Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log - pretty sure someone hacked me good


  • This topic is locked This topic is locked
8 replies to this topic

#1 briangle

briangle

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 18 October 2014 - 06:53 PM

Just used a credit card for the first time on this laptop and shortly after had tons of charges from a different state.  Would VERY much appreciate some help here, as I would hate to have to reinstall windows.

 

It won't let me access the hosts file and when I try to open it Notepad I get this sample page:

 

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost
 

 

 

 

My hijack this log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:51:47 PM, on 10/18/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)

FIREFOX: 32.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera_crashreporter.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Users\A\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files (x86)\Calibre2\calibre.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Opera\25.0.1614.50\opera.exe
C:\Users\A\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\A\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10598 bytes
 

 

 

Thank you so much for anyone who can help me root out this POS hacker!

 

 

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 23 October 2014 - 10:26 AM

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 briangle

briangle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 23 October 2014 - 11:13 PM

The computer seems to be running normally, but I don't monitor it closely or proficiently.

 

Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/23/2014
Scan Time: 9:16:23 PM
Logfile: malware log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.24.01
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: A

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324223
Time Elapsed: 40 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MyStart.A, HKLM\SOFTWARE\WOW6432NODE\mystarttb, Quarantined, [b01122f527553501710812170df66b95],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.OpenCandy, C:\Users\A\AppData\Roaming\OpenCandy, Quarantined, [07ba68affc80d95d4acb28c9d72b2bd5],
PUP.Optional.OpenCandy, C:\Users\A\AppData\Roaming\OpenCandy\D2A02D023F984776BBD3C97C9B39D177, Quarantined, [07ba68affc80d95d4acb28c9d72b2bd5],

Files: 3
PUP.Optional.MyStart.A, C:\Users\A\AppData\Local\Temp\mystart-manifest.xml, Quarantined, [1da4898e255725116b044dd42dd68977],
PUP.Optional.MyStart.A, C:\Users\A\AppData\Local\Temp\mystart-toolbar.xml, Quarantined, [58692deab8c4df57ea8649d8e71c9868],
PUP.Optional.OpenCandy, C:\Users\A\AppData\Roaming\OpenCandy\D2A02D023F984776BBD3C97C9B39D177\AVG-PC-TuneUp2014.exe, Quarantined, [07ba68affc80d95d4acb28c9d72b2bd5],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

Adware Log:

# AdwCleaner v4.001 - Report created 23/10/2014 at 22:25:23
# Updated 20/10/2014 by Xplode
# Database : 2014-10-23.2
# Operating System : Windows 8.1  (64 bits)
# Username : A - BRIANLAPTOP
# Running from : C:\Users\A\Downloads\adwcleaner_4.001.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Email Notifier
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [799 octets] - [23/10/2014 22:25:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [858 octets] ##########
 

 

 

 

 

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by A (administrator) on BRIANLAPTOP on 23-10-2014 23:07:47
Running from C:\Users\A\Desktop
Loaded Profile: A (Available profiles: A)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [29696 2013-08-22] (Microsoft Corporation)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-04] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3321942748-2812054471-2803731534-1001\...\Run: [uTorrent] => C:\Users\A\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-07] (BitTorrent Inc.)
HKU\S-1-5-21-3321942748-2812054471-2803731534-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [404080 2014-06-12] (CyberGhost S.R.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3wg54hfw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3wg54hfw.default\Extensions\abs@avira.com [2014-10-01]
FF Extension: Autofill - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3wg54hfw.default\Extensions\firefox-autofill@googlegroups.com.xpi [2014-05-05]
FF Extension: Email This! Bookmarklet Extension - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3wg54hfw.default\Extensions\gmailthis@lazyrussian.com.xpi [2014-05-05]
FF Extension: Textme - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3wg54hfw.default\Extensions\help@ontextme.com.xpi [2014-07-25]
FF Extension: Lightbeam - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3wg54hfw.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-05-05]
FF Extension: Google Translator for Firefox - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3wg54hfw.default\Extensions\translator@zoli.bod.xpi [2014-05-05]
FF Extension: UsableHomeButton - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3wg54hfw.default\Extensions\usablehomebutton@tanalin.com.xpi [2014-05-05]
FF Extension: Shorten URL (bit.ly) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3wg54hfw.default\Extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi [2014-05-05]
FF Extension: Adblock Plus - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3wg54hfw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-08]
CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-08]
CHR Extension: (Google Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-08]
CHR Extension: (AdBlock) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-05-08]
CHR Extension: (Google Voice (by Google)) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-05-08]
CHR Extension: (WordPress.com) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2014-05-08]
CHR Extension: (StayFocusd) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-05-08]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-05-08]
CHR Extension: (Google Wallet) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-08]
CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-04-30] (Fork Ltd.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-07-31] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-07-31] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
S3 tapSF0901; C:\Windows\system32\DRIVERS\tapSF0901.sys [39104 2014-07-11] (Spotflux, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 23:07 - 2014-10-23 23:08 - 00015250 _____ () C:\Users\A\Desktop\FRST.txt
2014-10-23 23:07 - 2014-10-23 23:07 - 00000000 ____D () C:\FRST
2014-10-23 23:06 - 2014-10-23 23:06 - 02112000 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
2014-10-23 22:25 - 2014-10-23 22:39 - 00000000 ____D () C:\AdwCleaner
2014-10-23 22:23 - 2014-10-23 22:23 - 01962496 _____ () C:\Users\A\Desktop\adwcleaner_4.001.exe
2014-10-23 21:08 - 2014-10-23 21:16 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-23 21:07 - 2014-10-23 21:07 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-23 21:07 - 2014-10-23 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 21:07 - 2014-10-23 21:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-23 21:07 - 2014-10-23 21:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-23 21:07 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-23 21:07 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-23 21:07 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-23 21:05 - 2014-10-23 21:06 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\A\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-23 15:38 - 2014-10-23 15:38 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-23 15:38 - 2014-10-23 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-23 15:36 - 2014-10-23 15:37 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-23 15:36 - 2014-10-23 15:37 - 00000000 ____D () C:\Program Files\iTunes
2014-10-23 15:36 - 2014-10-23 15:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-23 15:36 - 2014-10-23 15:36 - 00000000 ____D () C:\Program Files\iPod
2014-10-23 04:10 - 2014-10-23 04:10 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-23 04:10 - 2014-10-23 04:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-23 04:10 - 2014-10-23 04:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-23 04:08 - 2014-10-23 04:08 - 01677920 _____ (Skype Technologies S.A.) C:\Users\A\Downloads\SkypeSetup.exe
2014-10-21 21:54 - 2014-10-21 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-21 21:53 - 2014-10-21 21:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-21 21:53 - 2014-10-21 21:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-21 06:13 - 2014-10-21 06:14 - 00000000 ____D () C:\Users\A\AppData\Local\CyberGhost
2014-10-21 06:11 - 2014-10-21 06:11 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-10-21 06:10 - 2014-10-21 06:12 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-10-21 06:10 - 2014-10-21 06:10 - 00001742 _____ () C:\Users\A\Desktop\CyberGhost 5.lnk
2014-10-21 06:10 - 2014-10-21 06:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-10-20 18:00 - 2014-10-20 18:07 - 837727699 _____ () C:\Users\A\Downloads\[ www.UsaBit.com ] - The Newton Boys (1998) BluRay 720p 800MB Ganool.mkv
2014-10-18 04:10 - 2014-10-18 19:53 - 00000000 ____D () C:\Users\A\Downloads\D.R.U.G.S
2014-10-17 00:15 - 2014-10-17 02:33 - 00000000 ____D () C:\Users\A\Downloads\Vince Staples - Hell Can Wait [2014] 320
2014-10-17 00:13 - 2014-10-17 02:33 - 00000000 ____D () C:\Users\A\Downloads\Pharmakon-Bestial Burden (2014)
2014-10-14 15:46 - 2014-10-09 17:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-14 15:46 - 2014-10-08 17:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-14 15:46 - 2014-09-18 20:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-14 15:46 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-14 15:46 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-14 15:46 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-14 15:46 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-14 15:46 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-14 15:46 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-14 15:46 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-14 15:46 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-14 14:55 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-14 14:54 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-14 14:54 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-14 14:54 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-14 14:54 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-14 14:54 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-14 14:54 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-14 14:54 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-14 14:54 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-14 14:54 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-14 14:54 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-14 14:54 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-14 14:54 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-14 14:54 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-14 14:54 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-14 14:53 - 2014-09-13 01:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-14 14:53 - 2014-09-13 00:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-14 14:52 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-14 14:52 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-14 14:52 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-14 14:52 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-14 14:52 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-14 14:51 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-14 14:51 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-14 14:51 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-14 14:51 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-14 14:51 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-14 14:51 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-14 14:51 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-14 14:51 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-14 14:51 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-14 14:51 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-14 14:51 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-14 14:51 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-14 14:51 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-14 14:51 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-14 14:51 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-14 14:51 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-14 14:51 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-14 14:51 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-14 14:51 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-14 14:51 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-14 14:51 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-14 14:51 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-14 14:51 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-14 14:51 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-14 14:51 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-14 14:51 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-14 14:51 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-14 14:51 - 2014-08-15 23:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-14 14:51 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-14 14:51 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-14 14:51 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-14 14:51 - 2014-08-15 22:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-14 14:51 - 2014-08-15 22:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-14 14:51 - 2014-08-15 22:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-14 14:51 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-14 14:51 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-14 14:51 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-14 14:51 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-14 14:51 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-14 14:51 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-14 14:51 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-14 14:51 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-14 14:51 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-14 14:51 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-14 14:51 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-14 14:51 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-14 14:51 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-14 14:51 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-14 14:51 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-14 14:51 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-14 14:51 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-14 14:51 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-14 14:51 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-14 14:51 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-14 14:51 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-14 14:51 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-14 14:51 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-14 14:51 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-14 14:51 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-14 14:51 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-14 14:51 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-14 14:51 - 2014-07-31 18:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-14 05:41 - 2014-10-17 02:33 - 00000000 ____D () C:\Users\A\Downloads\Oliver Smolders - Black Night (2004)
2014-10-14 05:32 - 2014-10-14 05:32 - 00000000 ____D () C:\Users\A\Downloads\Francis Fukuyama - The Origins Of Political Order 2011
2014-10-13 23:24 - 2014-10-17 02:33 - 00000000 ____D () C:\Users\A\Downloads\Salesman
2014-10-13 19:11 - 2014-10-13 19:11 - 00000000 ____D () C:\Users\A\Downloads\Edward Yang - A Brighter Summer Day (1991)
2014-10-13 19:02 - 2014-10-13 23:14 - 00000000 ____D () C:\Users\A\Downloads\Chris_Marker-Level_5-1997
2014-10-13 18:53 - 2014-10-13 23:14 - 00000000 ____D () C:\Users\A\Downloads\capote 2005 720p brrip x264 yify
2014-10-12 22:35 - 2014-10-12 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electric Sheep
2014-10-12 22:34 - 2014-10-12 22:35 - 00000000 ____D () C:\ProgramData\ElectricSheep
2014-10-12 22:34 - 2014-10-12 22:35 - 00000000 ____D () C:\Program Files (x86)\Electric Sheep
2014-10-12 22:34 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2014-10-09 01:37 - 2014-10-09 01:37 - 00186326 _____ () C:\Users\A\Desktop\Program  Communication, B.A. - University of Houston - Acalog ACMS™.htm
2014-10-09 01:37 - 2014-10-09 01:37 - 00000000 ____D () C:\Users\A\Desktop\Program  Communication, B.A. - University of Houston - Acalog ACMS™_files
2014-10-08 21:49 - 2014-10-18 18:51 - 00010600 _____ () C:\Users\A\Downloads\hijackthis.log
2014-10-08 21:42 - 2014-10-08 21:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\A\Downloads\HijackThis.exe
2014-10-08 17:13 - 2014-10-08 17:19 - 00000000 ____D () C:\Users\A\Downloads\Rules for Radicals
2014-10-06 05:59 - 2014-10-23 22:15 - 00000123 _____ () C:\Users\A\Desktop\misc.txt
2014-10-06 05:57 - 2014-07-12 11:35 - 00000791 _____ () C:\Users\A\Desktop\µTorrent.lnk
2014-10-02 19:06 - 2014-10-02 11:32 - 01483081 _____ () C:\Users\A\Downloads\sadharmonicsongtake2.m4a
2014-10-02 19:06 - 2014-10-02 11:26 - 01422155 _____ () C:\Users\A\Downloads\sadharmonicsong.m4a
2014-09-29 15:08 - 2014-09-28 19:51 - 02948035 _____ () C:\Users\A\Desktop\20140928 194151.m4a
2014-09-29 15:08 - 2014-09-28 19:24 - 02159760 _____ () C:\Users\A\Desktop\20140928 191944.m4a
2014-09-29 15:08 - 2014-09-28 17:05 - 01273966 _____ () C:\Users\A\Desktop\20140928 151734.m4a
2014-09-29 15:08 - 2014-09-28 14:19 - 03419968 _____ () C:\Users\A\Desktop\20140928 141147.m4a
2014-09-29 15:08 - 2014-09-28 13:41 - 04384716 _____ () C:\Users\A\Desktop\20140928 122818.m4a
2014-09-29 14:43 - 2014-10-23 15:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-25 17:32 - 2014-09-25 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 23:08 - 2014-05-08 12:46 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 23:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-23 22:34 - 2014-07-31 21:01 - 00000000 __RDO () C:\Users\A\OneDrive
2014-10-23 22:34 - 2014-05-08 12:46 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 22:34 - 2014-05-04 16:54 - 00000408 _____ () C:\Users\A\AppData\Roaming\sp_data.sys
2014-10-23 22:32 - 2014-03-18 04:54 - 00147596 _____ () C:\WINDOWS\PFRO.log
2014-10-23 22:32 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-23 22:32 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-23 22:31 - 2014-07-31 20:47 - 01363961 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-23 22:22 - 2014-05-04 17:35 - 00000000 ____D () C:\Users\A\AppData\Roaming\foobar2000
2014-10-23 22:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-23 22:16 - 2014-07-31 20:28 - 00000000 ____D () C:\Users\A
2014-10-23 22:13 - 2014-05-04 17:01 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3321942748-2812054471-2803731534-1001
2014-10-23 22:10 - 2014-05-05 19:17 - 00000000 ____D () C:\Users\A\Documents\Calibre Library
2014-10-23 22:10 - 2014-05-04 23:17 - 00000000 ____D () C:\Users\A\AppData\Roaming\Skype
2014-10-23 22:10 - 2014-05-04 22:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-23 20:11 - 2014-05-05 03:10 - 00000000 ____D () C:\Users\A\AppData\Local\Last.fm
2014-10-23 04:11 - 2014-08-05 19:45 - 00247808 ___SH () C:\Users\A\Desktop\Thumbs.db
2014-10-23 04:10 - 2014-05-04 23:17 - 00000000 ____D () C:\ProgramData\Skype
2014-10-22 19:06 - 2014-08-01 21:42 - 00108032 ___SH () C:\Users\A\Downloads\Thumbs.db
2014-10-22 04:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-22 03:50 - 2014-05-04 17:34 - 00000000 ____D () C:\Users\A\AppData\Roaming\vlc
2014-10-21 19:34 - 2014-03-18 05:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-21 19:22 - 2013-08-22 09:46 - 00291358 _____ () C:\WINDOWS\setupact.log
2014-10-21 06:16 - 2014-05-04 17:33 - 00000000 ____D () C:\Users\A\AppData\Roaming\uTorrent
2014-10-21 02:42 - 2014-09-17 01:23 - 00000000 ____D () C:\Users\A\Downloads\Homicide.Life.on.the.Streets.S01-S07.COMPLETE.DVDRip.XviD
2014-10-19 10:03 - 2014-05-08 12:46 - 00003902 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 10:03 - 2014-05-08 12:46 - 00003666 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 08:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-17 02:27 - 2014-08-26 04:04 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-17 02:26 - 2014-08-26 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-17 02:26 - 2014-08-26 04:04 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-17 02:22 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-17 02:21 - 2014-07-12 11:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-17 02:18 - 2013-08-22 09:44 - 00362544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-17 02:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-17 02:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-17 02:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 18:17 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-15 18:12 - 2014-05-05 20:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 18:02 - 2014-05-05 20:19 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-15 17:42 - 2014-06-05 07:15 - 00003836 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1401677589
2014-10-15 17:42 - 2014-06-01 21:53 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-15 17:42 - 2014-06-01 21:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-14 07:28 - 2014-09-02 03:26 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-10-14 07:28 - 2014-08-26 04:07 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-10-14 07:28 - 2014-08-26 04:07 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-10-08 21:01 - 2014-09-08 09:14 - 00000000 ____D () C:\ProgramData\Visicom Media
2014-10-08 21:01 - 2014-09-08 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visicom Media
2014-10-08 21:01 - 2014-09-08 09:14 - 00000000 ____D () C:\Program Files\Visicom Media
2014-10-04 22:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-10-03 22:04 - 2014-05-04 22:49 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-02 20:10 - 2014-07-30 17:41 - 00000000 ____D () C:\Users\A\AppData\Roaming\Audacity
2014-10-02 16:02 - 2014-05-04 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-29 17:45 - 2014-08-16 05:02 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-29 17:45 - 2014-08-16 05:02 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\A\AppData\Local\Temp\avgnt.exe
C:\Users\A\AppData\Local\Temp\DSETUP.dll
C:\Users\A\AppData\Local\Temp\dsetup32.dll
C:\Users\A\AppData\Local\Temp\DXSETUP.exe
C:\Users\A\AppData\Local\Temp\Quarantine.exe
C:\Users\A\AppData\Local\Temp\sqlite3.dll
C:\Users\A\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-23 22:44

==================== End Of Log ============================

 

 

 

 

Addition Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by A at 2014-10-23 23:09:59
Running from C:\Users\A\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.0 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.36 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{54ED2E2F-68EE-461C-888C-DB7EBE85C340}) (Version: 1.35.0 - Kovid Goyal)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Electric Sheep 2.7b34 (HKLM-x32\...\Electric Sheep) (Version: 2.7b34 - Electricsheep)
Foldit (HKLM-x32\...\Foldit) (Version:  - )
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 3.50 - Philipp Winterberg)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6754 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (11/09/2012 1.0.0.153) (HKLM\...\5AB9160B769DD2E134ADCB8010377DECA2479378) (Version: 11/09/2012 1.0.0.153 - ASUS)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-10-2014 22:49:54 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0584C206-2537-400E-8790-BFBA4D6F92C6} - System32\Tasks\Opera scheduled Autoupdate 1401677589 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {07E96BB8-550B-496A-AB2B-7AA98F56BDBA} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {18C328B3-BF8F-43CE-A479-C154854E7CF6} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-20] (AsusTek)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {233AC58A-677C-415A-AE9F-F9DF05267CC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2F2AB579-012C-4C60-BC2B-48A38C8DC85E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5734E358-6144-4E59-83E1-593C84E59736} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-15] (Microsoft Corporation)
Task: {5AF412F2-1AB2-491E-B879-A4984A1BBDB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7980841E-BA8E-4FD3-899D-FC28DBCE1FAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B0F2197A-C80C-409C-BDD9-19F4814143D2} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {B43E0B1C-AFD3-4C12-9ED3-86D1B504637F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DE1E2377-6C07-4DC4-AC23-CD136F1838DF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-24 19:17 - 2012-08-24 19:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-04-28 21:17 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-25 17:32 - 2014-09-25 17:32 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\A\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\Run: => "uTorrent"
HKCU\...\StartupApproved\Run: => "CyberGhost"

========================= Accounts: ==========================

A (S-1-5-21-3321942748-2812054471-2803731534-1001 - Administrator - Enabled) => C:\Users\A
Administrator (S-1-5-21-3321942748-2812054471-2803731534-500 - Administrator - Disabled)
Guest (S-1-5-21-3321942748-2812054471-2803731534-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3321942748-2812054471-2803731534-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2014 02:41:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: mozalloc.dll, version: 32.0.3.5379, time stamp: 0x54221b67
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x90c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (10/21/2014 11:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6750

Error: (10/21/2014 11:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6750

Error: (10/21/2014 11:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2014 11:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5437

Error: (10/21/2014 11:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5437

Error: (10/21/2014 11:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2014 11:22:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4047

Error: (10/21/2014 11:22:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4047

Error: (10/21/2014 11:22:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/23/2014 10:20:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CyberGhost 5 Client Service service failed to start due to the following error:
%%1053

Error: (10/23/2014 10:20:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CyberGhost 5 Client Service service to connect.

Error: (10/23/2014 10:09:26 PM) (Source: DCOM) (EventID: 10010) (User: BRIANLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/23/2014 10:09:26 PM) (Source: DCOM) (EventID: 10010) (User: BRIANLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/23/2014 10:09:21 PM) (Source: DCOM) (EventID: 10010) (User: BRIANLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/23/2014 10:09:21 PM) (Source: DCOM) (EventID: 10010) (User: BRIANLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/23/2014 10:09:14 PM) (Source: DCOM) (EventID: 10010) (User: BRIANLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/23/2014 10:09:14 PM) (Source: DCOM) (EventID: 10010) (User: BRIANLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/23/2014 10:09:09 PM) (Source: DCOM) (EventID: 10010) (User: BRIANLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/23/2014 10:09:09 PM) (Source: DCOM) (EventID: 10010) (User: BRIANLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (10/22/2014 02:41:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b90c01cfec5456d2835cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle08c7599-59be-11e4-be94-74d02b473781

Error: (10/21/2014 11:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6750

Error: (10/21/2014 11:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6750

Error: (10/21/2014 11:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2014 11:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5437

Error: (10/21/2014 11:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5437

Error: (10/21/2014 11:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2014 11:22:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4047

Error: (10/21/2014 11:22:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4047

Error: (10/21/2014 11:22:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2020M @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 3981.69 MB
Available physical RAM: 2189.5 MB
Total Pagefile: 6797.69 MB
Available Pagefile: 4798.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.21 GB) (Free:52.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:14.9 GB) (Free:7.92 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BBD7BAAD)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 14AB7F65)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End Of Log ============================

 

 

 

Thanks again!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 24 October 2014 - 08:10 AM

Your FRST log is clean.

One last scan.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 briangle

briangle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 24 October 2014 - 02:13 PM

Your FRST log is clean.

One last scan.

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

 

 Results of screen317's Security Check version 0.99.89  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop      
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
 Google Chrome 37.0.2062.124  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

The computer seems to be running the same.  Never noticed any performance issues really.  Just noticed my credit card info being stolen after I used it on this laptop for the first time.

You didn't mention the other logs.  Do you know what they removed? The email notifier thing?  I got an email about a subject I emailed someone about right after I sent it from some fake website.  I figured just my email account had been hacked. It offered me a scholarship in the subject I had just emailed someone about.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 25 October 2014 - 07:20 AM

If not already done I would get a new e-mail address and change all my passwords.

#7 briangle

briangle
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 25 October 2014 - 03:23 PM

If not already done I would get a new e-mail address and change all my passwords.

 

why a new email address? i have like 6 email addresses.  i'd hate to have to stop using them all.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 26 October 2014 - 07:30 AM

I got an email about a subject I emailed someone about right after I sent it from some fake website.

The e-mail you used for this message.

It's your call if you want to keep using it.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 01 November 2014 - 09:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users