Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp1_.. .zip folders appeared & F-Secure detected infected files


  • This topic is locked This topic is locked
17 replies to this topic

#1 inputoutput

inputoutput

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 17 September 2014 - 01:49 PM

EDIT: I'm sorry, I was a bit quick and made the post without a proper descriptive title. It should have mentioned specific what was detected. See the attached F-Secure logs.

 

 

Hi forum. This is a long post explaining what happened on my laptop yesterday (Sept. 16th).

 

Some general information:

I run Windows 7 Pro SP1 on a Clevo P150EM laptop.
Settings like view file extensions, show hidden files & folders etc. are enabled.
My PC was connected to Internet through the school network during the course of events.
F-Secure Client Security 9.00 build 851 with real-time protection, DeepGuard, Browsing Protection etc. ran the whole time.


Now the course of events (as I remember them):

I ran VMWare with Win. XP from an image that was given to us in class (the virtual Win. XP hangs regularly for all students using it). In Win. XP I saved a .png file with MSPaint and dragged the file out of VMWare over to my Desktop. Maybe a minute or two afterwards, F-Secure detected an infected file in my Temp folder. My computer now ran slower than usual, similar to the virtual Win. XP.

 

I opened the Temp folder and saw there were thousands of new folders being continously created called "Temp1_[n].zip" where [n] is a number (1, 2, ... , 1200, 3042). The folders contained seemingly random files I did not recognize, with the exception for a few files. If it is a coincidence that I recognized a few filenames or if the files were copied from my HDD, I don't know.

 

I disconnected from Internet and deleted the folders (over 1GB in size), but the folders continued to appear in the same fashion as before. The "Temp1_.. .zip" folder with lowest number seemed undeleteable as it did not disappear when I tried to delete it (no error message). The other folders went away for some seconds, therefore something generated the folders many times per second starting with the lowest number. Because it still happened while offline, it seems the files were copied from disk or generated on the fly.

 

Perhaps a few minutes after I then exit VMWare (after a little fighting due to hangs and re-appearing VMWare processes), the folders stopped re-appearing. If just a coincidence or not, I don't know. I don't say that VMWare really had anything to do with this but that's the software I worked with.

The F-Secure log shows that various files on my disks were infected and detected about 18 minutes after things first started happening. Among the files was a program I use regularly I know was clean earlier. The F-Secure log also shows that registry keys were attempted changed, like "show hidden files". I initiated a full virus scan with F-Sec. but it "finished" prematurely (!?) - it did not scan my whole computer, I saw the scan progress and ending.

 

Also, it seems some policies were changed; I used to be admin on this machine but now I can't change a file's permissions under Properties -> Security -> Edit button -> the checkbox list. [See attached image file "permissions.png"]

What used to be white is now greyed out.

Also, the "Run as administrator" option in mouse -> right click menu is gone. :)

 

 

So, moving on to today, nothing new has happened on the computer; I haven't re-started it nor started new programs*. The folders have not returned but the computer is a bit sluggish; there seems to be a small amount of ghosting when windows are dragged around. The amount of ghosting was reduced when I disabled Power saving mode, however.

 

EDIT: I'll go through the "Slow computer" sticky thread for good measure.

* I did download, install and start two programs today; trial versions of the anti-virus programs "Trojan Hunter" and "Emsisoft Internet Security 9.0" as I thought at one point they could do complete scans of my computer. It seems Trojan Hunter has trouble with that also (haven't tried with Emsisoft yet).

 

 

I mentioned that I recognized some of the appearing files - I should mention that for maybe a year or two ago, I ripped files from freeinfosociety.com (software-assisted rip) because I wanted the electronics schematics there and to browse them locally in peace and quiet. Among the website's 1000s of files was a large collection of numbered .zip files, some seemed to contain random software cracks far as I can tell. I let the .zips be as they appeared irrelevant to me.

Having a hunch, I scanned those .zips today and found 3 of them contained the same files that appeared in some of the "Temp1_.. .zip" folders. Heck, the number on the .ZIP files in question matched the Temp1_.. folder numbers (looking at the F-Secure log).

 

I'm certain I never touched any of the ripped files other than the .PDFs and images of electronic circuits, and that was at least a year ago. I deleted the .ZIP files without problems today. ("Passive" .ZIP files can't really be suspected in this anyways, no?)

 

 

So, I need help to know what caused the folders to appear, where the infections came from etc. I'd like to know as much about my computer as possible really. I'll try to come back to this thread with updates (logs etc.) when I can.

 

Attached are pictures from the F-Secure logs (I apologize for the cropped text - the log viewer can't be re-sized).

 

 

EDIT: DDS log posted, attach file attached.

 

EDIT2: Tonight I have gotten 3 further detections from F-Secure. It seems something is actively infecting my machine though I'm not sure as Trojan Hunter was scanning in the background when F-Secure made the detections. Perhaps Trojan Hunter moved files to the Temp folder during scan and F-Secure made false positives.

 

Anyway, from the F-Sec. log:

Today, 23:04: Trojan.Pws.Goldspy.R

      File:C:\Users\CHB\AppData\Local\Temp\AOE3VPN.exe       [this seems related to the game Age of Empires 3 I have installed?]

Today, 23:04: Trojan.Generic.5715856

      File:C:\Users\CHB\AppData\Local\Temp\Upx.afnyutsh       [typical randomly generated extension name I guess]

Today, 21:42: Trojan.Generic.7869230

      File:C:\Users\CHB\AppData\Local\Temp\Upx.avsasqti

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by CHB at 22:47:08 on 2014-09-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.47.1033.18.16276.11104 [GMT 2:00]
.
AV: F-Secure Client Security 9.00 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 9.00 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: F-Secure Client Security 9.00 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\lkads.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Windows\SysWOW64\nidevldu.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Windows\SysWOW64\nipxism.exe
C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE
C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE
C:\Program Files (x86)\F-Secure\Common\FIH32.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\F-Secure\common\FSM32.EXE
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Windows\splwow64.exe
D:\Program Files (x86)\Game_Maker7\Game_Maker7.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\svchost.exe -k SDRSVC
D:\Utils & drivers\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\CHB\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\TrojanHunter 5.6\TrojanHunter.exe
C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
C:\Program Files (x86)\Emsisoft Internet Security\a2wizard.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
D:\Utils & drivers\_NirSoft systemverktøy etc\outlookstatview\OutlookStatView.exe
D:\Program Files\JetAudio\JetAudio.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\taskmgr.exe
D:\Utils & drivers\WindowsEnablerv1.1\Windows Enabler.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: PDFXChange 4.0: {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - d:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: PDFXChange 4.0: {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - d:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
EB: Advanced IE History: {B42BB49F-1437-447D-998C-7566DFF8AC83} - C:\Program Files (x86)\Advanced IE History Bar\AdvHistoryBar.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [BCSSync] :"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Acrobat Assistant 8.0] :"D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [UnlockerAssistant] "D:\Utils & drivers\Unlocker\UnlockerAssistant.exe"
mRun: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe"
mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe" /d=60
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\NIERRO~2.LNK - C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\NIERRO~1.LNK - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoInternetIcon = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {05BA0540-AFBA-4046-AB45-6FF554DFB9A2} - {B42BB49F-1437-447D-998C-7566DFF8AC83}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 193.213.112.4 130.67.15.198
TCP: Interfaces\{00F614CB-A5C5-4CE5-B592-513E39AB37E3} : DHCPNameServer = 193.213.112.4 130.67.15.198
TCP: Interfaces\{00F614CB-A5C5-4CE5-B592-513E39AB37E3}\348696E616F5E45647 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{00F614CB-A5C5-4CE5-B592-513E39AB37E3}\4586F6D637F6E6138353034434 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{00F614CB-A5C5-4CE5-B592-513E39AB37E3}\4656661657C647 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{00F614CB-A5C5-4CE5-B592-513E39AB37E3}\56465727F616D6 : DHCPNameServer = 158.37.87.2 158.37.87.5
TCP: Interfaces\{00F614CB-A5C5-4CE5-B592-513E39AB37E3}\75F627D686F6C656F594E66696E6964797 : DHCPNameServer = 109.247.114.4 81.167.36.11 192.168.10.1
TCP: Interfaces\{BDDAC08C-3026-4E58-921E-7F0C91C832B8} : NameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [AdobeAAMUpdater-1.0] :"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 amer.hops.glbdns.microsoft.com
Hosts: 127.0.0.1 counter.kaspersky.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 stats.f-secure.com
Hosts: 127.0.0.1 ads.mcafee.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\
FF - prefs.js: browser.startup.homepage - about:sessionrestore
FF - prefs.js: network.proxy.ftp - 111.119.233.129
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 111.119.233.129
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 111.119.233.129
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 111.119.233.129
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Users\CHB\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 4e73a6f200000000000000ff986ce3b6
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15939
FF - user.js: extensions.delta.vrsn - 1.8.24.5
FF - user.js: extensions.delta.vrsni - 1.8.24.5
FF - user.js: extensions.delta.vrsnTs - 1.8.24.513:35:57
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=123884&tt=200813_245&tsp=4982
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2013-12-13 36608]
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2012-8-25 56016]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-11-25 14456]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-6-5 633704]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-6-5 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-9 19264]
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2012-12-18 16984]
R0 nipxibaf;National Instruments PXI Bridge Access Driver;C:\Windows\System32\drivers\nipxibaf.sys [2013-2-11 87288]
R0 nipxibrc;National Instruments PXI Bridge Configuration Driver;C:\Windows\System32\drivers\nipxibrc.sys [2013-3-6 70336]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-9-1 73296]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Internet Security\a2ddax64.sys [2014-9-17 26176]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [2012-8-25 57936]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2012-8-25 92176]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-8-25 14904]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [2014-9-17 4784144]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-7-9 239616]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2012-8-25 219760]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 315352]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-25 166720]
R2 nidevldu;NI Device Loader;C:\Windows\SysWOW64\nidevldu.exe [2013-3-4 102040]
R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2013-5-11 260976]
R2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2013-6-19 176512]
R2 nipxirmk;nipxirmk;C:\Windows\System32\drivers\nipxirmkl.sys [2013-3-14 13432]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2013-7-9 46080]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-25 365376]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-1-8 3674864]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Internet Security\a2accx64.sys [2014-9-17 71472]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [2014-9-17 57024]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2014-1-10 21656]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2012-8-25 202176]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;C:\Program Files (x86)\F-Secure\common\FNRB32.exe [2012-8-25 166512]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2012-8-25 60352]
R3 fwndis;Emsisoft Firewall NDIS driver;C:\Windows\System32\drivers\fwndis64.sys [2014-9-17 38408]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-31 450520]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-2-6 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-2-6 795632]
R3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2012-7-27 26208]
R3 nidimk;nidimk;C:\Windows\System32\drivers\nidimkl.sys [2012-6-28 13000]
R3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;C:\Windows\System32\drivers\niede.sys [2010-6-15 38064]
R3 nimru2k;nimru2k;C:\Windows\System32\drivers\nimru2kl.sys [2012-6-28 13008]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-1-22 313048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-23 939224]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-5-13 31472]
S1 EfwTdiFlt;Emsisoft TDI Filter;C:\Program Files (x86)\Emsisoft Internet Security\fwtdi64.sys [2014-9-17 38432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2014-7-7 72992]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-9 7168]
S2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2013-6-8 57696]
S2 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2013-6-8 81248]
S2 NISystemWebServer;NI System Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2013-6-8 57680]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-1 230920]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-6-9 849408]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-9-9 21712]
S3 EvoSvc;Evolve Service;D:\Program Files\Echobit\Evolve\EvoSvc.exe [2014-1-10 1579936]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-7-9 60928]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-2-8 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-8-25 14748416]
S3 lvalarmk;lvalarmk;C:\Windows\System32\drivers\lvalarmk.sys [2013-6-17 27528]
S3 MiniProWdf;WDF MiniProWdf Service;C:\Windows\System32\drivers\MiniProWdf.sys [2012-8-31 17216]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-8 284912]
S3 ni1006k;NI PXI-1006 Chassis Pilot;C:\Windows\System32\drivers\ni1006k.sys [2013-2-12 30800]
S3 ni1045k;NI PXI-1045 Chassis Pilot;C:\Windows\System32\drivers\ni1045kl.sys [2013-2-12 12984]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;C:\Windows\System32\drivers\ni1065k.sys [2013-2-12 27832]
S3 nicdcck;nicdcck;C:\Windows\System32\drivers\nicdcckl.sys [2012-7-23 12992]
S3 nicdrk;nicdrk;C:\Windows\System32\drivers\nicdrkl.sys [2011-7-21 11864]
S3 nicmrk;nicmrk;C:\Windows\System32\drivers\nicmrkl.sys [2013-6-25 13456]
S3 nicondrk;nicondrk;C:\Windows\System32\drivers\nicondrkl.sys [2013-6-25 13416]
S3 nicsrk;nicsrk;C:\Windows\System32\drivers\nicsrkl.sys [2013-6-25 15176]
S3 nidmxfk;nidmxfk;C:\Windows\System32\drivers\nidmxfkl.sys [2013-3-4 13416]
S3 nidsark;nidsark;C:\Windows\System32\drivers\nidsarkl.sys [2013-2-13 13432]
S3 niemrk;niemrk;C:\Windows\System32\drivers\niemrkl.sys [2013-6-25 15176]
S3 niesrk;niesrk;C:\Windows\System32\drivers\niesrkl.sys [2013-6-25 15176]
S3 nimsdrk;nimsdrk;C:\Windows\System32\drivers\nimsdrkl.sys [2013-3-4 13480]
S3 nimstsk;nimstsk;C:\Windows\System32\drivers\nimstskl.sys [2013-3-4 13448]
S3 nimxpk;nimxpk;C:\Windows\System32\drivers\nimxpkl.sys [2013-3-4 13448]
S3 ninshsdk;ninshsdk;C:\Windows\System32\drivers\ninshsdkl.sys [2012-10-9 13000]
S3 nipalfwedl;nipalfwedl;C:\Windows\System32\drivers\nipalfwedl.sys [2012-12-19 13624]
S3 nipalusbedl;nipalusbedl;C:\Windows\System32\drivers\nipalusbedl.sys [2012-12-19 13624]
S3 nipxigpk;NI PXI Generic Chassis Pilot;C:\Windows\System32\drivers\nipxigpk.sys [2011-8-9 22680]
S3 niraptrk;niraptrk;C:\Windows\System32\drivers\niraptrkl.sys [2013-6-25 15176]
S3 niraptrkw;niraptrkw;C:\Windows\System32\drivers\niraptrkw.sys [2013-6-25 14664]
S3 niscdk;niscdk;C:\Windows\System32\drivers\niscdkl.sys [2012-3-7 12984]
S3 nisdigk;nisdigk;C:\Windows\System32\drivers\nisdigkl.sys [2012-7-2 12960]
S3 nisftk;nisftk;C:\Windows\System32\drivers\nisftkl.sys [2012-6-1 12952]
S3 nispdk;nispdk;C:\Windows\System32\drivers\nispdkl.sys [2012-3-7 12984]
S3 nissrk;nissrk;C:\Windows\System32\drivers\nissrkl.sys [2013-6-25 15176]
S3 nistc2k;nistc2k;C:\Windows\System32\drivers\nistc2kl.sys [2009-1-5 11824]
S3 nistc3rk;nistc3rk;C:\Windows\System32\drivers\nistc3rkl.sys [2013-2-7 13416]
S3 nistcrk;nistcrk;C:\Windows\System32\drivers\nistcrkl.sys [2011-7-18 12968]
S3 niswdk;niswdk;C:\Windows\System32\drivers\niswdkl.sys [2013-5-24 15176]
S3 nitiork;nitiork;C:\Windows\System32\drivers\nitiorkl.sys [2013-2-7 13440]
S3 niufurk;niufurk;C:\Windows\System32\drivers\niufurkl.sys [2012-10-8 13008]
S3 niufurkw;niufurkw;C:\Windows\System32\drivers\niufurkw.sys [2012-10-8 12496]
S3 niwfrk;niwfrk;C:\Windows\System32\drivers\niwfrkl.sys [2013-6-25 15176]
S3 nixsrk;nixsrk;C:\Windows\System32\drivers\nixsrkl.sys [2013-6-25 15176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-16 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-16 180736]
S3 PVUSB;CESG502 64bit USB Driver;C:\Windows\System32\drivers\CESG64.sys [2007-2-19 63808]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-3 19456]
S3 SbieDrv;SbieDrv;D:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-11-30 35112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-3 30208]
S3 VSPerfDrv100;Performance Tools Driver 10.0;D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-10-3 1137016]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2013-10-9 1689976]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-10-3 1157496]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys [2012-8-25 39792]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys [2012-8-25 25200]
S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-09-17 10:04:57    38408    ----a-w-    C:\Windows\System32\drivers\fwndis64.sys
2014-09-17 10:04:43    --------    d-----w-    C:\Program Files (x86)\Emsisoft Internet Security
2014-09-17 10:03:29    --------    d-----w-    C:\ProgramData\TrojanHunter
2014-09-17 10:03:21    --------    d-----w-    C:\Program Files (x86)\TrojanHunter 5.6
2014-09-17 09:18:25    --------    d-----w-    C:\Windows\SysWow64\AGEIA
2014-09-17 09:16:00    --------    d-----w-    C:\## InstallShield2 ##
2014-09-16 06:22:48    11578928    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08F97FB4-A84D-45BD-946A-878ECA3A10D7}\mpengine.dll
2014-09-15 10:40:57    --------    d-----w-    C:\Users\CHB\AppData\Local\GOG.com
2014-09-11 21:54:35    --------    d-----w-    C:\Users\CHB\AppData\Roaming\GameMaker-Studio
2014-09-11 18:43:20    --------    d-----w-    C:\Users\CHB\AppData\Roaming\qfsm
2014-09-11 18:43:19    --------    d-----w-    C:\Users\CHB\.qfsm
2014-09-11 08:33:46    466944    ----a-w-    C:\Windows\SysWow64\Softlocx3.ocx
2014-09-11 08:33:45    77878    ----a-w-    C:\Windows\SysWow64\temp.002
2014-09-11 08:33:20    278581    ----a-w-    C:\Windows\SysWow64\temp.001
2014-09-10 13:09:25    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 13:09:25    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 08:25:05    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-09-10 08:25:04    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 08:24:53    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-09-10 08:24:52    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 08:24:37    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-10 08:24:37    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-10 08:24:37    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-10 08:24:37    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-10 08:24:37    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-09 11:21:47    --------    d-----w-    C:\Users\CHB\AppData\Local\.altair_licensing
2014-09-09 11:21:47    --------    d-----w-    C:\ProgramData\altair
2014-09-08 17:47:26    --------    d-----w-    C:\Users\CHB\AppData\Local\Parallax
2014-09-05 14:16:24    47216    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-09-05 14:16:23    3231696    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-03 04:49:36    169984    ----a-w-    C:\Windows\System32\drivers\ser2pl64.sys
2014-09-02 22:08:15    --------    d-----w-    C:\Users\CHB\AppData\Roaming\ShurikSoft
2014-09-01 09:25:26    --------    d-----w-    C:\Users\CHB\AppData\Local\VMware
2014-09-01 09:24:06    73296    ----a-w-    C:\Windows\System32\drivers\vsock.sys
2014-09-01 09:24:06    67664    ----a-w-    C:\Windows\System32\vsocklib.dll
2014-09-01 09:24:06    63568    ----a-w-    C:\Windows\SysWow64\vsocklib.dll
2014-09-01 09:24:04    64728    ----a-w-    C:\Windows\System32\drivers\vmx86.sys
2014-09-01 09:24:04    33496    ----a-w-    C:\Windows\System32\drivers\VMkbd.sys
2014-09-01 09:21:18    359128    ----a-w-    C:\Windows\SysWow64\vmnetdhcp.exe
2014-09-01 09:21:14    437976    ----a-w-    C:\Windows\SysWow64\vmnat.exe
2014-09-01 09:21:14    31448    ----a-w-    C:\Windows\System32\drivers\vmnetuserif.sys
2014-09-01 09:21:12    931032    ----a-w-    C:\Windows\System32\vnetlib64.dll
2014-09-01 09:21:06    54464    ----a-w-    C:\Windows\System32\drivers\hcmon.sys
2014-09-01 09:21:05    38720    ----a-w-    C:\Windows\System32\drivers\vmusb.sys
2014-09-01 09:20:54    --------    d-----w-    C:\Program Files\Common Files\VMware
2014-09-01 09:19:44    --------    d-----w-    C:\Program Files (x86)\Common Files\VMware
2014-08-31 19:32:45    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-31 19:32:45    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-31 19:32:45    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-30 15:45:35    --------    d-----w-    C:\Program Files (x86)\Foxit Software
2014-08-30 10:22:35    --------    d-----w-    C:\Users\CHB\.swt
2014-08-29 14:31:17    217088    ----a-w-    C:\Windows\_detmp.2
2014-08-29 07:43:29    306688    ----a-w-    C:\Windows\IsUn040a.exe
2014-08-29 07:41:45    306688    ----a-w-    C:\Windows\IsUn0407.exe
2014-08-29 06:36:18    8464    ----a-w-    C:\Windows\SysWow64\odbccp32.cpl
2014-08-29 06:36:18    4656    ----a-w-    C:\Windows\SysWow64\ds16gt.dll
2014-08-29 06:36:18    32256    ----a-w-    C:\Windows\SysWow64\_UNODBC.dll
2014-08-29 06:36:18    26224    ----a-w-    C:\Windows\SysWow64\odbc16gt.dll
2014-08-29 06:35:34    40960    ----a-w-    C:\Windows\SysWow64\cp551inf.dll
2014-08-29 06:35:34    30720    ----a-w-    C:\Windows\SysWow64\drivers\s7ondisx.sys
2014-08-29 06:33:55    64432    ----a-w-    C:\Windows\SysWow64\threed.vbx
2014-08-29 06:33:55    398416    ----a-w-    C:\Windows\SysWow64\vbrun300.dll
2014-08-29 06:33:54    5632    ----a-w-    C:\Windows\SysWow64\mfcuia32.dll
2014-08-29 06:33:54    4096    ----a-w-    C:\Windows\SysWow64\mfcuiw32.dll
2014-08-29 06:33:54    166408    ----a-w-    C:\Windows\SysWow64\MSMASK32.OCX
2014-08-29 06:33:54    133904    ----a-w-    C:\Windows\SysWow64\MFCANS32.DLL
2014-08-29 06:33:54    133392    ----a-w-    C:\Windows\SysWow64\MFCO30.DLL
2014-08-28 22:35:03    --------    d-----w-    C:\ProgramData\Siemens
2014-08-28 22:27:47    --------    d-----w-    C:\Program Files (x86)\Common Files\Siemens
.
==================== Find3M  ====================
.
2014-09-15 06:52:36    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 06:52:36    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-25 04:53:42    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-07 17:07:30    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 15:46:13    451    ----a-w-    C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-25 10:32:44    4608    ----a-w-    C:\Windows\SysWow64\w95inf32.dll
2014-07-25 10:32:44    2272    ----a-w-    C:\Windows\SysWow64\w95inf16.dll
2014-07-25 00:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-23 14:56:19    144    ----a-w-    C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-23 09:27:59    376832    ----a-w-    C:\Windows\SysWow64\iascfg.cpl
2014-07-23 09:27:59    241664    ----a-w-    C:\Windows\SysWow64\earias.dll
2014-07-23 09:27:59    233472    ----a-w-    C:\Windows\SysWow64\earpds.dll
2014-07-22 13:14:46    137376    ----a-w-    C:\Windows\System32\vcomp120.dll
2014-07-17 12:57:36    724992    ----a-w-    C:\Windows\iun6002.exe
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 15:51:54    7102496    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2014-07-09 15:51:46    6879016    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2014-07-09 15:51:40    7892000    ----a-w-    C:\Windows\System32\atiumd6a.dll
2014-07-09 15:51:36    8108312    ----a-w-    C:\Windows\System32\atiumd64.dll
2014-07-09 15:47:38    276192    ----a-w-    C:\Windows\System32\drivers\amdacpksd.sys
2014-07-09 15:45:04    15950848    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2014-07-09 15:35:46    231424    ----a-w-    C:\Windows\System32\clinfo.exe
2014-07-09 15:35:40    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2014-07-09 15:35:38    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2014-07-09 15:35:36    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2014-07-09 15:35:36    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2014-07-09 15:35:34    32876544    ----a-w-    C:\Windows\System32\amdocl64.dll
2014-07-09 15:34:48    27843072    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2014-07-09 15:34:04    65024    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-07-09 15:34:02    58880    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-07-09 15:33:16    27529216    ----a-w-    C:\Windows\System32\atio6axx.dll
2014-07-09 15:31:22    127488    ----a-w-    C:\Windows\System32\mantle64.dll
2014-07-09 15:31:18    113664    ----a-w-    C:\Windows\SysWow64\mantle32.dll
2014-07-09 15:31:12    5225472    ----a-w-    C:\Windows\System32\amdmantle64.dll
2014-07-09 15:28:34    366592    ----a-w-    C:\Windows\System32\atiapfxx.exe
2014-07-09 15:28:30    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2014-07-09 15:28:30    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2014-07-09 15:28:28    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2014-07-09 15:28:26    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2014-07-09 15:28:22    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2014-07-09 15:28:16    4180992    ----a-w-    C:\Windows\SysWow64\amdmantle32.dll
2014-07-09 15:28:08    23028224    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2014-07-09 15:27:30    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2014-07-09 15:26:58    48128    ----a-w-    C:\Windows\System32\amdmmcl6.dll
2014-07-09 15:26:58    37888    ----a-w-    C:\Windows\SysWow64\amdmmcl.dll
2014-07-09 15:25:46    91648    ----a-w-    C:\Windows\System32\mantleaxl64.dll
2014-07-09 15:25:42    85504    ----a-w-    C:\Windows\SysWow64\mantleaxl32.dll
2014-07-09 15:24:10    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2014-07-09 15:24:08    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2014-07-09 15:24:06    588800    ----a-w-    C:\Windows\System32\atieclxx.exe
2014-07-09 15:24:00    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2014-07-09 15:23:46    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2014-07-09 15:21:14    826368    ----a-w-    C:\Windows\System32\coinst_14.20.dll
2014-07-09 15:20:04    1207296    ----a-w-    C:\Windows\System32\atiadlxx.dll
2014-07-09 15:20:02    898560    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2014-07-09 15:19:58    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2014-07-09 15:19:58    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2014-07-09 15:19:58    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2014-07-09 15:19:56    95744    ----a-w-    C:\Windows\System32\amdave64.dll
2014-07-09 15:19:56    146944    ----a-w-    C:\Windows\System32\atig6txx.dll
2014-07-09 15:19:54    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2014-07-09 15:19:54    133632    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2014-07-09 15:19:52    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2014-07-09 15:19:50    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2014-07-09 15:19:50    557056    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2014-07-09 15:17:36    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2014-07-09 09:39:16    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2014-07-09 09:37:40    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2014-07-09 02:03:23    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
.
============= FINISH: 22:47:34,28 ===============
 

Attached Files


Edited by inputoutput, 17 September 2014 - 04:38 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 22 September 2014 - 08:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Download Malwarebytes' Anti-Malware from Here

    Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
    • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
    • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
    • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
    • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
    • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
    • The scan may take some time to finish,so please be patient.
    • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
    • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
    • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
    POST THE LOG FOR MY REVIEW.

    Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.

    ===

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    IMPORTANT
    • If you click the Clean button all items listed in the report will be removed.
    If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Check off the element(s) you wish to keep.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
    ===

    Download the version of this tool for your operating system.
    Farbar Recovery Scan Tool (64 bit)
    Farbar Recovery Scan Tool (32 bit)
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===

    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.

    How is the computer running?
    Wait for further instructions.


#3 inputoutput

inputoutput
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 24 September 2014 - 05:33 AM

Hi. Thanks for your response, I will follow the instructions asap (currently have pressing matters at hand).



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 29 September 2014 - 07:30 AM

Are you still with me?

#5 inputoutput

inputoutput
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 30 September 2014 - 02:10 PM

Yes. I am sorry for taking so long. Sometime within the next 24 hours from now should do it!



#6 inputoutput

inputoutput
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 October 2014 - 02:23 PM

The computer has run fine since the event happened.
 
The Malware Bytes Log:
- Note: the detected trojan under "Q3Wallhack..." is detected as such due to the program's nature (hooks onto the game Quake 3's exe), the zip includes source-code and is not harmful nor has the program been run yet.
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01.10.2014
Scan Time: 20:59:04
Logfile: mbam-log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.01.09
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: CHB

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 427139
Time Elapsed: 7 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [70159c539ddefb3b70d2527a26dce818],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [70159c539ddefb3b70d2527a26dce818],
PUP.Optional.Babylon.A, HKU\S-1-5-21-143089826-2696377215-1423231580-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [a3e219d6b9c214225f75d6bc8e74f30d],
PUP.Optional.Babylon.A, HKU\S-1-5-21-143089826-2696377215-1423231580-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Redir, , [394c4ea1ec8f87af547e52059d67ff01],
PUP.Optional.Babylon.A, HKU\S-1-5-21-143089826-2696377215-1423231580-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [b2d348a76f0c0036e3f00a4dfe064bb5],
PUP.Optional.BProtector.A, HKU\S-1-5-21-143089826-2696377215-1423231580-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, , [5d286b84aad1a492e733c09a798b37c9],

Registry Values: 2
PUP.BProtector, HKU\S-1-5-21-143089826-2696377215-1423231580-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://www1.delta-search.com/?babsrc=HP_ss&mntrId=4E7300FF986CE3B6&affID=123884&tt=200813_245&tsp=4982, , [4c39905fd2a95bdb4c85b1a5dd2710f0]
PUP.BProtector, HKU\S-1-5-21-143089826-2696377215-1423231580-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [3c490ce3d3a8c274458dce888c788878]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.BrowserDefender.A, C:\ProgramData\BrowserDefender\2.6.1562.220, , [0d78fcf3116afc3a2358914e4eb46a96],
PUP.Optional.BrowserDefender.A, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}, , [0d78fcf3116afc3a2358914e4eb46a96],

Files: 29
Trojan.Agent.H, C:\Users\CHB\Desktop\Q3Wallhack0_3_autoshoot_.zip, , [c7be6887433856e09d756dc6ca38e818],
PUP.Optional.BProtector.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\bProtector_extensions.sqlite, , [90f523cccbb01125cf06b18419ea8c74],
PUP.Optional.BProtector.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\bProtector_prefs.js, , [89fc20cfa5d60a2c4096ba7b0ff4ee12],
PUP.Optional.BrowserDefender.A, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl, , [0d78fcf3116afc3a2358914e4eb46a96],
PUP.Optional.BrowserDefender.A, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings, , [0d78fcf3116afc3a2358914e4eb46a96],
PUP.Optional.BrowserDefender.A, C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm, , [0d78fcf3116afc3a2358914e4eb46a96],
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), ,[7f06bb34d8a3290d30ae4df6e71e9c64]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), ,[790c0fe0245780b6ab33a3a07b8a916f]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), ,[1075cc23106bf343756983c08c79c23e]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), ,[cabb519ee7947bbbbf1f6ed5f80dcf31]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "en");), ,[dda87e71e09ba3935e80a3a017eefc04]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), ,[f19407e81665b2841cc20e3526dfa858]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), ,[30556986453645f1835bff446d984db3]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "4e73a6f200000000000000ff986ce3b6");), ,[3b4a6d82c8b3af877866eb5817ee6a96]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15939");), ,[e3a2dc13e7943006d20c54ef7b8afb05]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), ,[b7ce29c683f82e086e7056edeb1ab34d]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), ,[d4b1cd22255695a109d5ea59d62f619f]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), ,[f293757a2f4c10265d81bc87d92c6b95]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), ,[a0e56f807b009e980cd256ed9d6830d0]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), ,[b2d34fa0bfbc31053ba3eb5831d4f907]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), ,[97ee1dd2413a67cfb826dc678b7a32ce]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), ,[f68f01ee502b11256876b98af60fd729]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), ,[543123ccf388d1650cd277cc47be659b]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.24.5");), ,[2c59658af08b1a1cc01ed66d26dfd52b]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.24.513:35:57");), ,[bdc8806ff2891e18ecf2d172f90c51af]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.24.5");), ,[dda8c926413a1e18904eea59cc39b050]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babExt", "");), ,[e69fe20d4b30f541f4ea0c3747be0ff1]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babTrack", "affID=123884&tt=200813_245&tsp=4982");), ,[add8816ed2a93204489655ee7491ca36]
PUP.Optional.Delta.A, C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.srcExt", "ss");), ,[533239b6681369cd24bac28157ae0cf4]

Physical Sectors: 0
(No malicious items detected)


(end)
 
 
The AdwCleaner log:

# AdwCleaner v3.311 - Report created 01/10/2014 at 21:44:16
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : CHB - SUNSTORMEXPRESS
# Running from : C:\Users\CHB\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\CHB\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\CHB\AppData\Local\eSupport.com
Folder Deleted : C:\Users\CHB\AppData\Local\Mobogenie
Folder Deleted : C:\Users\CHB\AppData\Local\PackageAware
Folder Deleted : C:\Users\CHB\AppData\LocalLow\Delta
Folder Deleted : C:\Users\CHB\AppData\Roaming\Babylon
Folder Deleted : C:\Users\CHB\AppData\Roaming\Driver Pro
Folder Deleted : C:\Users\CHB\Documents\Mobogenie
Folder Deleted : C:\Users\CHB\Documents\Optimizer Pro
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\5hilwz8o.default\adawaretb
Folder Deleted : C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\adawaretb
[x] Not Deleted : C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\invalidprefs.js
[x] Not Deleted : C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\5f53d9dae53aba43
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Driver Pro
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{31A184AC-4ACA-463B-BE84-F4ABA7FC4655}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0 (x86 en-GB)

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\5hilwz8o.default\prefs.js ]

Line Deleted : user_pref("extensions.daplinkchecker@speedbit.com.install-event-fired", true);

[ File : C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\prefs.js ]

Line Deleted : user_pref("extensions.daplinkchecker@speedbit.com.install-event-fired", true);
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "4e73a6f200000000000000ff986ce3b6");
Line Deleted : user_pref("extensions.delta.instlDay", "15939");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.513:35:57");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=123884&tt=200813_245&tsp=4982");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
Line Deleted : user_pref("extensions.rdr.whitelist", "abp:// ed2k:// file:// web.archive.org babelfish.altavista.com hxxp://*.*.*.*/translate_c? jigsaw.w3.org validator.w3.org hxxp://*.php.net/manual/add-note.php? p[...]

*************************

AdwCleaner[R0].txt - [5752 octets] - [01/10/2014 21:32:33]
AdwCleaner[S0].txt - [5383 octets] - [01/10/2014 21:44:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5443 octets] ##########
 
 
The FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02
Ran by CHB (administrator) on SUNSTORMEXPRESS on 01-10-2014 21:54:24
Running from C:\Users\CHB\Desktop\FRST64
Loaded Profile: CHB (Available profiles: admin & CHB)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-

farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================
*
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nidevldu.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder

\nimdnsResponder.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipxism.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer

\SystemWebServer.exe
(VMware, Inc.) D:\Program Files (x86)\VMWare\VMWare Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery

\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer

\ApplicationWebServer.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application

\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not

be moved.)

HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek

Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-04-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\Common\FSM32.EXE [301680 2009-11-26] (F-

Secure Corporation)
HKLM-x32\...\Run: [F-Secure TNB] => C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe [1653360 2009-11-26] (F-Secure

Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP

\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver

\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05]

(Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20]

(Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

[277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392

2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe

[767200 2014-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UnlockerAssistant] => D:\Utils & drivers\Unlocker\UnlockerAssistant.exe [15872 2010-03-09] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21]

(Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-143089826-2696377215-1423231580-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft

Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-143089826-2696377215-1423231580-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-143089826-2696377215-1423231580-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-143089826-2696377215-1423231580-1001\...\Policies\Explorer: [NoInternetIcon] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()
GroupPolicyUsers\S-1-5-21-143089826-2696377215-1423231580-1003\User: Group Policy restriction detected <=======

ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
SearchScopes: HKCU - {75CDBB7D-3629-454C-A2FA-D27EDB79058B} URL = http://www.ha.com/c/search.zx?txtSearch=

{searchTerms}
SearchScopes: HKCU - {77DCA67A-85B3-4145-87D9-EB4694AD5D6A} URL =

http://addons.alltheinternet.com/texis/open/search?q={searchTerms}
SearchScopes: HKCU - {C71B3333-CC70-4089-B365-842CC9F069BC} URL = http://www.ehow.com/search.aspx?s={searchTerms}
SearchScopes: HKCU - {E86BEB5F-488C-49A2-9C21-723C4ED5A22B} URL = http://www.scribd.com/opensearch?query=

{searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office

\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common

Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office

\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files

(x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> d:\Program Files\Tracker Software\PDF-XChange

4\PXCIEAddin4.dll (Tracker Softaware)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft

Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java

\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common

Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft

Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Browsing Protection Class -> {C6867EB7-8350-4856-877F-93CF8AE3DC9C} -> C:\Program Files (x86)\F-Secure\NRS

\iescript\baselitmus.dll (F-Secure Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java

\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files

(x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} -  No File
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox

\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.26.dll No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} -  No File
Toolbar: HKLM-x32 - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - d:\Program Files\Tracker Software

\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\CHB\AppData\Roaming\Mozilla

\Firefox\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.26.dll No

File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files

(x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
Toolbar: HKCU - No Name - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884}

http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0}

https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E}

http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29}

http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512]

(National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National

Instruments Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.213.112.4 130.67.15.198
Tcpip\..\Interfaces\{BDDAC08C-3026-4E58-921E-7F0C91C832B8}: [NameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default
FF Homepage: about:sessionrestore
FF NetworkProxy: "backup.ftp", "117.218.37.18"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "117.218.37.18"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "117.218.37.18"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "111.119.233.129"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "111.119.233.129"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "111.119.233.129"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "111.119.233.129"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll (

Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft

Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities

\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems,

Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel®

Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management

Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

(Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

(Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight

\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft

Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft

Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster

\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser

\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems

Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities

\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} -> C:\Users\CHB\AppData\Local\Alibaba\AliSetup

\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF user.js: detected! => C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit

Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll (National

Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National

Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win64.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll (National

Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win64.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll (National

Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll (National

Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National

Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: CacheViewer2 - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\cacheview2@scriptkitz.ml [2014-09-12]
FF Extension: Fastest Search - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\fastestsearch@mingyi.org [2014-02-19]
FF Extension: HTTPS-Everywhere - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\https-everywhere@eff.org [2014-09-16]
FF Extension: DOM Inspector - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\inspector@mozilla.org [2013-12-23]
FF Extension: TooManyTabs - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\TooManyTabs@visibotech.com [2014-06-07]
FF Extension: Visual Studio Test Helper - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default

\Extensions\visualstudiotesthelper@microsoft.com [2013-01-09]
FF Extension: EPUBReader - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-22]
FF Extension: Memory Fox - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2014-06-26]
FF Extension: Disconnect - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\2.0@disconnect.me.xpi [2013-12-22]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default

\Extensions\adblockpopups@jessehakanen.net.xpi [2012-08-30]
FF Extension: Ghostery - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\firefox@ghostery.com.xpi [2013-08-19]
FF Extension: IP to Geolocation - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\firefox@ip-api.com.xpi [2013-12-22]
FF Extension: Google Disconnect - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\google@disconnect.me.xpi [2012-08-30]
FF Extension: Grab Them All - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\grabthemall@zelazko.info.xpi [2013-01-02]
FF Extension: Inspect Context - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\inspectcontext@max.max.xpi [2013-12-22]
FF Extension: ipbleep - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\ipbleep@p4ul.info.xpi [2013-12-22]
FF Extension: Enhanced Steam - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2013-12-22]
FF Extension: Frame-it Plugin - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\jid1-aqjpDA0DEol5kg@jetpack.xpi [2013-01-04]
FF Extension: Lightbeam - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\jid1-

F9UJ2thwoAm5gQ@jetpack.xpi [2013-01-02]
FF Extension: Idderall - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\jid1-

u6nQDbYs4ZJDAy@jetpack.xpi [2013-12-22]
FF Extension: google-no-tracking-url - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default

\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2012-12-30]
FF Extension: KillSpinners - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\killspinners@byo.co.il.xpi [2013-12-22]
FF Extension: Clickjacking Reveal - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default

\Extensions\no-clickjacking@daohoangson.com.xpi [2013-12-22]
FF Extension: Prevent Out Of Virtual Memory Crashes - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles

\p8sd28e3.default\Extensions\PreventOutOfVirtualMemoryCrashes@ZXSpectrum.xpi [2014-06-26]
FF Extension: Referrer Control - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\referrercontrol@qixinglu.com.xpi [2013-12-22]
FF Extension: Stacked Inspector - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\stackedinspector@example.com.xpi [2013-12-22]
FF Extension: Suspend Tab - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\suspendtab@piro.sakura.ne.jp.xpi [2014-06-26]
FF Extension: Resurrect Pages - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2012-09-01]
FF Extension: Session Manager - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-06-30]
FF Extension: SettingSanity - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{12A60D0F-0077-4F41-81B2-1286DDD278BB}.xpi [2013-12-22]
FF Extension: FlashGot - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-08-30]
FF Extension: NoScript - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-08-30]
FF Extension: YouTube High Definition - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default

\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF Extension: Adblock Plus - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-30]
FF Extension: BetterPrivacy - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-08-30]
FF Extension: Extended Statusbar - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default

\Extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2012-08-30]
FF Extension: Edit Cookies - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2013-01-02]
FF Extension: Redirect Remover - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions

\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [litmus-ff@f-secure.com] - C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-

secure.com
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-secure.com [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat

11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

[2014-03-09]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe\Acrobat

11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved

unless listed separately.)

S3 EvoSvc; d:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-17] (Echobit LLC)
S2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [219760 2009-11-26]

(F-Secure Corporation)
S3 F-Secure Network Request Broker; C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [166512 2009-11-26] (F-Secure

Corporation)
S3 FSDFWD; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [844400 2009-11-26] (F-Secure Corporation)
S2 FSMA; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [186992 2009-11-26] (F-Secure Corporation)
S3 FSORSPClient; C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [60352 2013-06-05] (F-Secure Corporation)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.)

[File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

[72992 2014-07-07] (Hewlett-Packard Company)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012

-07-09] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04]

(Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012

-07-25] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12]

(Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes

Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-10] (National Instruments

Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

[57696 2013-06-08] (National Instruments Corporation)
S2 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

[81248 2013-06-08] (National Instruments Corporation)
R2 nidevldu; C:\Windows\SysWOW64\nidevldu.exe [102040 2013-03-04] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12]

(National Instruments Corporation)
S2 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688

2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976

2013-05-11] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [176512

2013-06-19] (National Instruments Corporation)
R2 nipxirmu; C:\Windows\SysWOW64\nipxism.exe [19056 2013-03-14] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National

Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680

2013-06-08] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07]

(National Instruments Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230920 2012-10

-01] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46080 2013-07-09] () [File not signed]
S4 SbieSvc; d:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 VMAuthdService; D:\Program Files (x86)\VMWare\VMWare Player\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel®

Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved

unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.) [File not signed]
R3 com0com; C:\Windows\System32\DRIVERS\com0com.sys [87736 2012-11-02] (Vyacheslav Frolov)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-01-10] (Echobit, LLC)
S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2010-04-19] (ELTIMA Software)
S4 F-Secure Filter; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [39792 2009-11-26] ()
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [202176 2013-07-11] (F-Secure

Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [57936 2009-11-26] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [25200 2009-11-26] ()
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2012-08-25] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [33408 2012-08-25] ()
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [92176 2009-11-26] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [14904 2009-11-26] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-25] (GFI Software)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
S3 ibtfltcoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [60928 2012-07-09] (Intel Corporation) [File not signed]
S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [14748416 2012-03-26] (Intel Corporation) [File not signed]
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
S3 lvalarmk; C:\Windows\system32\drivers\lvalarmk.sys [27528 2013-06-17] (National Instruments Corporation)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not

signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MiniProWdf; C:\Windows\System32\DRIVERS\MiniProWdf.sys [17216 2012-06-22] (http://www.autoelectric.cn)
S3 ni1006k; C:\Windows\system32\drivers\ni1006k.sys [30800 2013-02-12] (National Instruments Corporation)
S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [12984 2013-02-12] (National Instruments Corporation)
S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [27832 2013-02-12] (National Instruments Corporation)
S3 nicdcck; C:\Windows\system32\drivers\nicdcckl.sys [12992 2012-07-23] (National Instruments Corporation)
S3 nicdrk; C:\Windows\system32\drivers\nicdrkl.sys [11864 2011-07-21] (National Instruments Corporation)
S3 nicmrk; C:\Windows\system32\drivers\nicmrkl.sys [13456 2013-06-25] (National Instruments Corporation)
S3 nicondrk; C:\Windows\system32\drivers\nicondrkl.sys [13416 2013-06-25] (National Instruments Corporation)
S3 nicsrk; C:\Windows\system32\drivers\nicsrkl.sys [15176 2013-06-25] (National Instruments Corporation)
R3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [13000 2012-06-28] (National Instruments Corporation)
S3 nidmxfk; C:\Windows\system32\drivers\nidmxfkl.sys [13416 2013-03-04] (National Instruments Corporation)
S3 nidsark; C:\Windows\system32\drivers\nidsarkl.sys [13432 2013-02-13] (National Instruments Corporation)
S3 niemrk; C:\Windows\system32\drivers\niemrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 niesrk; C:\Windows\system32\drivers\niesrkl.sys [15176 2013-06-25] (National Instruments Corporation)
R3 NIEthernetDeviceEnumerator; C:\Windows\System32\DRIVERS\niede.sys [38064 2010-06-15] (National Instruments

Corporation)
R3 nimdbgk; C:\Windows\system32\drivers\nimdbgkl.sys [13000 2012-06-28] (National Instruments Corporation)
R3 nimru2k; C:\Windows\system32\drivers\nimru2kl.sys [13008 2012-06-28] (National Instruments Corporation)
S3 nimsdrk; C:\Windows\system32\drivers\nimsdrkl.sys [13480 2013-03-04] (National Instruments Corporation)
S3 nimstsk; C:\Windows\system32\drivers\nimstskl.sys [13448 2013-03-04] (National Instruments Corporation)
R3 nimxdfk; C:\Windows\system32\drivers\nimxdfkl.sys [12984 2012-06-28] (National Instruments Corporation)
S3 nimxpk; C:\Windows\system32\drivers\nimxpkl.sys [13448 2013-03-04] (National Instruments Corporation)
S3 ninshsdk; C:\Windows\system32\drivers\ninshsdkl.sys [13000 2012-10-09] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [12992 2012-06-28] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [13624 2012-12-19] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [926992 2012-12-19] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [13624 2012-12-19] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [16984 2012-12-18] (National Instruments Corporation)
R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [87288 2013-02-11] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [70336 2013-03-06] (National Instruments Corporation)
S3 nipxigpk; C:\Windows\system32\drivers\nipxigpk.sys [22680 2011-08-09] (National Instruments Corporation)
R2 nipxirmk; C:\Windows\system32\drivers\nipxirmkl.sys [13432 2013-03-14] (National Instruments Corporation)
S3 niraptrk; C:\Windows\system32\drivers\niraptrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 niraptrkw; C:\Windows\System32\DRIVERS\niraptrkw.sys [14664 2013-06-25] (National Instruments Corporation)
S3 niscdk; C:\Windows\system32\drivers\niscdkl.sys [12984 2012-03-07] (National Instruments Corporation)
S3 nisdigk; C:\Windows\system32\drivers\nisdigkl.sys [12960 2012-07-02] (National Instruments Corporation)
S3 nisftk; C:\Windows\system32\drivers\nisftkl.sys [12952 2012-06-01] (National Instruments Corporation)
S3 nispdk; C:\Windows\system32\drivers\nispdkl.sys [12984 2012-03-07] (National Instruments Corporation)
S3 nissrk; C:\Windows\system32\drivers\nissrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 nistc2k; C:\Windows\system32\drivers\nistc2kl.sys [11824 2009-01-05] (National Instruments Corporation)
S3 nistc3rk; C:\Windows\system32\drivers\nistc3rkl.sys [13416 2013-02-07] (National Instruments Corporation)
S3 nistcrk; C:\Windows\system32\drivers\nistcrkl.sys [12968 2011-07-18] (National Instruments Corporation)
S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [15176 2013-05-24] (National Instruments Corporation)
S3 nitiork; C:\Windows\system32\drivers\nitiorkl.sys [13440 2013-02-07] (National Instruments Corporation)
S3 niufurk; C:\Windows\system32\drivers\niufurkl.sys [13008 2012-10-08] (National Instruments Corporation)
S3 niufurkw; C:\Windows\System32\DRIVERS\niufurkw.sys [12496 2012-10-08] (National Instruments Corporation)
S3 niwfrk; C:\Windows\system32\drivers\niwfrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 nixsrk; C:\Windows\system32\drivers\nixsrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [95552 2004-01-26] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
S3 PVUSB; C:\Windows\System32\DRIVERS\CESG64.sys [63808 2007-02-19] (CASIO COMPUTER CO.,LTD.)
S3 SbieDrv; d:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-21] (Synaptics Incorporated)
U5 UnlockerDriver5; D:\Utils & drivers\Unlocker\UnlockerDriver5.sys [4096 2010-03-09] () [File not signed]
R3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2010-04-19] (ELTIMA Software)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools

\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [260608 2012-02-27] (Jungo)
S3 <NtDriverName>; \SystemRoot\System32\Drivers\<NtDriverName>.sys [X]
S0 Achernar; system32\Drivers\Achernar.sys [X]
S3 Aldebaran; \??\C:\Windows\system32\Drivers\Aldebaran.sys [X]
R3 ALSysIO; \??\C:\Users\CHB\AppData\Local\Temp\ALSysIO64.sys [X]
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [X]
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
S3 s7oefs_x; \SystemRoot\System32\drivers\s7oefs_x.sys [X]
U5 SNTIE; C:\Windows\SysWOW64\Drivers\SNTIE.sys [172032 2004-05-28] (Siemens AG) [File not signed]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
S3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 XHCIPort; system32\DRIVERS\XHCIPort.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed

separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 21:54 - 2014-10-01 21:54 - 00000000 ____D () C:\FRST
2014-10-01 21:53 - 2014-10-01 21:54 - 00000000 ____D () C:\Users\CHB\Desktop\FRST64
2014-10-01 21:31 - 2014-10-01 21:44 - 00000000 ____D () C:\AdwCleaner
2014-10-01 21:30 - 2014-10-01 21:30 - 01375089 _____ () C:\Users\CHB\Desktop\adwcleaner_3.311.exe
2014-10-01 20:55 - 2014-10-01 21:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\MBAMSwissArmy.sys
2014-10-01 20:55 - 2014-10-01 20:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-01 20:55 - 2014-10-01 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Malwarebytes Anti-Malware
2014-10-01 20:55 - 2014-10-01 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-01 20:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbamchameleon.sys
2014-10-01 20:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 20:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-01 12:34 - 2014-10-01 12:34 - 01482084 _____ () C:\Users\CHB\Desktop\NXT-Segway.zip
2014-10-01 10:28 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:28 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 11:32 - 2014-09-30 11:32 - 00023802 _____ () C:\Users\CHB\Desktop\Script-samling (3D-system).gml
2014-09-30 10:32 - 2014-09-30 10:32 - 00046592 ____N () C:\Users\CHB\Desktop\HiB - Fag-plan HEAU_12.xls
2014-09-29 16:27 - 2014-09-29 16:28 - 134382716 _____ () C:\Users\CHB\Desktop\Diligence isn't a Personality Type

it's a Skill You Learn.mp4
2014-09-29 15:04 - 2014-09-29 15:04 - 00415232 _____ (Farbar) C:\Users\CHB\Desktop\FSS.exe
2014-09-29 15:04 - 2014-09-29 15:04 - 00401920 _____ (Farbar) C:\Users\CHB\Desktop\MiniToolBox.exe
2014-09-29 15:03 - 2014-09-29 15:03 - 00448512 _____ (OldTimer Tools) C:\Users\CHB\Desktop\TFC.exe
2014-09-29 10:37 - 2013-12-22 09:12 - 00000000 ____D () C:\Users\CHB\Desktop\processhacker-2.33-bin
2014-09-28 20:52 - 2014-09-28 20:52 - 00361750 _____ () C:\Users\CHB\Desktop\quakeds_271007_r3.zip
2014-09-28 20:51 - 2014-09-28 20:51 - 00444370 _____ () C:\Users\CHB\Desktop\quake2ds_100208_r1.zip
2014-09-28 19:18 - 2014-10-01 21:39 - 00000428 _____ () C:\Users\CHB\Desktop\_SeptNOTATER.txt
2014-09-28 19:17 - 2014-09-28 19:17 - 00000048 _____ () C:\Users\CHB\Desktop\_Arbeidsplasser.txt
2014-09-27 11:09 - 2014-09-27 11:09 - 00059676 _____ () C:\Users\CHB\Desktop\MHS FileWatcher-SRC.rar
2014-09-27 11:09 - 2014-09-27 11:09 - 00033763 _____ () C:\Users\CHB\Desktop\MHS SampleBreakpointHandler.zip
2014-09-27 11:08 - 2014-09-27 11:08 - 04519627 _____ () C:\Users\CHB\Desktop\MHS6.1.rar
2014-09-27 11:08 - 2014-09-27 11:08 - 02585563 _____ () C:\Users\CHB\Desktop\MHS Help.chm
2014-09-27 11:07 - 2014-09-27 11:07 - 00439891 _____ () C:\Users\CHB\Desktop\Matlab_SynGrasp20.zip
2014-09-27 11:03 - 2014-09-27 11:03 - 01808341 _____ () C:\Users\CHB\Desktop\movx.mov
2014-09-27 10:55 - 2014-09-27 10:55 - 10743952 _____ () C:\Users\CHB\Desktop\Matlb_kinematics.zip
2014-09-27 10:53 - 2014-09-27 10:59 - 144648499 _____ () C:\Users\CHB\Desktop\VRX_Q2_CLIENT_FULL.zip
2014-09-27 10:47 - 2014-09-27 10:48 - 99748287 _____ (COR Entertainment ) C:\Users\CHB\Desktop\codered1_1.exe
2014-09-27 10:47 - 2014-09-27 10:47 - 03656618 _____ () C:\Users\CHB\Desktop\chclt305.EXE
2014-09-27 10:46 - 2014-09-27 10:46 - 01209992 _____ () C:\Users\CHB\Desktop\Gladiator.zip
2014-09-27 10:46 - 2014-09-27 10:46 - 00443335 _____ () C:\Users\CHB\Desktop\JABot-Q2-0.9.zip
2014-09-27 10:45 - 2014-09-27 10:46 - 00886001 _____ () C:\Users\CHB\Desktop\borrador2_1-bin.zip
2014-09-27 10:45 - 2014-09-27 10:46 - 00198264 _____ () C:\Users\CHB\Desktop\rambot_v48a.zip
2014-09-27 10:45 - 2014-09-27 10:46 - 00187870 _____ () C:\Users\CHB\Desktop\crbot114.zip
2014-09-27 10:45 - 2014-09-27 10:45 - 02662335 _____ () C:\Users\CHB\Desktop\eraser101.zip
2014-09-27 10:45 - 2014-09-27 10:45 - 00225344 _____ () C:\Users\CHB\Desktop\famke70.zip
2014-09-27 10:44 - 2014-09-27 10:45 - 01214014 _____ () C:\Users\CHB\Desktop\ice_10.zip
2014-09-27 10:44 - 2014-09-27 10:45 - 00326973 _____ () C:\Users\CHB\Desktop\gsb.zip
2014-09-27 10:44 - 2014-09-27 10:45 - 00282887 _____ () C:\Users\CHB\Desktop\nbot_06_2_.zip
2014-09-27 10:44 - 2014-09-27 10:44 - 00503734 _____ () C:\Users\CHB\Desktop\3ZB2.zip
2014-09-27 10:43 - 2014-09-27 10:43 - 00639496 _____ () C:\Users\CHB\Desktop\Eraser.rar
2014-09-27 10:39 - 2014-09-27 10:39 - 27257404 _____ () C:\Users\CHB\Desktop\paintball2_build037_full.exe
2014-09-27 10:38 - 2014-09-27 10:38 - 02602603 _____ () C:\Users\CHB\Desktop\lox_1_12_7_full.zip
2014-09-27 10:36 - 2014-09-27 10:36 - 00142086 _____ () C:\Users\CHB\Desktop\Q1sigbot2.zip
2014-09-27 10:36 - 2014-09-27 10:36 - 00131072 _____ () C:\Users\CHB\Desktop\Q1trmbot09.zip
2014-09-27 10:36 - 2014-09-27 10:36 - 00070837 _____ () C:\Users\CHB\Desktop\Q1StoogeBot.zip
2014-09-27 10:34 - 2014-09-27 10:34 - 01239808 _____ () C:\Users\CHB\Desktop\Quake-1 QWterminator.zip
2014-09-27 10:33 - 2014-09-27 10:33 - 03205138 _____ () C:\Users\CHB\Desktop\Q1Mystery Bot.zip
2014-09-27 10:31 - 2014-09-27 10:31 - 00453067 _____ () C:\Users\CHB\Desktop\q2-zgh-frknocheat2.34.rar
2014-09-27 10:31 - 2014-09-27 10:31 - 00051473 _____ () C:\Users\CHB\Desktop\rehackedratbot.rar
2014-09-27 10:31 - 2014-09-27 10:31 - 00047607 _____ () C:\Users\CHB\Desktop\zbot.zip
2014-09-27 10:31 - 2014-09-27 10:31 - 00021747 _____ () C:\Users\CHB\Desktop\zorbot.zip
2014-09-27 10:30 - 2014-09-27 10:30 - 00268452 _____ () C:\Users\CHB\Desktop\q2xania-v0.4.0e.zip
2014-09-27 10:24 - 2014-09-27 10:24 - 00126595 _____ () C:\Users\CHB\Desktop\Q3Wallhack0_3_autoshoot_.zip
2014-09-27 10:21 - 2014-09-27 10:21 - 08979142 _____ () C:\Users\CHB\Desktop\lokobot_014.zip
2014-09-27 10:18 - 2014-09-27 10:18 - 00448044 _____ () C:\Users\CHB\Desktop\JABot-Q2-0.9.3.zip
2014-09-27 10:18 - 2014-09-27 10:18 - 00345700 _____ () C:\Users\CHB\Desktop\ace008_src.zip
2014-09-26 22:10 - 2014-09-26 22:10 - 38097963 _____ () C:\Users\CHB\Desktop\ScreenSavers-Legway.mpg
2014-09-26 22:09 - 2014-09-26 22:09 - 02052096 _____ () C:\Users\CHB\Desktop\LegWayLineFollow.avi
2014-09-26 22:09 - 2014-09-26 22:09 - 01933824 _____ () C:\Users\CHB\Desktop\LegWaySpinner.avi
2014-09-26 22:07 - 2014-09-26 22:07 - 00003595 _____ () C:\Users\CHB\Desktop\Lego legway.c
2014-09-26 21:54 - 2014-09-26 21:55 - 00000290 _____ () C:\Users\CHB\Desktop\Musikk lignende Massive Attack.txt
2014-09-26 17:11 - 2014-09-26 17:11 - 00001248 _____ () C:\Users\CHB\Desktop\Newton-meter & Newton-cm.txt
2014-09-24 23:16 - 2014-09-24 23:16 - 00001506 _____ () C:\Users\CHB\Desktop\_Anim8or Tips & Tool tips.lnk
2014-09-24 16:31 - 2014-09-24 16:32 - 00000000 ____D () C:\Users\CHB\Desktop\_Sorteres- El-utladninger, ionisering

osv
2014-09-24 15:37 - 2014-09-24 15:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

Reader XI.lnk
2014-09-23 22:50 - 2014-10-01 19:45 - 00000047 _____ () C:\Users\CHB\Desktop\_BACHELORSTATUS.txt
2014-09-23 22:46 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 22:46 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 20:08 - 2014-09-21 20:09 - 22959730 _____ () C:\Users\CHB\Desktop\007tgb4beta.exe
2014-09-21 09:54 - 2014-09-21 09:54 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Process Hacker 2
2014-09-20 23:14 - 2014-10-01 20:41 - 00001885 _____ () C:\Users\CHB\Desktop\Process Hacker 2.lnk
2014-09-20 23:14 - 2014-09-20 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process

Hacker 2
2014-09-20 23:14 - 2014-09-20 23:14 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-09-19 16:18 - 2014-09-19 16:18 - 00000472 _____ () C:\Users\CHB\Desktop\Quaternion animasjonstips.txt
2014-09-18 23:18 - 2014-09-18 23:19 - 00683350 _____ () C:\Users\CHB\Desktop\unicodeDictionary.txt
2014-09-18 19:01 - 2014-09-18 19:01 - 09659798 _____ () C:\Users\Public\Desktop\fsdiag.zip
2014-09-18 18:54 - 2014-09-18 18:54 - 09624054 _____ () C:\Users\Public\Desktop\fsdiag1.tar.gz
2014-09-18 12:27 - 2014-09-18 12:27 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\com0com
2014-09-18 12:27 - 2014-09-18 12:27 - 00000000 ____D () C:\Program Files (x86)\com0com
2014-09-18 12:18 - 2014-09-18 12:18 - 01788108 _____ () C:\Users\CHB\Desktop\asdlemul2.zip
2014-09-18 11:40 - 2014-09-18 11:40 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\HW group
2014-09-18 11:40 - 2014-09-18 11:40 - 00000000 ____D () C:\Program Files (x86)\HW group
2014-09-18 11:40 - 2010-04-19 13:53 - 00067072 _____ (ELTIMA Software) C:\Windows\system32\Drivers\evserial.sys
2014-09-18 11:40 - 2010-04-19 13:53 - 00032768 _____ (ELTIMA Software) C:\Windows\system32\Drivers\evsbc.sys
2014-09-17 23:32 - 2014-09-17 23:32 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\TrojanHunter
2014-09-17 22:47 - 2014-09-17 22:47 - 00043781 _____ () C:\Users\CHB\Desktop\dds.txt
2014-09-17 22:47 - 2014-09-17 22:47 - 00036022 _____ () C:\Users\CHB\Desktop\attach.txt
2014-09-17 14:03 - 2014-09-17 23:38 - 00009063 _____ () C:\Users\CHB\Desktop\VIRUSHENDELSE_NOTAT_HUSK BILDER.txt
2014-09-17 12:04 - 2014-09-24 12:05 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Internet Security
2014-09-17 12:03 - 2014-09-17 12:03 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-09-17 11:18 - 2014-09-17 11:18 - 00001330 _____ () C:\Windows\DIFx.log
2014-09-17 11:18 - 2014-09-17 11:18 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-09-17 11:18 - 2014-09-17 11:18 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-15 12:40 - 2014-09-15 12:43 - 00000000 ____D () C:\Users\CHB\AppData\Local\GOG.com
2014-09-14 23:55 - 2014-10-01 20:33 - 00001217 _____ () C:\Users\CHB\Desktop\_BACHELOR- AVGJØR SNAREST.txt
2014-09-14 10:52 - 2014-09-14 10:52 - 03020282 _____ () C:\Users\CHB\Desktop\vsgdemo.wmv
2014-09-12 19:27 - 2014-09-12 19:27 - 00001260 _____ () C:\Users\CHB\Desktop\Sawdust Jacket Filler for Heat.txt
2014-09-12 19:24 - 2014-09-12 19:24 - 00002006 _____ () C:\Users\CHB\Desktop\NOVEL MAGNETIC LEVITATION TRAIN

PROPULSION SYSTEM.txt
2014-09-12 19:23 - 2014-09-12 19:23 - 00001753 _____ () C:\Users\CHB\Desktop\A Creative Solution for Division by

Zero.txt
2014-09-12 19:23 - 2014-09-12 19:23 - 00001663 _____ () C:\Users\CHB\Desktop\DEVELOPING A CIPHER BASED ON VARIATION

BETWEEN NON-BASE 10 NUMBER SYSTEMS.txt
2014-09-11 23:54 - 2014-09-11 23:55 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\GameMaker-Studio
2014-09-11 20:43 - 2014-09-19 20:27 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\qfsm
2014-09-11 20:43 - 2014-09-11 20:45 - 00000000 ____D () C:\Users\CHB\.qfsm
2014-09-11 20:43 - 2014-09-11 20:43 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Qfsm
2014-09-11 10:38 - 2014-09-30 08:09 - 00000520 _____ () C:\Windows\netdet.ini
2014-09-11 10:33 - 2014-09-11 10:33 - 00000150 _____ () C:\AUTOEXEC.BAT
2014-09-11 10:33 - 2014-09-11 10:33 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Cinderella SDL
2014-09-11 10:33 - 2014-09-11 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Cinderella SDL
2014-09-11 10:33 - 2001-03-13 15:53 - 00077878 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2014-09-11 10:33 - 2000-03-07 01:00 - 00278581 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2014-09-11 10:33 - 1999-09-30 00:08 - 00466944 _____ (Softlocx) C:\Windows\SysWOW64\Softlocx3.ocx
2014-09-10 23:51 - 2014-09-10 23:53 - 00000000 ____D () C:\Users\CHB\Documents\DynamicsForSpaceClaim
2014-09-10 23:48 - 2014-09-10 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Dynamics for SpaceClaim
2014-09-10 15:30 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:30 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 15:30 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:30 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:30 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwcollectorres.dll
2014-09-10 15:30 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 15:30 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:30 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:30 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:30 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:30 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:30 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:30 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 15:30 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:30 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:30 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:30 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:30 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:30 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:30 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 15:30 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows

\system32\MsSpellCheckingFacility.exe
2014-09-10 15:30 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:30 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 15:30 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows

\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:30 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 15:30 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 15:30 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 15:30 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 15:30 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:30 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:30 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 15:30 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 15:30 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:30 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 15:30 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 15:30 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 15:30 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 15:30 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:30 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:30 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:30 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:30 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 15:30 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 15:30 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 15:30 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 15:30 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:30 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 15:30 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:30 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 15:30 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 15:30 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 15:30 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:30 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 15:30 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 15:30 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 15:30 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 15:09 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 15:09 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 10:25 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 10:25 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 10:24 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 10:24 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 10:24 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 10:24 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 10:24 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 10:24 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 10:24 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 13:42 - 2014-09-09 13:42 - 00132912 _____ () C:\Users\CHB\Desktop\PolyMesh_from_Nurbs__1.obj
2014-09-09 13:21 - 2014-09-09 13:21 - 00000000 ____D () C:\Users\CHB\AppData\Local\.altair_licensing
2014-09-09 13:21 - 2014-09-09 13:21 - 00000000 ____D () C:\ProgramData\altair
2014-09-09 12:58 - 2014-09-09 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve

2014 3875 (64-bit)
2014-09-08 19:50 - 2014-09-08 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S2
2014-09-08 19:49 - 2014-09-08 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Parallax Inc
2014-09-08 19:47 - 2014-09-08 22:38 - 00000000 ____D () C:\Users\CHB\AppData\Local\Parallax
2014-09-08 11:16 - 2014-09-08 11:50 - 00000000 ____D () C:\Users\CHB\Documents\StarCitizen
2014-09-08 11:16 - 2014-09-08 11:16 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\StarCitizen
2014-09-07 23:02 - 2014-09-07 23:01 - 00013221 _____ () C:\Users\CHB\Desktop\mictelem_zip.zip
2014-09-07 18:15 - 2014-09-11 20:43 - 00000000 ____D () C:\Users\CHB\Desktop\FSM programmer
2014-09-03 06:49 - 2014-09-03 06:49 - 00169984 _____ (Prolific Technology Inc.) C:\Windows\system32\Drivers

\ser2pl64.sys
2014-09-03 00:08 - 2014-09-03 00:08 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\ShurikSoft
2014-09-01 11:25 - 2014-10-01 15:29 - 00000000 ____D () C:\Users\CHB\AppData\Local\VMware
2014-09-01 11:24 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-09-01 11:24 - 2014-06-12 18:21 - 00033496 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2014-09-01 11:24 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-09-01 11:24 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-09-01 11:24 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-09-01 11:21 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-09-01 11:21 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-09-01 11:21 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-09-01 11:21 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-09-01 11:21 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-09-01 11:21 - 2014-02-27 18:40 - 00038720 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmusb.sys
2014-09-01 11:20 - 2014-09-01 11:20 - 00001853 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2014-09-01 11:20 - 2014-09-01 11:20 - 00000000 ____D () C:\Program Files\Common Files\VMware

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 21:53 - 2009-07-14 06:45 - 00026208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-

5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 21:53 - 2009-07-14 06:45 - 00026208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-

5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-01 21:50 - 2009-07-14 07:13 - 00815900 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-01 21:49 - 2012-08-25 12:55 - 02015086 _____ () C:\Windows\WindowsUpdate.log
2014-10-01 21:46 - 2013-09-24 12:47 - 00000542 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2014-10-01 21:45 - 2013-02-07 14:04 - 00000000 ____D () C:\ProgramData\VMware
2014-10-01 21:45 - 2013-01-05 00:02 - 00447344 _____ () C:\Windows\PFRO.log
2014-10-01 21:45 - 2013-01-05 00:02 - 00072948 _____ () C:\Windows\setupact.log
2014-10-01 21:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 21:15 - 2012-09-14 21:04 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-10-01 20:55 - 2012-09-02 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-01 20:41 - 2012-08-25 22:54 - 00000000 ____D () C:\Users\CHB\Documents\Outlook Files
2014-10-01 20:19 - 2012-09-08 21:33 - 00000000 ____D () C:\Users\CHB\AppData\Local\Downloaded Installations
2014-10-01 20:17 - 2013-03-11 20:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-01 20:17 - 2012-09-02 18:38 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Media Player Classic
2014-10-01 19:38 - 2012-11-13 22:18 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Skype
2014-10-01 19:36 - 2012-08-26 00:28 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Macromedia
2014-10-01 13:34 - 2014-02-15 20:43 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\VMware
2014-09-30 23:44 - 2013-06-26 19:51 - 00000000 ____D () C:\Users\CHB\AppData\Local\Arma 3
2014-09-29 11:27 - 2013-01-09 00:15 - 00000000 ____D () C:\Users\CHB\Documents\Visual Studio 2010
2014-09-28 17:14 - 2012-11-18 13:57 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\vlc
2014-09-25 22:51 - 2012-08-25 22:44 - 00000000 ____D () C:\Users\CHB\AppData\Local\VirtualStore
2014-09-25 22:45 - 2012-09-06 20:24 - 00000000 ____D () C:\Users\CHB\Documents\Mine skanninger
2014-09-25 12:38 - 2012-09-04 16:49 - 00005161 _____ () C:\Users\Public\Documents\Global.sw2
2014-09-24 21:09 - 2014-07-02 00:33 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Adobe
2014-09-24 16:24 - 2014-05-21 00:07 - 00006419 _____ () C:\Users\CHB\Desktop\CINT-spm-valg.txt
2014-09-24 15:52 - 2014-08-30 16:24 - 00000000 ____D () C:\Users\CHB\Desktop\John Gabriel maths
2014-09-24 13:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-24 12:11 - 2013-06-24 01:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows

\SysWOW64\FlashPlayerApp.exe
2014-09-24 12:11 - 2013-06-24 01:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows

\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 12:05 - 2009-07-14 06:45 - 01452864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-20 22:51 - 2014-04-29 11:03 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\.doomseeker
2014-09-19 11:47 - 2013-04-22 15:33 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Dropbox
2014-09-19 11:47 - 2013-04-22 15:29 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Dropbox
2014-09-19 09:03 - 2014-07-25 11:23 - 00000000 ____D () C:\Program Files (x86)\Universal Extractor
2014-09-18 12:44 - 2014-07-17 21:07 - 00155401 _____ () C:\Users\CHB\Desktop\pcb-router.zip
2014-09-18 12:25 - 2012-09-02 15:29 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-18 11:44 - 2013-02-22 13:54 - 00424274 _____ () C:\Windows\DPINST.LOG
2014-09-18 11:43 - 2012-08-25 16:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation

Information
2014-09-18 11:38 - 2013-01-26 14:12 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-18 11:36 - 2013-02-22 13:54 - 00000000 ____D () C:\Program Files\DIFX
2014-09-16 14:58 - 2014-02-16 01:01 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Bink and Smacker
2014-09-16 14:58 - 2014-02-16 01:01 - 00000000 ____D () C:\Program Files (x86)\RADVideo
2014-09-15 18:50 - 2012-08-25 22:44 - 00364168 _____ () C:\Users\CHB\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-15 12:52 - 2014-05-16 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-09-15 12:52 - 2014-01-31 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 10:18 - 2014-06-12 21:09 - 00000750 _____ () C:\Users\CHB\Desktop\_TODOTODOTODO_paywalled.txt
2014-09-11 23:55 - 2012-09-08 22:31 - 00000000 ____D () C:\Users\CHB\AppData\Local\GameMaker-Studio
2014-09-11 23:51 - 2014-02-16 00:00 - 00000000 ____D () C:\Users\CHB\AppData\Local\GameMaker-Studio-Early-Access
2014-09-11 20:43 - 2012-08-25 22:44 - 00000000 ____D () C:\Users\CHB
2014-09-10 23:48 - 2014-02-21 14:38 - 00000000 ____D () C:\Program Files\SpaceClaim
2014-09-10 17:47 - 2014-06-05 19:12 - 00000226 _____ () C:\Users\CHB\Desktop\__Fxixixffixifixfix.txt
2014-09-10 15:29 - 2012-08-25 21:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:28 - 2012-08-25 16:47 - 00800210 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 15:26 - 2013-08-03 13:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 15:10 - 2012-08-25 16:52 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 13:21 - 2014-02-20 22:15 - 00000000 ____D () C:\Users\CHB\AppData\Local\solidThinking
2014-09-09 13:21 - 2012-09-03 01:28 - 00000000 ____D () C:\Users\CHB\Documents\solidThinking
2014-09-08 11:16 - 2012-11-11 18:53 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-07 19:52 - 2012-09-01 18:26 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Games
2014-09-05 16:16 - 2012-12-06 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-01 23:03 - 2014-07-05 04:21 - 00000480 _____ () C:\Users\CHB\Desktop\_!_!_!_STATUS-JULI.txt
2014-09-01 17:05 - 2013-01-03 13:04 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Nitro PDF
2014-09-01 10:39 - 2012-09-04 17:53 - 00000121 _____ () C:\Windows\Microwin.ini

Files to move or delete:
====================
C:\Users\CHB\DropTeamServerExtras.dat
C:\Users\CHB\DropTeamSettings.dat
C:\Users\CHB\DropTeamTips.dat


Some content of TEMP:
====================
C:\Users\CHB\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {423c28c7-eef6-11e1-bf61-d17c58fee3f7}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 25

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {423c28c9-eef6-11e1-bf61-d17c58fee3f7}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {423c28c7-eef6-11e1-bf61-d17c58fee3f7}
nx                      OptIn
bootlog                 Yes
sos                     No

Windows Boot Loader
-------------------
identifier              {423c28c9-eef6-11e1-bf61-d17c58fee3f7}

Resume from Hibernate
---------------------
identifier              {423c28c7-eef6-11e1-bf61-d17c58fee3f7}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {423c28ca-eef6-11e1-bf61-d17c58fee3f7}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\423c28c9-eef6-11e1-bf61-d17c58fee3f7\boot.sdi



LastRegBack: 2014-09-26 17:30

==================== End Of Log ============================

Attached Files


Edited by inputoutput, 01 October 2014 - 03:24 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 02 October 2014 - 07:45 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicyUsers\S-1-5-21-143089826-2696377215-1423231580-1003\User: Group Policy restriction detected <=======
Toolbar: HKLM - No Name - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} -  No File
\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.26.dll No File
Toolbar: HKLM-x32 - No Name - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} -  No File
Toolbar: HKCU - No Name - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
\npPandoWebPlugin.dll No File
FF user.js: detected! => C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
S3 <NtDriverName>; \SystemRoot\System32\Drivers\<NtDriverName>.sys [X]
S0 Achernar; system32\Drivers\Achernar.sys [X]
S3 Aldebaran; \??\C:\Windows\system32\Drivers\Aldebaran.sys [X]
R3 ALSysIO; \??\C:\Users\CHB\AppData\Local\Temp\ALSysIO64.sys [X]
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [X]
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
S3 s7oefs_x; \SystemRoot\System32\drivers\s7oefs_x.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
S3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 XHCIPort; system32\DRIVERS\XHCIPort.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:590AF7FD
AlternateDataStreams: C:\ProgramData\TEMP:76650B61
AlternateDataStreams: C:\ProgramData\TEMP:890CC2F3
AlternateDataStreams: C:\ProgramData\TEMP:DDE29E40

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#8 inputoutput

inputoutput
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 03 October 2014 - 08:04 AM

This post is made on different computer. After following the FRST shotgun-approach/fix, the PC bluescreens under boot-sequence.

The boot error message says:

 

"Status: 0xc000000e

Info: The boot selection failed because a required device is inaccessible."

 

I checked the boot device, order etc. Everything seems fine in the BIOS.

I tried to boot without any external devices connected.

I tried the automatic Startup repair wizard on my Win.7 Recovery disc, it gave the following message:

 

"The following startup option will be repaired:

Name: Windows Boot Manager

Identifier: {9DEA862C-5CDD-4E70-ACC1-F32B344D4795}

 

The following startup options will be added:

Name: Windows Revocery Environment (recovered)

Path: Recovery\423c28c9-eef6-11e1-bf61-d17c58fee3f7\Winre.wim

Windows device: Partiton=E: (228801 MB)

 

A copy of the current boot configuration data will be saved as: C:\Boot\BCD.backup.0001"

 

 

I restarted the PC => it did not help.

During a re-run of the repair wizard, the wizard crashed giving the following message:

 

"Startup Repair cannot repair this computer automatically

 

Problem signature:

Problem Event Name: StartupRepairOffline

Problem Signature 01: 6.1.7600.16385

Problem Signature 02: 6.1.7600.16385

Problem Signature 03: unknown

Problem Signature 04: -1

Problem Signature 05: SystemDisk

Problem Signature 06: 1

Problem Signature 07: NoOsInstalled

OS Version: 6.1.7600.2.0.0.256.1"

 

I tried "Bootrec.exe /FixBoot" in the Command window started from the Recovery Disc. I restarted the PC => it did not help.

From the Recovery disc I tried to do system restore and also to do restore from previous image but no restore points or images were found.

I tried the command " sfc /scannow " in Command window started from the recovery disc, it could not complete due to a "pending repair", thus it did not help.

I then wanted to try a OS repair\re-install but that is not possible from boot.

 

I managed to open the FRST log when booting from the Win.7 recovery disc, it says most entries were deleted, a few were moved. Perhaps I can send the log file to a USB and post it here.

When booting the program Partition Commander to look at the HDDs, it seems the C: drive has been remapped to E: and there exists a new C: partition labeled System Reserved, with a total "disc" space of 135 MB. Partition E: was was shown to be " inactive " and without a label, while C: being shown as " active ".

 

I guess the PC failing to find the OS and the rest of the C: drive if it's correct that the drive now exists as E: .  What else might be wrong?

Perhaps I should take a close look at the BCD or give another recovery disc a go... A clean Win.7 install is out of the question.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 03 October 2014 - 08:58 AM

This is not caused by malware and is not my forte.

I suggest you start a new topic in the Internal hardware forum
http://www.bleepingcomputer.com/forums/forum7.html

A more experience helper should be able to help better than I can.

#10 inputoutput

inputoutput
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 03 October 2014 - 09:14 AM

I suspect it was caused by the deletion (it's what FRST did, yes?) of what appears to be system files (but I don't really know)...

Ok. I will try to solve this myself and then run the last step regarding the tool Security Check.

 

For what it's worth, my sources for trying to fix the error(s) are:

http://superuser.com/questions/469793/the-boot-selection-failed-because-a-required-device-is-inaccessible-0xc000000e

http://www.twm-kd.com/software/repairing-windows-7-when-they-fail-to-boot/

http://forums.petri.com/showthread.php?t=42099# 

http://minasi.com/forum/topic.asp?TOPIC_ID=38743

 

Hopefully the info. contained there will be enough.


Edited by inputoutput, 03 October 2014 - 01:34 PM.


#11 inputoutput

inputoutput
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 03 October 2014 - 01:34 PM

Problem fixed. In Win. Recovery Environment (Recovery Disk), Command window => " bcdboot d:\windows " fixed the problem at the expense of getting a new BCD with fewer entries than the original. Messing around with the BCD entries manually as per instructions in the links did not cut it in my case.

 

The next boot let me choose to use last known good configuration (sys. restore point) and the PC now starts normally.

 

That means I probably should do the scans one more time, nasdaq?


Edited by inputoutput, 04 October 2014 - 06:13 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 04 October 2014 - 07:57 AM

Good work.

Run the fix as suggested in post no 7.

===

After the restart of the computer run the Farbar tool normally and post a fresh FRST log for my review.

#13 inputoutput

inputoutput
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 04 October 2014 - 06:32 PM

Ok so I tried the FRST fixlist several times with bluescreens during boot and tracked down the cause. Removal of "Achernar.sys" or more probably it's Registry Entry made the PC unable to boot. According to http://windowssecrets.com/forums/showthread.php/157263-Windows-7-unwanted-driver-achernar-sys and http://www.symantec.com/connect/forums/achernarsys the file is not strictly needed by Win.7 but might be depended upon by RAID controllers (my PC don't use RAID) and HP ScanJet 5590 Scanner. I use that scanner.

 

I removed the entry from fixlist.txt and ran the fix, the system rebooted fine. Now, however, the file is gone from the system32/drivers/ folder as instructed in the original fixlist.txt but the registry entry for Achernar.sys is still present - I guess, judging by info in those links, the reg-key has to be present for the system to boot.

 

Here is the fresh FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by CHB (administrator) on SUNSTORMEXPRESS on 05-10-2014 01:26:33
Running from C:\Users\CHB\Desktop\FRST64
Loaded Profile: CHB (Available profiles: admin & CHB)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSHDLL32.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSHDLL64.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nidevldu.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipxism.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(VMware, Inc.) D:\Program Files (x86)\VMWare\VMWare Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSM32.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FNRB32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FIH32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IDEVFH) C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-04-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\Common\FSM32.EXE [301680 2009-11-26] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure TNB] => C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe [1653360 2009-11-26] (F-Secure Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UnlockerAssistant] => D:\Utils & drivers\Unlocker\UnlockerAssistant.exe [15872 2010-03-09] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-143089826-2696377215-1423231580-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
SearchScopes: HKCU - {75CDBB7D-3629-454C-A2FA-D27EDB79058B} URL = http://www.ha.com/c/search.zx?txtSearch={searchTerms}
SearchScopes: HKCU - {77DCA67A-85B3-4145-87D9-EB4694AD5D6A} URL = http://addons.alltheinternet.com/texis/open/search?q={searchTerms}
SearchScopes: HKCU - {C71B3333-CC70-4089-B365-842CC9F069BC} URL = http://www.ehow.com/search.aspx?s={searchTerms}
SearchScopes: HKCU - {E86BEB5F-488C-49A2-9C21-723C4ED5A22B} URL = http://www.scribd.com/opensearch?query={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> d:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Browsing Protection Class -> {C6867EB7-8350-4856-877F-93CF8AE3DC9C} -> C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.26.dll No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - d:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.26.dll No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.213.112.4 130.67.15.198
Tcpip\..\Interfaces\{BDDAC08C-3026-4E58-921E-7F0C91C832B8}: [NameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default
FF Homepage: about:sessionrestore
FF NetworkProxy: "backup.ftp", "117.218.37.18"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "117.218.37.18"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "117.218.37.18"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "111.119.233.129"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "111.119.233.129"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "111.119.233.129"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "111.119.233.129"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} -> C:\Users\CHB\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win64.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win64.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF Extension: CacheViewer2 - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\cacheview2@scriptkitz.ml [2014-09-12]
FF Extension: Fastest Search - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\fastestsearch@mingyi.org [2014-02-19]
FF Extension: HTTPS-Everywhere - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\https-everywhere@eff.org [2014-09-16]
FF Extension: DOM Inspector - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\inspector@mozilla.org [2013-12-23]
FF Extension: TooManyTabs - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\TooManyTabs@visibotech.com [2014-06-07]
FF Extension: Visual Studio Test Helper - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\visualstudiotesthelper@microsoft.com [2013-01-09]
FF Extension: EPUBReader - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-22]
FF Extension: Memory Fox - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2014-06-26]
FF Extension: Disconnect - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\2.0@disconnect.me.xpi [2013-12-22]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-08-30]
FF Extension: Ghostery - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\firefox@ghostery.com.xpi [2013-08-19]
FF Extension: IP to Geolocation - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\firefox@ip-api.com.xpi [2013-12-22]
FF Extension: Google Disconnect - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\google@disconnect.me.xpi [2012-08-30]
FF Extension: Grab Them All - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\grabthemall@zelazko.info.xpi [2013-01-02]
FF Extension: Inspect Context - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\inspectcontext@max.max.xpi [2013-12-22]
FF Extension: ipbleep - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\ipbleep@p4ul.info.xpi [2013-12-22]
FF Extension: Enhanced Steam - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2013-12-22]
FF Extension: Frame-it Plugin - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\jid1-aqjpDA0DEol5kg@jetpack.xpi [2013-01-04]
FF Extension: Lightbeam - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-01-02]
FF Extension: Idderall - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\jid1-u6nQDbYs4ZJDAy@jetpack.xpi [2013-12-22]
FF Extension: google-no-tracking-url - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2012-12-30]
FF Extension: KillSpinners - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\killspinners@byo.co.il.xpi [2013-12-22]
FF Extension: Clickjacking Reveal - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\no-clickjacking@daohoangson.com.xpi [2013-12-22]
FF Extension: Prevent Out Of Virtual Memory Crashes - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\PreventOutOfVirtualMemoryCrashes@ZXSpectrum.xpi [2014-06-26]
FF Extension: Referrer Control - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\referrercontrol@qixinglu.com.xpi [2013-12-22]
FF Extension: Stacked Inspector - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\stackedinspector@example.com.xpi [2013-12-22]
FF Extension: Suspend Tab - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\suspendtab@piro.sakura.ne.jp.xpi [2014-06-26]
FF Extension: Resurrect Pages - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2012-09-01]
FF Extension: Session Manager - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-06-30]
FF Extension: SettingSanity - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{12A60D0F-0077-4F41-81B2-1286DDD278BB}.xpi [2013-12-22]
FF Extension: FlashGot - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-08-30]
FF Extension: NoScript - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-08-30]
FF Extension: YouTube High Definition - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF Extension: Adblock Plus - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-30]
FF Extension: BetterPrivacy - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-08-30]
FF Extension: Extended Statusbar - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2012-08-30]
FF Extension: Edit Cookies - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2013-01-02]
FF Extension: Redirect Remover - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [litmus-ff@f-secure.com] - C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-secure.com
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-secure.com [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-09]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EvoSvc; d:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-17] (Echobit LLC)
R2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [219760 2009-11-26] (F-Secure Corporation)
R3 F-Secure Network Request Broker; C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [166512 2009-11-26] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [844400 2009-11-26] (F-Secure Corporation)
R2 FSMA; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [186992 2009-11-26] (F-Secure Corporation)
R3 FSORSPClient; C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [60352 2013-06-05] (F-Secure Corporation)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-25] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-10] (National Instruments Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
S2 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
R2 nidevldu; C:\Windows\SysWOW64\nidevldu.exe [102040 2013-03-04] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
S2 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [176512 2013-06-19] (National Instruments Corporation)
R2 nipxirmu; C:\Windows\SysWOW64\nipxism.exe [19056 2013-03-14] (National Instruments Corporation)
R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230920 2012-10-01] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46080 2013-07-09] () [File not signed]
S4 SbieSvc; d:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 VMAuthdService; D:\Program Files (x86)\VMWare\VMWare Player\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.) [File not signed]
R3 com0com; C:\Windows\System32\DRIVERS\com0com.sys [87736 2012-11-02] (Vyacheslav Frolov)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-01-10] (Echobit, LLC)
S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2010-04-19] (ELTIMA Software)
S4 F-Secure Filter; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [39792 2009-11-26] ()
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [202176 2013-07-11] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [57936 2009-11-26] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [25200 2009-11-26] ()
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2012-08-25] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [33408 2012-08-25] ()
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [92176 2009-11-26] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [14904 2009-11-26] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-25] (GFI Software)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
S3 ibtfltcoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [60928 2012-07-09] (Intel Corporation) [File not signed]
S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [14748416 2012-03-26] (Intel Corporation) [File not signed]
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
S3 lvalarmk; C:\Windows\system32\drivers\lvalarmk.sys [27528 2013-06-17] (National Instruments Corporation)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MiniProWdf; C:\Windows\System32\DRIVERS\MiniProWdf.sys [17216 2012-06-22] (http://www.autoelectric.cn)
S3 ni1006k; C:\Windows\system32\drivers\ni1006k.sys [30800 2013-02-12] (National Instruments Corporation)
S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [12984 2013-02-12] (National Instruments Corporation)
S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [27832 2013-02-12] (National Instruments Corporation)
S3 nicdcck; C:\Windows\system32\drivers\nicdcckl.sys [12992 2012-07-23] (National Instruments Corporation)
S3 nicdrk; C:\Windows\system32\drivers\nicdrkl.sys [11864 2011-07-21] (National Instruments Corporation)
S3 nicmrk; C:\Windows\system32\drivers\nicmrkl.sys [13456 2013-06-25] (National Instruments Corporation)
S3 nicondrk; C:\Windows\system32\drivers\nicondrkl.sys [13416 2013-06-25] (National Instruments Corporation)
S3 nicsrk; C:\Windows\system32\drivers\nicsrkl.sys [15176 2013-06-25] (National Instruments Corporation)
R3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [13000 2012-06-28] (National Instruments Corporation)
S3 nidmxfk; C:\Windows\system32\drivers\nidmxfkl.sys [13416 2013-03-04] (National Instruments Corporation)
S3 nidsark; C:\Windows\system32\drivers\nidsarkl.sys [13432 2013-02-13] (National Instruments Corporation)
S3 niemrk; C:\Windows\system32\drivers\niemrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 niesrk; C:\Windows\system32\drivers\niesrkl.sys [15176 2013-06-25] (National Instruments Corporation)
R3 NIEthernetDeviceEnumerator; C:\Windows\System32\DRIVERS\niede.sys [38064 2010-06-15] (National Instruments Corporation)
R3 nimdbgk; C:\Windows\system32\drivers\nimdbgkl.sys [13000 2012-06-28] (National Instruments Corporation)
R3 nimru2k; C:\Windows\system32\drivers\nimru2kl.sys [13008 2012-06-28] (National Instruments Corporation)
S3 nimsdrk; C:\Windows\system32\drivers\nimsdrkl.sys [13480 2013-03-04] (National Instruments Corporation)
S3 nimstsk; C:\Windows\system32\drivers\nimstskl.sys [13448 2013-03-04] (National Instruments Corporation)
R3 nimxdfk; C:\Windows\system32\drivers\nimxdfkl.sys [12984 2012-06-28] (National Instruments Corporation)
S3 nimxpk; C:\Windows\system32\drivers\nimxpkl.sys [13448 2013-03-04] (National Instruments Corporation)
S3 ninshsdk; C:\Windows\system32\drivers\ninshsdkl.sys [13000 2012-10-09] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [12992 2012-06-28] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [13624 2012-12-19] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [926992 2012-12-19] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [13624 2012-12-19] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [16984 2012-12-18] (National Instruments Corporation)
R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [87288 2013-02-11] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [70336 2013-03-06] (National Instruments Corporation)
S3 nipxigpk; C:\Windows\system32\drivers\nipxigpk.sys [22680 2011-08-09] (National Instruments Corporation)
R2 nipxirmk; C:\Windows\system32\drivers\nipxirmkl.sys [13432 2013-03-14] (National Instruments Corporation)
S3 niraptrk; C:\Windows\system32\drivers\niraptrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 niraptrkw; C:\Windows\System32\DRIVERS\niraptrkw.sys [14664 2013-06-25] (National Instruments Corporation)
S3 niscdk; C:\Windows\system32\drivers\niscdkl.sys [12984 2012-03-07] (National Instruments Corporation)
S3 nisdigk; C:\Windows\system32\drivers\nisdigkl.sys [12960 2012-07-02] (National Instruments Corporation)
S3 nisftk; C:\Windows\system32\drivers\nisftkl.sys [12952 2012-06-01] (National Instruments Corporation)
S3 nispdk; C:\Windows\system32\drivers\nispdkl.sys [12984 2012-03-07] (National Instruments Corporation)
S3 nissrk; C:\Windows\system32\drivers\nissrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 nistc2k; C:\Windows\system32\drivers\nistc2kl.sys [11824 2009-01-05] (National Instruments Corporation)
S3 nistc3rk; C:\Windows\system32\drivers\nistc3rkl.sys [13416 2013-02-07] (National Instruments Corporation)
S3 nistcrk; C:\Windows\system32\drivers\nistcrkl.sys [12968 2011-07-18] (National Instruments Corporation)
S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [15176 2013-05-24] (National Instruments Corporation)
S3 nitiork; C:\Windows\system32\drivers\nitiorkl.sys [13440 2013-02-07] (National Instruments Corporation)
S3 niufurk; C:\Windows\system32\drivers\niufurkl.sys [13008 2012-10-08] (National Instruments Corporation)
S3 niufurkw; C:\Windows\System32\DRIVERS\niufurkw.sys [12496 2012-10-08] (National Instruments Corporation)
S3 niwfrk; C:\Windows\system32\drivers\niwfrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 nixsrk; C:\Windows\system32\drivers\nixsrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [95552 2004-01-26] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
S3 PVUSB; C:\Windows\System32\DRIVERS\CESG64.sys [63808 2007-02-19] (CASIO COMPUTER CO.,LTD.)
S3 SbieDrv; d:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-21] (Synaptics Incorporated)
U5 UnlockerDriver5; D:\Utils & drivers\Unlocker\UnlockerDriver5.sys [4096 2010-03-09] () [File not signed]
R3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2010-04-19] (ELTIMA Software)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [260608 2012-02-27] (Jungo)
S0 Achernar; system32\Drivers\Achernar.sys [X]
R3 ALSysIO; \??\C:\Users\CHB\AppData\Local\Temp\ALSysIO64.sys [X]
U5 SNTIE; C:\Windows\SysWOW64\Drivers\SNTIE.sys [172032 2004-05-28] (Siemens AG) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 01:13 - 2014-10-05 01:13 - 00000000 ____D () C:\Users\CHB\Desktop\Autoruns
2014-10-05 00:58 - 2014-10-05 00:58 - 00511633 _____ () C:\Users\CHB\Desktop\Autoruns.zip
2014-10-04 15:56 - 2014-10-04 15:56 - 00000000 ____D () C:\Users\CHB\AppData\Local\SearchProtect
2014-10-04 15:56 - 2014-10-04 15:56 - 00000000 _____ () C:\END
2014-10-02 20:29 - 2014-10-02 20:29 - 00000101 _____ () C:\Users\CHB\Desktop\_0 HELSETILSKUDD-PLAN.txt
2014-10-02 20:24 - 2014-10-04 15:15 - 00854436 _____ () C:\Users\CHB\Desktop\SecurityCheck.exe
2014-10-02 17:51 - 2014-10-02 17:51 - 00020992 _____ () C:\Users\CHB\Desktop\3D test 4th ed (rot-matrix).exe
2014-10-02 01:15 - 2014-10-02 01:15 - 00000511 _____ () C:\Users\CHB\Desktop\ZMA.txt
2014-10-01 23:23 - 2014-10-01 23:23 - 00000000 ____D () C:\Users\CHB\Desktopl
2014-10-01 23:19 - 2014-10-01 23:19 - 00002367 _____ () C:\Users\CHB\Desktop\FSS.txt
2014-10-01 22:28 - 2014-10-01 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-01 21:54 - 2014-10-05 01:26 - 00000000 ____D () C:\FRST
2014-10-01 21:53 - 2014-10-05 01:26 - 00000000 ____D () C:\Users\CHB\Desktop\FRST64
2014-10-01 21:31 - 2014-10-04 15:14 - 00000000 ____D () C:\AdwCleaner
2014-10-01 20:55 - 2014-10-05 01:19 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 20:55 - 2014-10-01 20:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-01 20:55 - 2014-10-01 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-01 20:55 - 2014-10-01 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-01 20:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-01 20:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-01 20:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-01 10:28 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-01 10:28 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-30 11:32 - 2014-10-02 00:41 - 00028328 _____ () C:\Users\CHB\Desktop\Script-samling (3D-system).gml
2014-09-30 10:32 - 2014-09-30 10:32 - 00046592 ____N () C:\Users\CHB\Desktop\HiB - Fag-plan HEAU_12.xls
2014-09-29 16:27 - 2014-09-29 16:28 - 134382716 _____ () C:\Users\CHB\Desktop\Diligence isn't a Personality Type it's a Skill You Learn.mp4
2014-09-29 10:37 - 2013-12-22 09:12 - 00000000 ____D () C:\Users\CHB\Desktop\processhacker-2.33-bin
2014-09-28 20:52 - 2014-09-28 20:52 - 00361750 _____ () C:\Users\CHB\Desktop\quakeds_271007_r3.zip
2014-09-28 20:51 - 2014-09-28 20:51 - 00444370 _____ () C:\Users\CHB\Desktop\quake2ds_100208_r1.zip
2014-09-28 19:18 - 2014-10-01 21:39 - 00000428 _____ () C:\Users\CHB\Desktop\_SeptNOTATER.txt
2014-09-28 19:17 - 2014-09-28 19:17 - 00000048 _____ () C:\Users\CHB\Desktop\_Arbeidsplasser.txt
2014-09-27 11:09 - 2014-09-27 11:09 - 00059676 _____ () C:\Users\CHB\Desktop\MHS FileWatcher-SRC.rar
2014-09-27 11:09 - 2014-09-27 11:09 - 00033763 _____ () C:\Users\CHB\Desktop\MHS SampleBreakpointHandler.zip
2014-09-27 11:08 - 2014-09-27 11:08 - 04519627 _____ () C:\Users\CHB\Desktop\MHS6.1.rar
2014-09-27 11:08 - 2014-09-27 11:08 - 02585563 _____ () C:\Users\CHB\Desktop\MHS Help.chm
2014-09-27 11:07 - 2014-09-27 11:07 - 00439891 _____ () C:\Users\CHB\Desktop\Matlab_SynGrasp20.zip
2014-09-27 11:03 - 2014-09-27 11:03 - 01808341 _____ () C:\Users\CHB\Desktop\movx.mov
2014-09-27 10:55 - 2014-09-27 10:55 - 10743952 _____ () C:\Users\CHB\Desktop\Matlb_kinematics.zip
2014-09-27 10:53 - 2014-09-27 10:59 - 144648499 _____ () C:\Users\CHB\Desktop\VRX_Q2_CLIENT_FULL.zip
2014-09-27 10:47 - 2014-09-27 10:48 - 99748287 _____ (COR Entertainment ) C:\Users\CHB\Desktop\codered1_1.exe
2014-09-27 10:47 - 2014-09-27 10:47 - 03656618 _____ () C:\Users\CHB\Desktop\chclt305.EXE
2014-09-27 10:46 - 2014-09-27 10:46 - 01209992 _____ () C:\Users\CHB\Desktop\Gladiator.zip
2014-09-27 10:46 - 2014-09-27 10:46 - 00443335 _____ () C:\Users\CHB\Desktop\JABot-Q2-0.9.zip
2014-09-27 10:45 - 2014-09-27 10:46 - 00886001 _____ () C:\Users\CHB\Desktop\borrador2_1-bin.zip
2014-09-27 10:45 - 2014-09-27 10:46 - 00198264 _____ () C:\Users\CHB\Desktop\rambot_v48a.zip
2014-09-27 10:45 - 2014-09-27 10:46 - 00187870 _____ () C:\Users\CHB\Desktop\crbot114.zip
2014-09-27 10:45 - 2014-09-27 10:45 - 02662335 _____ () C:\Users\CHB\Desktop\eraser101.zip
2014-09-27 10:45 - 2014-09-27 10:45 - 00225344 _____ () C:\Users\CHB\Desktop\famke70.zip
2014-09-27 10:44 - 2014-09-27 10:45 - 01214014 _____ () C:\Users\CHB\Desktop\ice_10.zip
2014-09-27 10:44 - 2014-09-27 10:45 - 00326973 _____ () C:\Users\CHB\Desktop\gsb.zip
2014-09-27 10:44 - 2014-09-27 10:45 - 00282887 _____ () C:\Users\CHB\Desktop\nbot_06_2_.zip
2014-09-27 10:44 - 2014-09-27 10:44 - 00503734 _____ () C:\Users\CHB\Desktop\3ZB2.zip
2014-09-27 10:43 - 2014-09-27 10:43 - 00639496 _____ () C:\Users\CHB\Desktop\Eraser.rar
2014-09-27 10:39 - 2014-09-27 10:39 - 27257404 _____ () C:\Users\CHB\Desktop\paintball2_build037_full.exe
2014-09-27 10:38 - 2014-09-27 10:38 - 02602603 _____ () C:\Users\CHB\Desktop\lox_1_12_7_full.zip
2014-09-27 10:36 - 2014-09-27 10:36 - 00142086 _____ () C:\Users\CHB\Desktop\Q1sigbot2.zip
2014-09-27 10:36 - 2014-09-27 10:36 - 00131072 _____ () C:\Users\CHB\Desktop\Q1trmbot09.zip
2014-09-27 10:36 - 2014-09-27 10:36 - 00070837 _____ () C:\Users\CHB\Desktop\Q1StoogeBot.zip
2014-09-27 10:34 - 2014-09-27 10:34 - 01239808 _____ () C:\Users\CHB\Desktop\Quake-1 QWterminator.zip
2014-09-27 10:33 - 2014-09-27 10:33 - 03205138 _____ () C:\Users\CHB\Desktop\Q1Mystery Bot.zip
2014-09-27 10:31 - 2014-09-27 10:31 - 00453067 _____ () C:\Users\CHB\Desktop\q2-zgh-frknocheat2.34.rar
2014-09-27 10:31 - 2014-09-27 10:31 - 00051473 _____ () C:\Users\CHB\Desktop\rehackedratbot.rar
2014-09-27 10:31 - 2014-09-27 10:31 - 00047607 _____ () C:\Users\CHB\Desktop\zbot.zip
2014-09-27 10:31 - 2014-09-27 10:31 - 00021747 _____ () C:\Users\CHB\Desktop\zorbot.zip
2014-09-27 10:30 - 2014-09-27 10:30 - 00268452 _____ () C:\Users\CHB\Desktop\q2xania-v0.4.0e.zip
2014-09-27 10:24 - 2014-09-27 10:24 - 00126595 _____ () C:\Users\CHB\Desktop\Q3Wallhack0_3_autoshoot_.zip
2014-09-27 10:21 - 2014-09-27 10:21 - 08979142 _____ () C:\Users\CHB\Desktop\lokobot_014.zip
2014-09-27 10:18 - 2014-09-27 10:18 - 00448044 _____ () C:\Users\CHB\Desktop\JABot-Q2-0.9.3.zip
2014-09-27 10:18 - 2014-09-27 10:18 - 00345700 _____ () C:\Users\CHB\Desktop\ace008_src.zip
2014-09-26 21:54 - 2014-09-26 21:55 - 00000290 _____ () C:\Users\CHB\Desktop\Musikk lignende Massive Attack.txt
2014-09-26 17:11 - 2014-09-26 17:11 - 00001248 _____ () C:\Users\CHB\Desktop\Newton-meter & Newton-cm.txt
2014-09-24 23:16 - 2014-09-24 23:16 - 00001506 _____ () C:\Users\CHB\Desktop\_Anim8or Tips & Tool tips.lnk
2014-09-24 16:31 - 2014-09-24 16:32 - 00000000 ____D () C:\Users\CHB\Desktop\_Sorteres- El-utladninger, ionisering osv
2014-09-24 15:37 - 2014-09-24 15:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 22:46 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-23 22:46 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-21 20:08 - 2014-09-21 20:09 - 22959730 _____ () C:\Users\CHB\Desktop\007tgb4beta.exe
2014-09-21 09:54 - 2014-09-21 09:54 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Process Hacker 2
2014-09-20 23:14 - 2014-10-01 20:41 - 00001885 _____ () C:\Users\CHB\Desktop\Process Hacker 2.lnk
2014-09-20 23:14 - 2014-09-20 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-09-20 23:14 - 2014-09-20 23:14 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-09-19 16:18 - 2014-09-19 16:18 - 00000472 _____ () C:\Users\CHB\Desktop\Quaternion animasjonstips.txt
2014-09-18 23:18 - 2014-09-18 23:19 - 00683350 _____ () C:\Users\CHB\Desktop\unicodeDictionary.txt
2014-09-18 19:01 - 2014-09-18 19:01 - 09659798 _____ () C:\Users\Public\Desktop\fsdiag.zip
2014-09-18 18:54 - 2014-09-18 18:54 - 09624054 _____ () C:\Users\Public\Desktop\fsdiag1.tar.gz
2014-09-18 12:27 - 2014-09-18 12:27 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\com0com
2014-09-18 12:27 - 2014-09-18 12:27 - 00000000 ____D () C:\Program Files (x86)\com0com
2014-09-18 12:18 - 2014-09-18 12:18 - 01788108 _____ () C:\Users\CHB\Desktop\asdlemul2.zip
2014-09-18 11:40 - 2014-09-18 11:40 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\HW group
2014-09-18 11:40 - 2014-09-18 11:40 - 00000000 ____D () C:\Program Files (x86)\HW group
2014-09-18 11:40 - 2010-04-19 13:53 - 00067072 _____ (ELTIMA Software) C:\windows\system32\Drivers\evserial.sys
2014-09-18 11:40 - 2010-04-19 13:53 - 00032768 _____ (ELTIMA Software) C:\windows\system32\Drivers\evsbc.sys
2014-09-17 23:32 - 2014-09-17 23:32 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\TrojanHunter
2014-09-17 22:47 - 2014-09-17 22:47 - 00043781 _____ () C:\Users\CHB\Desktop\dds.txt
2014-09-17 22:47 - 2014-09-17 22:47 - 00036022 _____ () C:\Users\CHB\Desktop\attach.txt
2014-09-17 12:03 - 2014-09-17 12:03 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll
2014-09-17 11:18 - 2014-09-17 11:18 - 00001330 _____ () C:\windows\DIFx.log
2014-09-17 11:18 - 2014-09-17 11:18 - 00000000 ____D () C:\windows\SysWOW64\AGEIA
2014-09-17 11:18 - 2014-09-17 11:18 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-15 12:40 - 2014-09-15 12:43 - 00000000 ____D () C:\Users\CHB\AppData\Local\GOG.com
2014-09-14 10:52 - 2014-09-14 10:52 - 03020282 _____ () C:\Users\CHB\Desktop\vsgdemo.wmv
2014-09-12 19:27 - 2014-09-12 19:27 - 00001260 _____ () C:\Users\CHB\Desktop\Sawdust Jacket Filler for Heat.txt
2014-09-12 19:23 - 2014-09-12 19:23 - 00001753 _____ () C:\Users\CHB\Desktop\A Creative Solution for Division by Zero.txt
2014-09-11 23:54 - 2014-09-11 23:55 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\GameMaker-Studio
2014-09-11 20:43 - 2014-09-19 20:27 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\qfsm
2014-09-11 20:43 - 2014-09-11 20:45 - 00000000 ____D () C:\Users\CHB\.qfsm
2014-09-11 20:43 - 2014-09-11 20:43 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qfsm
2014-09-11 10:38 - 2014-10-02 01:48 - 00000520 _____ () C:\windows\netdet.ini
2014-09-11 10:33 - 2014-09-11 10:33 - 00000150 _____ () C:\AUTOEXEC.BAT
2014-09-11 10:33 - 2014-09-11 10:33 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cinderella SDL
2014-09-11 10:33 - 2014-09-11 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinderella SDL
2014-09-11 10:33 - 2001-03-13 15:53 - 00077878 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.002
2014-09-11 10:33 - 2000-03-07 01:00 - 00278581 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.001
2014-09-11 10:33 - 1999-09-30 00:08 - 00466944 _____ (Softlocx) C:\windows\SysWOW64\Softlocx3.ocx
2014-09-10 23:51 - 2014-09-10 23:53 - 00000000 ____D () C:\Users\CHB\Documents\DynamicsForSpaceClaim
2014-09-10 23:48 - 2014-09-10 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dynamics for SpaceClaim
2014-09-10 15:30 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-10 15:30 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-10 15:30 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-10 15:30 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-10 15:30 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-10 15:30 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-10 15:30 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-10 15:30 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-10 15:30 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-10 15:30 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-10 15:30 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-10 15:30 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-10 15:30 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-10 15:30 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-10 15:30 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-10 15:30 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-10 15:30 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-10 15:30 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-10 15:30 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-10 15:30 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-10 15:30 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:30 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-10 15:30 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-10 15:30 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:30 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-10 15:30 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-10 15:30 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-10 15:30 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-10 15:30 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-10 15:30 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-10 15:30 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-10 15:30 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-10 15:30 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-10 15:30 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-10 15:30 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-10 15:30 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-10 15:30 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-10 15:30 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-10 15:30 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-10 15:30 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-10 15:30 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-10 15:30 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 15:30 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-10 15:30 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-10 15:30 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-10 15:30 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-10 15:30 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-10 15:30 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-10 15:30 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-10 15:30 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-10 15:30 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-10 15:30 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-10 15:30 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-10 15:30 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-10 15:30 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-10 15:30 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-10 15:09 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-10 15:09 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 10:25 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-10 10:25 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-10 10:24 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 10:24 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 10:24 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 10:24 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 10:24 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-10 10:24 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 10:24 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-09 13:42 - 2014-09-09 13:42 - 00132912 _____ () C:\Users\CHB\Desktop\PolyMesh_from_Nurbs__1.obj
2014-09-09 13:21 - 2014-09-09 13:21 - 00000000 ____D () C:\Users\CHB\AppData\Local\.altair_licensing
2014-09-09 13:21 - 2014-09-09 13:21 - 00000000 ____D () C:\ProgramData\altair
2014-09-09 12:58 - 2014-09-09 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve 2014 3875 (64-bit)
2014-09-08 19:50 - 2014-09-08 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S2
2014-09-08 19:49 - 2014-09-08 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parallax Inc
2014-09-08 19:47 - 2014-09-08 22:38 - 00000000 ____D () C:\Users\CHB\AppData\Local\Parallax
2014-09-08 11:16 - 2014-09-08 11:50 - 00000000 ____D () C:\Users\CHB\Documents\StarCitizen
2014-09-08 11:16 - 2014-09-08 11:16 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen
2014-09-07 23:02 - 2014-09-07 23:01 - 00013221 _____ () C:\Users\CHB\Desktop\mictelem_zip.zip
2014-09-07 18:15 - 2014-09-11 20:43 - 00000000 ____D () C:\Users\CHB\Desktop\FSM programmer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 00:21 - 2009-07-14 06:45 - 00026208 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 00:21 - 2009-07-14 06:45 - 00026208 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 00:17 - 2009-07-14 07:13 - 00815900 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-05 00:14 - 2013-09-24 12:47 - 00000542 _____ () C:\windows\Tasks\MATLAB R2013b Startup Accelerator.job
2014-10-05 00:13 - 2013-02-07 14:04 - 00000000 ____D () C:\ProgramData\VMware
2014-10-05 00:13 - 2013-01-05 00:02 - 00073788 _____ () C:\windows\setupact.log
2014-10-05 00:13 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-05 00:08 - 2012-08-25 12:55 - 01060992 _____ () C:\windows\WindowsUpdate.log
2014-10-04 23:35 - 2012-08-25 22:54 - 00000000 ____D () C:\Users\CHB\Documents\Outlook Files
2014-10-04 16:25 - 2012-08-25 22:44 - 00000000 ____D () C:\Users\CHB\AppData\Local\VirtualStore
2014-10-04 10:26 - 2012-10-02 15:36 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Audacity
2014-10-04 05:56 - 2009-07-14 07:38 - 00025600 ___SH () C:\windows\system32\config\BCD-Template.LOG
2014-10-04 05:56 - 2009-07-14 07:32 - 00028672 _____ () C:\windows\system32\config\BCD-Template
2014-10-03 21:33 - 2012-09-02 18:38 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Media Player Classic
2014-10-03 20:02 - 2012-11-16 23:50 - 00000008 __RSH () C:\Users\CHB\ntuser.pol
2014-10-03 20:02 - 2012-08-25 22:44 - 00000000 ____D () C:\Users\CHB
2014-10-03 19:59 - 2014-02-07 23:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-02 20:33 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-10-02 20:32 - 2013-03-11 20:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-02 20:31 - 2012-11-13 22:18 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Skype
2014-10-02 20:24 - 2012-08-26 00:28 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Macromedia
2014-10-02 12:08 - 2013-04-22 15:29 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Dropbox
2014-10-02 00:00 - 2013-01-09 00:15 - 00000000 ____D () C:\Users\CHB\Documents\Visual Studio 2010
2014-10-01 22:42 - 2014-08-25 09:17 - 00000208 _____ () C:\Users\CHB\Desktop\stikkord for mekanisk prototyping.txt
2014-10-01 22:28 - 2014-07-31 05:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-01 22:28 - 2012-11-13 22:17 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 21:45 - 2013-01-05 00:02 - 00447344 _____ () C:\windows\PFRO.log
2014-10-01 21:15 - 2012-09-14 21:04 - 00000000 ____D () C:\windows\Hewlett-Packard
2014-10-01 20:55 - 2012-09-02 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-01 20:19 - 2012-09-08 21:33 - 00000000 ____D () C:\Users\CHB\AppData\Local\Downloaded Installations
2014-10-01 20:17 - 2012-11-30 18:13 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\uTorrent
2014-10-01 15:29 - 2014-09-01 11:25 - 00000000 ____D () C:\Users\CHB\AppData\Local\VMware
2014-10-01 13:34 - 2014-02-15 20:43 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\VMware
2014-09-30 23:44 - 2013-06-26 19:51 - 00000000 ____D () C:\Users\CHB\AppData\Local\Arma 3
2014-09-28 17:14 - 2012-11-18 13:57 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\vlc
2014-09-25 22:45 - 2012-09-06 20:24 - 00000000 ____D () C:\Users\CHB\Documents\Mine skanninger
2014-09-25 12:38 - 2012-09-04 16:49 - 00005161 _____ () C:\Users\Public\Documents\Global.sw2
2014-09-24 21:09 - 2014-07-02 00:33 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Adobe
2014-09-24 16:24 - 2014-05-21 00:07 - 00006419 _____ () C:\Users\CHB\Desktop\CINT-spm-valg.txt
2014-09-24 15:52 - 2014-08-30 16:24 - 00000000 ____D () C:\Users\CHB\Desktop\John Gabriel maths
2014-09-24 13:46 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-24 12:11 - 2013-06-24 01:51 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 12:11 - 2013-06-24 01:51 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 12:05 - 2009-07-14 06:45 - 01452864 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-20 22:51 - 2014-04-29 11:03 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\.doomseeker
2014-09-19 11:47 - 2013-04-22 15:33 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 09:03 - 2014-07-25 11:23 - 00000000 ____D () C:\Program Files (x86)\Universal Extractor
2014-09-18 12:44 - 2014-07-17 21:07 - 00155401 _____ () C:\Users\CHB\Desktop\pcb-router.zip
2014-09-18 12:25 - 2012-09-02 15:29 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-18 11:44 - 2013-02-22 13:54 - 00424274 _____ () C:\windows\DPINST.LOG
2014-09-18 11:43 - 2012-08-25 16:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-18 11:38 - 2013-01-26 14:12 - 00000000 ____D () C:\windows\Downloaded Installations
2014-09-18 11:36 - 2013-02-22 13:54 - 00000000 ____D () C:\Program Files\DIFX
2014-09-16 14:58 - 2014-02-16 01:01 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker
2014-09-16 14:58 - 2014-02-16 01:01 - 00000000 ____D () C:\Program Files (x86)\RADVideo
2014-09-15 18:50 - 2012-08-25 22:44 - 00364168 _____ () C:\Users\CHB\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-15 12:52 - 2014-05-16 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-09-15 12:52 - 2014-01-31 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-11 23:55 - 2012-09-08 22:31 - 00000000 ____D () C:\Users\CHB\AppData\Local\GameMaker-Studio
2014-09-11 23:51 - 2014-02-16 00:00 - 00000000 ____D () C:\Users\CHB\AppData\Local\GameMaker-Studio-Early-Access
2014-09-10 23:48 - 2014-02-21 14:38 - 00000000 ____D () C:\Program Files\SpaceClaim
2014-09-10 15:29 - 2012-08-25 21:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:28 - 2012-08-25 16:47 - 00800210 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-10 15:26 - 2013-08-03 13:06 - 00000000 ____D () C:\windows\system32\MRT
2014-09-10 15:10 - 2012-08-25 16:52 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-09 13:21 - 2014-02-20 22:15 - 00000000 ____D () C:\Users\CHB\AppData\Local\solidThinking
2014-09-09 13:21 - 2012-09-03 01:28 - 00000000 ____D () C:\Users\CHB\Documents\solidThinking
2014-09-08 11:16 - 2012-11-11 18:53 - 00000000 ____D () C:\windows\SysWOW64\directx
2014-09-07 19:52 - 2012-09-01 18:26 - 00000000 ____D () C:\Users\CHB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-05 16:16 - 2012-12-06 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\Users\CHB\DropTeamServerExtras.dat
C:\Users\CHB\DropTeamSettings.dat
C:\Users\CHB\DropTeamTips.dat


Some content of TEMP:
====================
C:\Users\CHB\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfszdhq.dll
C:\Users\CHB\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 17:30

==================== End Of Log ============================

 

 

 

Incase this is useful; here is the very first FRST fix log from October 2nd:

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-143089826-2696377215-1423231580-1003\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} => value deleted successfully.
"HKCR\CLSID\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793}" => Key not found.
\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.26.dll No File => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} => value deleted successfully.
"HKCR\CLSID\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
\npPandoWebPlugin.dll No File => Error: No automatic fix found for this entry.
C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\user.js => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml => Moved successfully.
<NtDriverName> => Service deleted successfully.
Achernar => Service deleted successfully.
Aldebaran => Service deleted successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
btmaux => Service deleted successfully.
cleanhlp => Service deleted successfully.
intaud_WaveExtensible => Service deleted successfully.
iwdbus => Service deleted successfully.
NEWDRIVER => Service deleted successfully.
prodrv06 => Service deleted successfully.
s7oefs_x => Service deleted successfully.
usb3Hub => Service deleted successfully.
usb6xxxk => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
XHCIPort => Service deleted successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":590AF7FD" ADS removed successfully.
C:\ProgramData\TEMP => ":76650B61" ADS removed successfully.
C:\ProgramData\TEMP => ":890CC2F3" ADS removed successfully.
C:\ProgramData\TEMP => ":DDE29E40" ADS removed successfully.

 

 

 

and here is the last FRST fix log from today (Achernar.sys entry was removed from fixlist.txt by me in order to reboot successfully, note that Achernar.sys is gone still):

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key not found.
"C:\windows\system32\GroupPolicyUsers\S-1-5-21-143089826-2696377215-1423231580-1003\User" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} => Value not found.
"HKCR\CLSID\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793}" => Key not found.
\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.26.dll No File => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} => Value not found.
"HKCR\Wow6432Node\CLSID\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} => Value not found.
"HKCR\CLSID\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key not found.
\npPandoWebPlugin.dll No File => Error: No automatic fix found for this entry.
C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\user.js not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml" => not found.
<NtDriverName> => Service deleted successfully.
Aldebaran => Service not found.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
btmaux => Service not found.
cleanhlp => Service not found.
intaud_WaveExtensible => Service not found.
iwdbus => Service not found.
NEWDRIVER => Service not found.
prodrv06 => Service not found.
s7oefs_x => Service not found.
usb3Hub => Service not found.
usb6xxxk => Service not found.
VBoxNetFlt => Service not found.
XHCIPort => Service not found.
"C:\ProgramData\TEMP" => ":56E2E879" ADS not found.
"C:\ProgramData\TEMP" => ":590AF7FD" ADS not found.
"C:\ProgramData\TEMP" => ":76650B61" ADS not found.
"C:\ProgramData\TEMP" => ":890CC2F3" ADS not found.
"C:\ProgramData\TEMP" => ":DDE29E40" ADS not found.


Edited by inputoutput, 04 October 2014 - 06:43 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 05 October 2014 - 07:44 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.26.dll No File
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.26.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S0 Achernar; system32\Drivers\Achernar.sys [X]
R3 ALSysIO; \??\C:\Users\CHB\AppData\Local\Temp\ALSysIO64.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#15 inputoutput

inputoutput
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 05 October 2014 - 02:15 PM

FRST log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by CHB at 2014-10-05 20:32:37 Run:11
Running from C:\Users\CHB\Desktop\FRST64
Loaded Profile: CHB (Available profiles: admin & CHB)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.26.dll No File
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\CHB\AppData\Roaming\Mozilla\Firefox\Profiles\p8sd28e3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.26.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S0 Achernar; system32\Drivers\Achernar.sys [X]
R3 ALSysIO; \??\C:\Users\CHB\AppData\Local\Temp\ALSysIO64.sys [X]

End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => value deleted successfully.
"HKCR\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
Achernar => Service deleted successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.

==== End of Fixlog ====

 

 

Security Check log:

 

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
F-Secure Client Security 9.00   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 F-Secure Client Security - Virus & Spy Protection
 UT Cache Cleaner v3.0  
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 F-Secure Anti-Virus fsgk32st.exe  
 F-Secure Anti-Virus FSGK32.EXE  
 F-Secure Anti-Virus fssm32.exe  
 F-Secure Anti-Virus fsav32.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 40% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

 

The computer seems to run fine.


Edited by inputoutput, 05 October 2014 - 04:26 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users