running from C:\Users\Eugene\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\Users\Eugene\AppData\Local\DOSInterpreterPrivacy\DOSInterpreterPrivacy.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Windows\SysWOW64\DockPathShareware\DockPathShareware.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [357384 2009-09-12] (Acronis)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-07] (COMODO)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5048488 2009-09-12] (Acronis)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\MountPoints2: {2f0a1fff-d3b6-11e3-8079-406186344dca} - M:\AutoRun.exe
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\MountPoints2: {2f0a2002-d3b6-11e3-8079-406186344dca} - M:\AutoRun.exe
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\MountPoints2: {2f0a2006-d3b6-11e3-8079-406186344dca} - M:\AutoRun.exe
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\MountPoints2: {51122507-ecda-11e3-a1cd-406186344dca} - V:\AutoRun.exe
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\MountPoints2: {5df7a921-d797-11e3-ac2b-406186344dca} - N:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\MountPoints2: {62f561a7-e8af-11e3-8f38-406186344dca} - M:\AutoRun.exe
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\MountPoints2: {9592a5a7-e75f-11e3-b855-806e6f6e6963} - M:\AutoRun.exe
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\MountPoints2: {a677b14f-a9fe-11e3-a14e-406186344dca} - M:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\MountPoints2: {a677b16c-a9fe-11e3-a14e-406186344dca} - M:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2179765991-4246319328-3261906462-1001\...\MountPoints2: {bc439081-e9de-11e2-80b9-406186344dca} - "M:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:40560
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEA72C639849CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ZA
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{486DD572-1BD0-4489-AE4E-68779D379601}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\azw8cqf0.default
FF Homepage: hxxp://www.google.co.za/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\azw8cqf0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\azw8cqf0.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-06-03]
FF Extension: BetterPrivacy - C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\azw8cqf0.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-03]
FF Extension: DownThemAll! - C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\azw8cqf0.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-06-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-06-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.za/
CHR StartupUrls: Default -> "hxxp://www.google.co.za/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-03]
CHR Extension: (Google Drive) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-03]
CHR Extension: (YouTube) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-03]
CHR Extension: (Facebook) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-08-09]
CHR Extension: (Adblock Plus) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-05]
CHR Extension: (Google Search) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-03]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2013-08-09]
CHR Extension: (LinkedIn) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\foilkgphfinjndkjbnefmpmnnncamlna [2013-10-10]
CHR Extension: (QRCode Monkey) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidoepdbdhacpopcmepkflghaalfapmk [2014-05-04]
CHR Extension: (Facebook AdBlock) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Quick start) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-09-05]
CHR Extension: (Gmail) - C:\Users\Eugene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-07] (COMODO)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 DockPathShareware; C:\Windows\SysWOW64\DockPathShareware\DockPathShareware.exe [60453 2014-09-05] () [File not signed]
R2 DOSInterpreterPrivacy.exe; C:\Users\Eugene\AppData\Local\DOSInterpreterPrivacy\DOSInterpreterPrivacy.exe [89125 2014-09-05] () [File not signed]
S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2070020 2013-06-08] (NCH Software) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 InventoriaService; C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [1644036 2013-06-08] (NCH Software) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-12-31] (Vodafone) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-07] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-07] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-07] (COMODO)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2013-06-03] (Acronis)
S3 USB18PRG; C:\Windows\System32\Drivers\USB18PRG.sys [53320 2009-11-17] (mikroElektronika)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 UsbSagemComm; C:\Windows\System32\DRIVERS\UsbSagMso_x64.sys [69976 2010-07-12] (Sagem Securite)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 21:58 - 2014-09-08 21:58 - 00007812 _____ () C:\Users\Eugene\Desktop\attach.zip
2014-09-08 21:56 - 2014-09-08 21:56 - 00120936 _____ () C:\Users\Eugene\Desktop\attach.txt
2014-09-08 21:56 - 2014-09-08 21:56 - 00020994 _____ () C:\Users\Eugene\Desktop\dds.txt
2014-09-08 21:54 - 2014-09-08 21:54 - 00000000 ____D () C:\Users\Eugene\Desktop\DDS
2014-09-08 17:56 - 2014-09-08 17:56 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-07 23:32 - 2014-09-07 23:33 - 00000000 ____D () C:\Users\Eugene\Desktop\Erhunt
2014-09-07 23:30 - 2014-09-07 23:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Eugene\Downloads\revosetup.exe
2014-09-07 23:28 - 2014-09-07 23:28 - 00513320 _____ () C:\Users\Eugene\Downloads\erunt.zip
2014-09-07 23:26 - 2014-09-07 23:26 - 00032688 _____ () C:\Users\Eugene\Desktop\Addition.txt
2014-09-07 23:24 - 2014-09-08 21:59 - 00019110 _____ () C:\Users\Eugene\Desktop\FRST.txt
2014-09-07 23:24 - 2014-09-08 21:59 - 00000000 ____D () C:\FRST
2014-09-07 23:21 - 2014-09-07 23:22 - 02105344 _____ (Farbar) C:\Users\Eugene\Desktop\FRST64.exe
2014-09-07 23:20 - 2014-09-07 23:20 - 00854417 _____ () C:\Users\Eugene\Desktop\SecurityCheck.exe
2014-09-07 22:55 - 2014-09-07 22:55 - 286589526 _____ () C:\Users\Eugene\Documents\RegBackup.reg
2014-09-07 22:39 - 2014-09-07 22:39 - 00000000 ____D () C:\HijackThis
2014-09-07 22:22 - 2014-09-07 22:22 - 01056960 _____ (Adobe) C:\Users\Eugene\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-09-07 07:04 - 2014-09-07 07:04 - 00002693 _____ () C:\Users\Eugene\Desktop\Word.lnk
2014-09-06 13:12 - 2014-09-06 13:12 - 809726848 _____ () C:\Windows\MEMORY.DMP
2014-09-06 13:12 - 2014-09-06 13:12 - 00275584 _____ () C:\Windows\Minidump\090614-26878-01.dmp
2014-09-05 23:37 - 2014-09-05 23:37 - 00000165 ____H () C:\Users\Eugene\Downloads\~$Skoene.xlsx
2014-09-05 23:36 - 2014-09-05 23:36 - 00013522 _____ () C:\Users\Eugene\Downloads\Skoene.xlsx
2014-09-05 21:19 - 2014-09-05 21:20 - 00000000 ____D () C:\Users\Eugene\AppData\Local\DOSInterpreterPrivacy
2014-09-05 19:16 - 2014-09-05 21:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-05 19:16 - 2014-09-05 19:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-05 19:16 - 2014-09-05 19:16 - 00000000 _____ () C:\autoexec.bat
2014-09-05 19:15 - 2014-09-05 19:15 - 00002632 _____ () C:\Users\Eugene\Desktop\Rkill.txt
2014-09-05 19:13 - 2014-09-05 19:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Eugene\Downloads\rkill.exe
2014-09-05 19:10 - 2014-09-05 19:10 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Eugene\Downloads\SpyHunter-Installer.exe
2014-09-05 18:23 - 2014-09-05 18:21 - 01370467 _____ () C:\Users\Eugene\Desktop\AdwCleaner.exe
2014-09-05 18:23 - 2014-09-05 18:20 - 00388608 _____ (Trend Micro Inc.) C:\HijackThis.exe
2014-09-05 18:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-05 18:22 - 2014-09-07 23:14 - 00000000 ____D () C:\AdwCleaner
2014-09-05 18:22 - 2014-09-05 18:22 - 00003154 _____ () C:\Windows\System32\Tasks\{A65D0DC1-F13E-4AE2-B1BC-344A068367E7}
2014-09-05 18:21 - 2014-09-05 18:21 - 01370467 _____ () C:\Users\Eugene\Downloads\AdwCleaner.exe
2014-09-05 18:20 - 2014-09-05 18:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eugene\Downloads\HijackThis.exe
2014-09-05 17:52 - 2014-09-08 18:04 - 00125673 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 17:48 - 2014-09-08 17:56 - 00000448 _____ () C:\Windows\setupact.log
2014-09-05 17:48 - 2014-09-07 23:15 - 00001674 _____ () C:\Windows\PFRO.log
2014-09-05 17:48 - 2014-09-05 17:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 16:35 - 2014-09-05 16:35 - 01158288 _____ (Zugara Investments Limited ) C:\Users\Eugene\Downloads\lego-harry-potter-years-5-7-usa-psp-bahamut (1).exe
2014-09-05 16:34 - 2014-09-05 16:34 - 01158288 _____ (Zugara Investments Limited ) C:\Users\Eugene\Downloads\lego-harry-potter-years-5-7-usa-psp-bahamut.exe
2014-09-05 15:06 - 2014-09-05 21:36 - 00002309 _____ () C:\Users\Eugene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-05 15:06 - 2014-09-05 18:35 - 00001322 _____ () C:\Users\Eugene\Desktop\Search.lnk
2014-09-05 15:06 - 2014-09-05 15:39 - 108415396 _____ () C:\Users\Eugene\Downloads\Mystery Case Files Madame Fate.exe
2014-09-05 15:06 - 2014-09-05 15:07 - 01158224 _____ (Zugara Investments Limited ) C:\Users\Eugene\Downloads\mystery-case-files-madame-fate (1).exe
2014-09-05 15:04 - 2014-09-05 15:04 - 00000000 ____D () C:\Windows\SysWOW64\DockPathShareware
2014-09-05 15:03 - 2014-09-05 15:06 - 07275972 _____ () C:\Users\Eugene\Downloads\Unconfirmed 766341.crdownload
2014-09-05 15:02 - 2014-09-05 15:03 - 01158224 _____ (Zugara Investments Limited ) C:\Users\Eugene\Downloads\mystery-case-files-madame-fate.exe
2014-08-30 15:48 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 15:48 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 15:48 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 09:23 - 2014-08-23 09:23 - 00001412 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-08-23 09:23 - 2014-08-23 09:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 09:23 - 2014-08-23 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-08-23 09:23 - 2014-08-23 09:23 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-08-23 09:20 - 2014-08-23 09:22 - 26771088 _____ () C:\Users\Eugene\Downloads\SeaToolsforWindowsSetup.exe
2014-08-21 18:33 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 18:33 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 18:32 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 18:32 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 18:32 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 18:32 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 18:32 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 18:32 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 18:32 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 18:32 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 18:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 18:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 18:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 18:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-17 11:25 - 2014-08-17 11:25 - 00025789 _____ () C:\Users\Eugene\Downloads\caseplans (2).svg
2014-08-16 18:11 - 2014-08-16 18:11 - 00024247 _____ () C:\Users\Eugene\Downloads\caseplans (1).svg
2014-08-16 18:05 - 2014-08-16 18:05 - 00026511 _____ () C:\Users\Eugene\Downloads\caseplans.svg
2014-08-12 23:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 23:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-12 23:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 23:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 23:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 23:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 23:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-12 23:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 22:56 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 22:56 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 22:56 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 22:56 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 22:56 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 22:56 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 22:56 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 22:56 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 22:56 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 22:56 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 22:56 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 22:56 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 22:56 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 22:56 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 22:56 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 22:56 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 22:56 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 22:56 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 22:56 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 22:56 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 22:56 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 22:56 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 22:55 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 22:55 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 22:55 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 22:55 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 22:55 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 22:55 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 22:55 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 22:55 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 22:55 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 22:55 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 22:55 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 22:55 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 22:55 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 22:55 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 22:55 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 22:55 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 22:55 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 22:55 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 22:55 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 22:55 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 22:55 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 22:55 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 22:55 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 22:55 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 22:55 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 22:55 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 22:55 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 22:55 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 22:55 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 22:55 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 22:55 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 22:55 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 22:55 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 22:55 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 22:55 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 22:55 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 22:55 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 22:55 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 22:55 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 22:55 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 22:55 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 22:55 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 22:55 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 22:55 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 22:55 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 22:55 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 22:55 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 22:55 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 22:55 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 22:55 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 22:55 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 22:55 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 22:55 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 22:55 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 22:55 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 22:55 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 22:55 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 22:55 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 22:51 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 22:51 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 22:51 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 22:51 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 21:59 - 2014-09-07 23:24 - 00019110 _____ () C:\Users\Eugene\Desktop\FRST.txt
2014-09-08 21:59 - 2014-09-07 23:24 - 00000000 ____D () C:\FRST
2014-09-08 21:58 - 2014-09-08 21:58 - 00007812 _____ () C:\Users\Eugene\Desktop\attach.zip
2014-09-08 21:56 - 2014-09-08 21:56 - 00120936 _____ () C:\Users\Eugene\Desktop\attach.txt
2014-09-08 21:56 - 2014-09-08 21:56 - 00020994 _____ () C:\Users\Eugene\Desktop\dds.txt
2014-09-08 21:54 - 2014-09-08 21:54 - 00000000 ____D () C:\Users\Eugene\Desktop\DDS
2014-09-08 21:37 - 2013-06-03 12:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 21:23 - 2014-04-13 16:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-08 18:07 - 2009-07-14 06:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 18:07 - 2009-07-14 06:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 18:04 - 2014-09-05 17:52 - 00125673 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 18:00 - 2014-02-04 06:21 - 00000000 ___RD () C:\Users\Eugene\Google Drive
2014-09-08 17:59 - 2013-06-03 12:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 17:56 - 2014-09-08 17:56 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-08 17:56 - 2014-09-05 17:48 - 00000448 _____ () C:\Windows\setupact.log
2014-09-08 17:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 23:33 - 2014-09-07 23:32 - 00000000 ____D () C:\Users\Eugene\Desktop\Erhunt
2014-09-07 23:30 - 2014-09-07 23:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Eugene\Downloads\revosetup.exe
2014-09-07 23:28 - 2014-09-07 23:28 - 00513320 _____ () C:\Users\Eugene\Downloads\erunt.zip
2014-09-07 23:26 - 2014-09-07 23:26 - 00032688 _____ () C:\Users\Eugene\Desktop\Addition.txt
2014-09-07 23:22 - 2014-09-07 23:21 - 02105344 _____ (Farbar) C:\Users\Eugene\Desktop\FRST64.exe
2014-09-07 23:20 - 2014-09-07 23:20 - 00854417 _____ () C:\Users\Eugene\Desktop\SecurityCheck.exe
2014-09-07 23:17 - 2013-06-03 13:03 - 00000000 ____D () C:\Users\Eugene\Documents\CCleaner
2014-09-07 23:15 - 2014-09-05 17:48 - 00001674 _____ () C:\Windows\PFRO.log
2014-09-07 23:14 - 2014-09-05 18:22 - 00000000 ____D () C:\AdwCleaner
2014-09-07 23:14 - 2013-06-03 16:41 - 00001076 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-07 23:14 - 2013-06-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-07 23:14 - 2013-06-03 07:37 - 00001002 _____ () C:\Users\Eugene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 22:55 - 2014-09-07 22:55 - 286589526 _____ () C:\Users\Eugene\Documents\RegBackup.reg
2014-09-07 22:39 - 2014-09-07 22:39 - 00000000 ____D () C:\HijackThis
2014-09-07 22:38 - 2013-06-03 07:37 - 00000000 ____D () C:\Users\Eugene\AppData\Local\VirtualStore
2014-09-07 22:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-07 22:22 - 2014-09-07 22:22 - 01056960 _____ (Adobe) C:\Users\Eugene\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-09-07 22:22 - 2013-06-03 09:52 - 00000000 ____D () C:\Users\Eugene\AppData\Local\Adobe
2014-09-07 22:03 - 2013-06-08 16:21 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-09-07 07:04 - 2014-09-07 07:04 - 00002693 _____ () C:\Users\Eugene\Desktop\Word.lnk
2014-09-06 13:12 - 2014-09-06 13:12 - 809726848 _____ () C:\Windows\MEMORY.DMP
2014-09-06 13:12 - 2014-09-06 13:12 - 00275584 _____ () C:\Windows\Minidump\090614-26878-01.dmp
2014-09-06 13:12 - 2014-05-29 20:32 - 00000000 ____D () C:\Windows\Minidump
2014-09-05 23:37 - 2014-09-05 23:37 - 00000165 ____H () C:\Users\Eugene\Downloads\~$Skoene.xlsx
2014-09-05 23:36 - 2014-09-05 23:36 - 00013522 _____ () C:\Users\Eugene\Downloads\Skoene.xlsx
2014-09-05 21:36 - 2014-09-05 15:06 - 00002309 _____ () C:\Users\Eugene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-05 21:36 - 2013-10-10 19:32 - 00002355 _____ () C:\Users\Eugene\Desktop\Chrome App Launcher.lnk
2014-09-05 21:23 - 2014-09-05 19:16 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-05 21:20 - 2014-09-05 21:19 - 00000000 ____D () C:\Users\Eugene\AppData\Local\DOSInterpreterPrivacy
2014-09-05 20:28 - 2014-01-04 21:00 - 00001753 _____ () C:\Users\Eugene\Desktop\XC8 getting started.lnk
2014-09-05 20:28 - 2014-01-04 21:00 - 00001730 _____ () C:\Users\Eugene\Desktop\xc8 manual.lnk
2014-09-05 19:16 - 2014-09-05 19:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-05 19:16 - 2014-09-05 19:16 - 00000000 _____ () C:\autoexec.bat
2014-09-05 19:15 - 2014-09-05 19:15 - 00002632 _____ () C:\Users\Eugene\Desktop\Rkill.txt
2014-09-05 19:15 - 2014-09-05 19:13 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Eugene\Downloads\rkill.exe
2014-09-05 19:10 - 2014-09-05 19:10 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Eugene\Downloads\SpyHunter-Installer.exe
2014-09-05 18:35 - 2014-09-05 15:06 - 00001322 _____ () C:\Users\Eugene\Desktop\Search.lnk
2014-09-05 18:22 - 2014-09-05 18:22 - 00003154 _____ () C:\Windows\System32\Tasks\{A65D0DC1-F13E-4AE2-B1BC-344A068367E7}
2014-09-05 18:21 - 2014-09-05 18:23 - 01370467 _____ () C:\Users\Eugene\Desktop\AdwCleaner.exe
2014-09-05 18:21 - 2014-09-05 18:21 - 01370467 _____ () C:\Users\Eugene\Downloads\AdwCleaner.exe
2014-09-05 18:20 - 2014-09-05 18:23 - 00388608 _____ (Trend Micro Inc.) C:\HijackThis.exe
2014-09-05 18:20 - 2014-09-05 18:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eugene\Downloads\HijackThis.exe
2014-09-05 17:48 - 2014-09-05 17:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 16:55 - 2013-10-10 19:32 - 00000000 ____D () C:\Users\Eugene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-05 16:35 - 2014-09-05 16:35 - 01158288 _____ (Zugara Investments Limited ) C:\Users\Eugene\Downloads\lego-harry-potter-years-5-7-usa-psp-bahamut (1).exe
2014-09-05 16:34 - 2014-09-05 16:34 - 01158288 _____ (Zugara Investments Limited ) C:\Users\Eugene\Downloads\lego-harry-potter-years-5-7-usa-psp-bahamut.exe
2014-09-05 15:39 - 2014-09-05 15:06 - 108415396 _____ () C:\Users\Eugene\Downloads\Mystery Case Files Madame Fate.exe
2014-09-05 15:07 - 2014-09-05 15:06 - 01158224 _____ (Zugara Investments Limited ) C:\Users\Eugene\Downloads\mystery-case-files-madame-fate (1).exe
2014-09-05 15:06 - 2014-09-05 15:03 - 07275972 _____ () C:\Users\Eugene\Downloads\Unconfirmed 766341.crdownload
2014-09-05 15:04 - 2014-09-05 15:04 - 00000000 ____D () C:\Windows\SysWOW64\DockPathShareware
2014-09-05 15:03 - 2014-09-05 15:02 - 01158224 _____ (Zugara Investments Limited ) C:\Users\Eugene\Downloads\mystery-case-files-madame-fate.exe
2014-09-03 22:14 - 2014-07-10 19:25 - 00000000 ____D () C:\Users\Eugene\AppData\Roaming\gnupg
2014-08-31 08:30 - 2009-07-14 07:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 06:45 - 2009-07-14 06:45 - 05334648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 09:23 - 2014-08-23 09:23 - 00001412 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-08-23 09:23 - 2014-08-23 09:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 09:23 - 2014-08-23 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-08-23 09:23 - 2014-08-23 09:23 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-08-23 09:22 - 2014-08-23 09:20 - 26771088 _____ () C:\Users\Eugene\Downloads\SeaToolsforWindowsSetup.exe
2014-08-23 09:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 04:07 - 2014-08-30 15:48 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 15:48 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 15:48 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 20:50 - 2014-02-04 06:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-17 11:25 - 2014-08-17 11:25 - 00025789 _____ () C:\Users\Eugene\Downloads\caseplans (2).svg
2014-08-16 18:11 - 2014-08-16 18:11 - 00024247 _____ () C:\Users\Eugene\Downloads\caseplans (1).svg
2014-08-16 18:05 - 2014-08-16 18:05 - 00026511 _____ () C:\Users\Eugene\Downloads\caseplans.svg
2014-08-15 05:33 - 2013-06-16 17:46 - 00000000 ____D () C:\Users\Eugene\AppData\Roaming\vlc
2014-08-13 19:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 23:07 - 2013-08-11 22:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 23:04 - 2013-06-03 08:21 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 23:02 - 2014-05-06 07:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-11 20:14 - 2013-09-07 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-11 20:14 - 2013-09-07 09:22 - 00000000 ____D () C:\Program Files (x86)\Garmin

Some content of TEMP:
====================
C:\Users\Eugene\AppData\Local\Temp\Quarantine.exe
C:\Users\Eugene\AppData\Local\Temp\Shop2.exe
C:\Users\Eugene\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 00:50

==================== End Of Log ============================

 

Hijacthis log

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:04:59, on 2014-09-08
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:40560
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{486DD572-1BD0-4489-AE4E-68779D379601}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{486DD572-1BD0-4489-AE4E-68779D379601}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{486DD572-1BD0-4489-AE4E-68779D379601}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
O23 - Service: DockPathShareware - Unknown owner - C:\Windows\SysWOW64\DockPathShareware\DockPathShareware.exe
O23 - Service: DOSInterpreterPrivacy.exe - Unknown owner - C:\Users\Eugene\AppData\Local\DOSInterpreterPrivacy\DOSInterpreterPrivacy.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Express Invoice (ExpressInvoiceService) - Unknown owner - C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Inventoria Stock Manager (InventoriaService) - Unknown owner - C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11930 bytes
 

I Hope this is what you need

I am not sure how to send the attach.zip file to this post

 

Thank you very much

Regards

Gene

 



BC AdBot (Login to Remove)

 


m

#2 Kirbyofdeath

Kirbyofdeath

  • Members
  • 459 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on Earth
  • Local time:06:26 PM

Posted 08 September 2014 - 03:25 PM

I'm having trouble understanding you, is the syswow64 folder infected?

 

Please download Malwarebytes Anti-Malware.

 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log, download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.


#3 Kirbyofdeath

Kirbyofdeath

  • Members
  • 459 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on Earth
  • Local time:06:26 PM

Posted 08 September 2014 - 03:28 PM

Try not to use powerful tools like "HijackThis" or "ComboFix", these tools are very powerful. If used incorrectly, they may do more damage than help.


Edited by Kirbyofdeath, 08 September 2014 - 03:28 PM.


#4 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 08 September 2014 - 03:32 PM

Hello, 
 
DDS, FRST and HijackThis logs are not permitted in this forum. 
Furthermore, HijackThis is outdated, and rarely used nowadays (I would only use HJT to remove O4 startup entries). 
 

my son collected SysWOW64 for me while trying to download something

SysWOW64 is a legitimate System Folder on 64-bit Operating Systems. The folder is used to handle 32-bit applications, which are redirected to this folder when they try to access System32. 
 
Why do you believe this folder is an issue? 
What issues are you experiencing?

 

Edit: I will leave you in the hands of the poster above. 


Edited by LiquidTension, 08 September 2014 - 03:33 PM.

Posted Image

#5 zagene

zagene
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 September 2014 - 12:03 PM

Hi, I am trying to figure out what the problem is thought it might be.

The biggest problems I have is that something is opening quite a lot of connections when I open firefox. (that is according to commodo up to 52 at a time).

Commodo reported SysWOW64, DOS InterpreterPrivacy.exe as well as KernelPythonWin32.exe. (dont know where thisa fit in)

The problem was that WebSearches altered both firefox as well as chrome home pages. I battled to fix this and is still unable to completeley remove it from firefox.

Chrome also have some issues with a proxy which is blocking some pages to display with a "no data received error"

Lots of intrusions  blocked by comodo (something it neved did in the past) amd a flooded outbound connections at times.

I have downloaded Anti Malware and will run it.

Pardon the other apps. I just stumbled apon a tread on bleepingcomputer regarding syswow64 and ran the same apps as in that discussion.



#6 Kirbyofdeath

Kirbyofdeath

  • Members
  • 459 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on Earth
  • Local time:06:26 PM

Posted 09 September 2014 - 01:00 PM

Can you please post the topic URL?

 

Please scan your computer with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  •  
  • Click the esetonlinebtn.png button.
  •  
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    •  
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
    •  
  •  
  • Check "YES, I accept the Terms of Use."
  •  
  • Click the Start button.
  •  
  • Accept any security warnings from your browser.
  •  
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  •  
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    •  
    • Scan for potentially unsafe applications
    •  
    • Enable Anti-Stealth technology
    •  
  •  
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  •  
  • When the scan completes, click List Threats
  •  
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  •  
  • Click the Back button.
  •  
  • Click the Finish button.
  •  





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users