Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Poweliks cleanup


  • This topic is locked This topic is locked
15 replies to this topic

#1 Terrion

Terrion

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 03 November 2014 - 01:59 AM

Judging from the rest of the forum, you can probably guess what's coming, but I'll go through it anyway. Saw a ton of Dllhost processes, did a scan with Norton (my usually anti-virus) that didn't pick up anything, then attempted some other programs (Malwarebytes, Iobit, Rogue Killer). Roguekiller found the Poweliks Trojan but couldn't remove it, so I tried the ESET Poweliks Cleaner. That seems to have stopped the dllhost processes. However, Malwarebytes is still detecting intrusions from IP address 88.214.193.54, which others with Poweliks also seem to be reporting. So I figure that either Poweliks still hasn't been removed completely, or it managed to infect the computer with something else that hasn't been detected.

 

Thanks in advance for the help.

 

DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Terrion at 1:49:44 on 2014-11-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3894.1558 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
svchost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\regsvr32.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SymCorpUI.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtilSurrogate.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:tabs
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
StartupFolder: C:\Users\Terrion\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Terrion\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.3 192.168.1.4 75.75.75.75
TCP: Interfaces\{F965E0C2-B885-4B5E-87FC-1536B990DE7A} : DHCPNameServer = 192.168.1.3 192.168.1.4 75.75.75.75
TCP: Interfaces\{F965E0C2-B885-4B5E-87FC-1536B990DE7A}\25F42494E4D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1 192.168.2.1
TCP: Interfaces\{F965E0C2-B885-4B5E-87FC-1536B990DE7A}\3416E64674 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F965E0C2-B885-4B5E-87FC-1536B990DE7A}\3456E647572797C496E6B633533343 : DHCPNameServer = 192.168.0.1 205.171.203.226
TCP: Interfaces\{F965E0C2-B885-4B5E-87FC-1536B990DE7A}\7657C61677D2375636572756 : DHCPNameServer = 141.161.200.201 141.161.191.223
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Terrion\AppData\Roaming\Mozilla\Firefox\Profiles\59ovin4p.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: 2014-10-30 20:37; ascsurfingprotection@iobit.com; C:\Users\Terrion\AppData\Roaming\Mozilla\Firefox\Profiles\59ovin4p.default\extensions\ascsurfingprotection@iobit.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2012-11-3 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2012-11-3 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [2014-9-12 1586904]
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2012-11-3 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20141031.011\IDSviA64.sys [2014-11-1 525016]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-10-21 93400]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2012-11-3 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2012-11-3 432800]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-6-7 250296]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-21 2436280]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-6-7 47032]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-21 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-21 968504]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [2012-11-3 143928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-10-27 142640]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-19 108656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-21 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-21 63704]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2010-4-28 932384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-10-30 2282272]
S2 SoftshieldService;ExamsoftShieldService;C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [2013-5-16 33600]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [2012-11-3 34352]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-27 1255736]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-11-03 06:16:42 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-02 19:26:19 -------- d-----w- C:\Program Files (x86)\ESET
2014-11-02 18:33:48 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-31 05:17:29 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-31 04:38:13 -------- d-----w- C:\Users\Terrion\AppData\Roaming\ProductData
2014-10-31 04:37:07 -------- d-----w- C:\ProgramData\ProductData
2014-10-31 04:37:00 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-10-31 04:36:58 -------- d-----w- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-10-30 21:53:17 0 ----a-w- C:\Windows\System32\sggos.dll
2014-10-30 21:53:11 71168 ----a-w- C:\Windows\System32\lgvgpgr.dll
2014-10-30 21:52:50 31232 ----a-w- C:\Users\Terrion\AppData\Roaming\rjdxxo.dll
2014-10-30 06:04:26 -------- d-----w- C:\FRST
2014-10-28 18:22:52 -------- d-----w- C:\ProgramData\Sophos
2014-10-28 18:22:27 73728 ----a-r- C:\Users\Terrion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-10-28 18:22:27 73728 ----a-r- C:\Users\Terrion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-10-28 18:22:27 73728 ----a-r- C:\Users\Terrion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-10-28 18:22:22 -------- d-----w- C:\Program Files (x86)\Sophos
2014-10-28 17:54:02 -------- d-----w- C:\NPE
2014-10-28 17:52:13 -------- d-----w- C:\Users\Terrion\AppData\Local\NPE
2014-10-28 17:52:13 -------- d-----w- C:\ProgramData\Norton
2014-10-28 17:11:34 -------- d-----w- C:\Users\Terrion\AppData\Local\CrashDumps
2014-10-26 15:27:12 0 ----a-w- C:\Users\Terrion\AppData\Roaming\ooikah.dll
2014-10-26 02:29:10 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-26 02:29:07 -------- d-----w- C:\ProgramData\RogueKiller
2014-10-26 02:20:49 -------- d-----w- C:\Windows\pss
2014-10-26 01:30:25 -------- d-----w- C:\AdwCleaner
2014-10-25 14:30:39 -------- d-----w- C:\ProgramData\IObit
2014-10-25 14:30:24 -------- d-----w- C:\Users\Terrion\AppData\Roaming\IObit
2014-10-25 14:30:21 -------- d-----w- C:\Program Files (x86)\IObit
2014-10-22 02:30:29 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-21 15:15:59 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-21 15:12:53 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-21 15:12:53 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-21 15:12:53 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-21 15:12:53 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-21 15:12:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 04:19:32 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-06 00:26:41 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-06 00:26:41 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-10-06 00:22:43 -------- d-----w- C:\Program Files (x86)\AMD
.
==================== Find3M  ====================
.
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 18:14:45 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 18:14:45 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH:  1:50:58.16 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:09 AM

Posted 06 November 2014 - 04:46 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Terrion

Terrion
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 07 November 2014 - 11:20 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Terrion (administrator) on DEANHENDRICK-PC on 07-11-2014 06:22:10
Running from C:\Users\Terrion\Desktop
Loaded Profile: Terrion (Available profiles: Terrion & Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Hewlett-Packard) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Examsoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.SoftShield.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3624349068-815843127-3594539112-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
Startup: C:\Users\Terrion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Terrion\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4C8A74D0EA81CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {18E4592A-4E5C-4AD4-A57F-7C64AA16CE01} URL = http://www.google.com/search?q={searchTerms}&rlz=
SearchScopes: HKCU - {18E4592A-4E5C-4AD4-A57F-7C64AA16CE01} URL = http://www.google.com/search?q={searchTerms}&rlz=
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.3 192.168.1.4 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\Terrion\AppData\Roaming\Mozilla\Firefox\Profiles\59ovin4p.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-10-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFF [2013-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-13]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Profile: C:\Users\Terrion\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Terrion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\Terrion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Terrion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-14]
CHR Extension: (YouTube) - C:\Users\Terrion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google Search) - C:\Users\Terrion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (RealDownloader) - C:\Users\Terrion\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-03]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Terrion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-10-30]
CHR Extension: (Google Wallet) - C:\Users\Terrion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Gmail) - C:\Users\Terrion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [345600 2009-12-08] (Pharos Systems International) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation)
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [33600 2013-08-19] (Hewlett-Packard)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2012-11-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20141104.011\IDSvia64.sys [525016 2014-10-23] (Symantec Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20141104.035\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20141104.035\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2012-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2012-11-03] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [34352 2012-11-03] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2012-11-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2012-11-03] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2012-11-03] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [154904 2013-07-18] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [95616 2012-11-03] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 06:22 - 2014-11-07 06:23 - 00019012 _____ () C:\Users\Terrion\Desktop\FRST.txt
2014-11-07 06:21 - 2014-11-07 06:22 - 02114560 _____ (Farbar) C:\Users\Terrion\Desktop\FRST64.exe
2014-11-07 06:21 - 2014-11-07 06:21 - 02114560 _____ (Farbar) C:\Users\Terrion\Downloads\FRST64 (1).exe
2014-11-05 11:37 - 2014-11-05 11:37 - 00013467 _____ () C:\Users\Terrion\Downloads\Alternative Documentation of Income.odt
2014-11-03 18:19 - 2014-11-03 18:19 - 00010024 _____ () C:\Users\Terrion\Downloads\To do list.odt
2014-11-03 01:51 - 2014-11-03 01:51 - 00012387 _____ () C:\Users\Terrion\Desktop\attach.txt
2014-11-03 01:51 - 2014-11-03 01:50 - 00023431 _____ () C:\Users\Terrion\Desktop\dds.txt
2014-11-03 01:17 - 2014-11-03 01:17 - 00002902 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-11-03 01:16 - 2014-11-03 01:17 - 00001228 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-11-03 01:16 - 2014-11-03 01:16 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-03 01:14 - 2014-11-03 01:15 - 38723968 _____ (IObit ) C:\Users\Terrion\Downloads\advanced-systemcare-setup.exe
2014-11-03 01:05 - 2014-11-03 01:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ProductData
2014-11-03 01:04 - 2014-11-03 01:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit
2014-11-03 00:47 - 2014-11-03 00:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-11-03 00:41 - 2014-11-03 00:41 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Symantec
2014-11-03 00:40 - 2014-11-03 00:44 - 00000000 ____D () C:\Users\TEMP
2014-11-03 00:35 - 2014-11-03 00:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\Toshiba
2014-11-03 00:25 - 2014-11-03 00:25 - 00000688 _____ () C:\Users\Terrion\Dean - Shortcut.lnk
2014-11-03 00:06 - 2014-11-03 00:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WinRAR
2014-11-02 23:56 - 2014-11-02 23:56 - 00117456 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-02 23:39 - 2014-11-02 23:39 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2014-11-02 23:39 - 2014-11-02 23:39 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2014-11-02 23:36 - 2014-11-02 23:36 - 00001413 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-02 23:36 - 2014-11-02 23:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-11-02 23:36 - 2014-11-02 23:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-11-02 23:35 - 2014-11-02 23:36 - 00000000 ____D () C:\Users\Admin
2014-11-02 23:35 - 2014-11-02 23:35 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2014-11-02 23:35 - 2014-11-02 23:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-11-02 23:35 - 2014-11-02 23:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\Symantec
2014-11-02 23:35 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-02 23:35 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-02 17:00 - 2014-11-02 17:00 - 00403140 _____ () C:\Users\Terrion\Downloads\ESETPoweliksCleaner.exe_20141102.170004.1092.log
2014-11-02 14:26 - 2014-11-02 14:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-02 14:25 - 2014-11-02 14:25 - 02347384 _____ (ESET) C:\Users\Terrion\Downloads\esetsmartinstaller_enu.exe
2014-11-02 14:23 - 2014-11-02 14:33 - 296550712 _____ (Doctor Web, Ltd.) C:\Users\Terrion\Downloads\drweb-1000-win-space.exe
2014-11-02 13:33 - 2014-11-02 14:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-02 13:32 - 2014-11-02 14:12 - 00000000 ____D () C:\Users\Terrion\Desktop\mbar
2014-11-02 13:32 - 2014-11-02 13:32 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Terrion\Downloads\mbar-1.07.0.1012.exe
2014-11-02 13:15 - 2014-11-02 13:16 - 00688992 ____R (Swearware) C:\Users\Terrion\Desktop\dds.com
2014-10-31 18:54 - 2014-10-31 18:54 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-10-31 00:17 - 2014-10-31 00:12 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-31 00:17 - 2014-10-31 00:12 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-31 00:17 - 2014-10-31 00:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-30 23:49 - 2014-10-30 23:49 - 00509694 _____ () C:\Users\Terrion\Downloads\ESETPoweliksCleaner.exe_20141031.004901.5608.log
2014-10-30 23:38 - 2014-10-30 23:38 - 00000000 ____D () C:\Users\Terrion\AppData\Roaming\ProductData
2014-10-30 23:37 - 2014-11-03 00:11 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-30 23:37 - 2014-10-30 23:37 - 00000000 ____D () C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-10-30 23:36 - 2014-10-30 23:36 - 00000000 ____D () C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-10-30 23:24 - 2014-10-30 23:24 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-30 18:17 - 2014-10-30 18:17 - 00509760 _____ () C:\Users\Terrion\Downloads\ESETPoweliksCleaner.exe_20141030.191728.262276.log
2014-10-30 17:36 - 2014-10-30 17:36 - 00509694 _____ () C:\Users\Terrion\Downloads\ESETPoweliksCleaner.exe_20141030.183620.227236.log
2014-10-30 17:34 - 2014-10-30 17:34 - 00509760 _____ () C:\Users\Terrion\Downloads\ESETPoweliksCleaner.exe_20141030.183431.220436.log
2014-10-30 16:53 - 2014-10-30 16:53 - 00071168 _____ () C:\Windows\system32\lgvgpgr.dll
2014-10-30 16:53 - 2014-10-30 16:53 - 00003860 _____ () C:\Windows\System32\Tasks\{C60DB11E-FDFE-ECF9-4872-E011C962C2C9}
2014-10-30 16:53 - 2014-10-30 16:53 - 00000000 _____ () C:\Windows\system32\sggos.dll
2014-10-30 16:52 - 2014-10-30 16:52 - 00031232 _____ () C:\Users\Terrion\AppData\Roaming\rjdxxo.dll
2014-10-30 14:07 - 2014-10-30 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-30 01:39 - 2014-10-30 01:39 - 00509694 _____ () C:\Users\Terrion\Downloads\ESETPoweliksCleaner.exe_20141030.023905.5548.log
2014-10-30 01:38 - 2014-10-30 01:38 - 01017874 _____ () C:\Users\Terrion\Desktop\ESETPoweliksCleaner.exe_20141030.023844.388.log
2014-10-30 01:38 - 2014-10-30 01:38 - 00186568 _____ (ESET) C:\Users\Terrion\Downloads\ESETPoweliksCleaner.exe
2014-10-30 01:27 - 2014-10-30 01:28 - 00029364 _____ () C:\Users\Terrion\Downloads\Addition.txt
2014-10-30 01:05 - 2014-10-30 01:28 - 00042653 _____ () C:\Users\Terrion\Downloads\FRST.txt
2014-10-30 01:04 - 2014-11-07 06:22 - 00000000 ____D () C:\FRST
2014-10-30 01:03 - 2014-10-30 01:03 - 02113536 _____ (Farbar) C:\Users\Terrion\Downloads\frst64.exe
2014-10-28 13:22 - 2014-10-28 13:23 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-28 13:22 - 2014-10-28 13:22 - 00003241 _____ () C:\Users\Terrion\Desktop\Sophos Virus Removal Tool.lnk
2014-10-28 13:22 - 2014-10-28 13:22 - 00000000 ____D () C:\Users\Terrion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-28 13:22 - 2014-10-28 13:22 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-10-28 13:12 - 2014-10-28 13:13 - 103142840 _____ (Sophos Limited) C:\Users\Terrion\Downloads\Sophos Virus Removal Tool.exe
2014-10-28 12:54 - 2014-10-28 12:54 - 00000000 ____D () C:\NPE
2014-10-28 12:52 - 2014-10-28 13:02 - 00000000 ____D () C:\Users\Terrion\AppData\Local\NPE
2014-10-28 12:52 - 2014-10-28 12:52 - 03060320 ____N (Symantec Corporation) C:\Users\Terrion\Downloads\NPE.exe
2014-10-28 12:52 - 2014-10-28 12:52 - 00000000 ____D () C:\ProgramData\Norton
2014-10-28 12:11 - 2014-11-07 06:18 - 00000000 ____D () C:\Users\Terrion\AppData\Local\CrashDumps
2014-10-27 19:42 - 2014-11-03 18:24 - 00003380 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3624349068-815843127-3594539112-1000
2014-10-27 19:42 - 2014-11-03 18:24 - 00003250 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3624349068-815843127-3594539112-1000
2014-10-26 22:40 - 2014-10-29 23:40 - 00611795 _____ () C:\Users\Terrion\Downloads\AE Planning 5.ods
2014-10-26 22:21 - 2014-10-26 22:21 - 00603637 _____ () C:\Users\Terrion\Downloads\AE Planning 4.ods
2014-10-26 10:27 - 2014-10-26 10:27 - 00000000 _____ () C:\Users\Terrion\AppData\Roaming\ooikah.dll
2014-10-26 03:18 - 2014-10-26 03:18 - 00000000 ____D () C:\Users\Terrion\Downloads\New folder (5)
2014-10-25 21:29 - 2014-10-29 23:48 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-25 21:29 - 2014-10-25 21:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-25 21:20 - 2014-10-25 21:20 - 00000000 ____D () C:\Windows\pss
2014-10-25 20:30 - 2014-10-28 12:23 - 00000000 ____D () C:\AdwCleaner
2014-10-25 10:13 - 2014-10-25 10:14 - 01962496 _____ () C:\Users\Terrion\Downloads\AdwCleaner.exe
2014-10-25 09:59 - 2014-10-25 09:59 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Terrion\Downloads\tdsskiller.exe
2014-10-25 09:54 - 2014-10-25 09:56 - 120169720 _____ (Microsoft Corporation) C:\Users\Terrion\Downloads\msert.exe
2014-10-25 09:43 - 2014-10-25 09:44 - 19114072 _____ () C:\Users\Terrion\Downloads\RogueKillerX64.exe
2014-10-25 09:30 - 2014-11-03 01:18 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-25 09:30 - 2014-10-30 23:37 - 00000000 ____D () C:\Users\Terrion\AppData\Roaming\IObit
2014-10-25 09:30 - 2014-10-30 23:35 - 00000000 ____D () C:\ProgramData\IObit
2014-10-25 09:28 - 2014-10-25 09:28 - 19362952 _____ (IObit ) C:\Users\Terrion\Downloads\imfv2-setup-for-review.exe
2014-10-24 16:57 - 2014-10-24 16:57 - 00017177 _____ () C:\Users\Terrion\Downloads\books.odt
2014-10-24 16:55 - 2014-10-24 16:55 - 00021565 _____ () C:\Users\Terrion\Downloads\FFh2 ideas.odt
2014-10-24 16:55 - 2014-10-24 16:55 - 00020385 _____ () C:\Users\Terrion\Downloads\Wargame RD.odt
2014-10-24 16:54 - 2014-10-29 23:57 - 00020133 _____ () C:\Users\Terrion\Downloads\Dom4 mod plans.odt
2014-10-24 16:54 - 2014-10-24 16:54 - 00027530 _____ () C:\Users\Terrion\Downloads\A darkened room code.odt
2014-10-24 16:48 - 2014-10-28 11:49 - 00018747 _____ () C:\Users\Terrion\Downloads\WitP mod.odt
2014-10-24 09:38 - 2014-10-24 09:34 - 00054472 _____ () C:\Users\Terrion\Documents\10%20%20Certification_Licensure.DOCX_0.odt
2014-10-24 09:38 - 2014-10-23 23:21 - 00279851 _____ () C:\Users\Terrion\Documents\16%20Finance.DOCX_0.odt
2014-10-24 09:38 - 2014-10-23 23:21 - 00077887 _____ () C:\Users\Terrion\Documents\14%20%20Physician%20Compensation.DOCX_0.odt
2014-10-22 16:00 - 2014-10-22 16:22 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-21 21:30 - 2014-10-31 21:01 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-21 13:36 - 2014-10-21 13:37 - 00752960 _____ () C:\Windows\Minidump\102114-22776-01.dmp
2014-10-21 11:44 - 2014-10-21 11:45 - 00262144 _____ () C:\Windows\Minidump\102114-76986-01.dmp
2014-10-21 10:46 - 2014-10-21 13:36 - 00000000 ____D () C:\Windows\Minidump
2014-10-21 10:46 - 2014-10-21 10:46 - 00262144 _____ () C:\Windows\Minidump\102114-121961-01.dmp
2014-10-21 10:45 - 2014-10-21 13:36 - 607030539 _____ () C:\Windows\MEMORY.DMP
2014-10-21 10:15 - 2014-11-04 01:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 10:13 - 2014-10-21 10:13 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-21 10:12 - 2014-10-21 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-21 10:12 - 2014-10-21 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 10:12 - 2014-10-21 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 10:12 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-21 10:12 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-21 10:12 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-17 12:36 - 2014-10-26 14:16 - 02930688 _____ () C:\Users\Terrion\Downloads\AE Planning 4.xls
2014-10-17 08:42 - 2014-10-16 13:56 - 00054836 _____ () C:\Users\Terrion\Documents\3%20Financial_Aspects_of_ACOs.DOCX_0.odt
2014-10-17 08:42 - 2014-10-12 23:48 - 00017050 _____ () C:\Users\Terrion\Documents\Hendrick_References.doc_0_2.odt
2014-10-17 08:36 - 2014-11-03 18:33 - 00003358 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3624349068-815843127-3594539112-1000
2014-10-17 08:36 - 2014-11-03 18:33 - 00003228 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3624349068-815843127-3594539112-1000
2014-10-15 23:20 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 23:20 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 23:20 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 23:20 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 23:20 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 23:20 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 23:20 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 23:20 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 23:20 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 23:20 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 23:20 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 23:20 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 23:20 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 23:20 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 23:20 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 23:20 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 23:20 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 23:20 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 23:20 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 23:20 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 23:20 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 23:20 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 23:20 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 23:20 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 23:20 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 23:20 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 23:20 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 23:20 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 23:20 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 23:20 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 23:20 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 23:20 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 23:20 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 23:20 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 23:20 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 23:20 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 23:20 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 23:20 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 23:20 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 23:20 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 23:20 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 23:20 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 23:20 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 23:20 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 23:20 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 23:20 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 23:20 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 23:20 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 23:20 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 23:20 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 23:20 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 23:20 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 23:20 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 23:20 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 23:20 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 23:20 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 23:20 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 23:20 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 23:20 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 23:20 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 23:20 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 23:20 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 23:20 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 23:20 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 23:20 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 23:20 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 23:19 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 23:19 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 23:19 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 23:19 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 23:19 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 23:19 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 23:19 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 23:19 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 23:19 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 23:19 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 23:19 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 23:19 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 23:19 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 23:19 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 23:19 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 23:19 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 23:19 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 23:19 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 23:19 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 23:19 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 23:19 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 23:19 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 16:38 - 2014-10-24 16:54 - 00000000 ____D () C:\Users\Terrion\Downloads\Freelance Stuff
2014-10-10 08:46 - 2014-10-11 23:56 - 00000126 ____H () C:\Users\Terrion\Downloads\.~lock.Dean Hendrick - Resume.docx#

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 06:22 - 2013-05-27 18:28 - 01200819 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 06:19 - 2014-04-26 18:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 06:17 - 2014-04-26 18:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-07 06:17 - 2013-08-08 11:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 09:45 - 2013-07-18 21:51 - 00000000 ____D () C:\ProgramData\Symantec
2014-11-05 08:34 - 2009-07-13 23:45 - 00032016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 08:34 - 2009-07-13 23:45 - 00032016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 18:39 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 18:35 - 2013-08-04 22:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-03 18:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 18:33 - 2009-07-13 23:51 - 00065902 _____ () C:\Windows\setupact.log
2014-11-03 18:22 - 2010-11-20 22:47 - 00328768 _____ () C:\Windows\PFRO.log
2014-11-03 01:25 - 2014-08-19 22:46 - 00000000 ___RD () C:\Users\Terrion\Dropbox
2014-11-03 01:07 - 2014-08-19 22:42 - 00000000 ____D () C:\Users\Terrion\AppData\Roaming\Dropbox
2014-11-03 01:06 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-03 00:25 - 2013-05-27 15:31 - 00000000 ____D () C:\Users\Terrion
2014-11-01 21:56 - 2013-08-08 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-31 00:17 - 2013-10-29 20:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-31 00:17 - 2013-10-29 20:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-31 00:12 - 2014-04-26 18:32 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-30 23:37 - 2013-08-27 13:53 - 00000000 ____D () C:\Users\Terrion\AppData\Roaming\Apple Computer
2014-10-30 16:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-10-30 01:24 - 2013-12-28 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\War in the Pacific Admiral's Edition
2014-10-30 00:39 - 2013-10-12 00:40 - 00000000 ____D () C:\Users\Terrion\Downloads\Combined Arms Library
2014-10-30 00:27 - 2014-03-03 13:43 - 00000000 ____D () C:\Users\Terrion\Downloads\New folder (10)
2014-10-30 00:26 - 2014-09-14 23:40 - 00000000 ____D () C:\Users\Terrion\Downloads\New folder (13)
2014-10-30 00:20 - 2014-03-06 23:28 - 00000000 ____D () C:\Games
2014-10-29 03:49 - 2014-04-26 18:30 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 10:17 - 2013-08-23 13:03 - 00000000 ____D () C:\Users\Terrion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-24 19:23 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-24 07:29 - 2013-07-28 23:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-21 20:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-21 10:50 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-21 02:22 - 2014-04-26 18:29 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 02:22 - 2014-04-26 18:29 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 01:15 - 2014-01-02 21:43 - 00019784 _____ () C:\Users\Terrion\Downloads\FFH2.odt
2014-10-17 08:32 - 2009-07-13 23:45 - 00460360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 08:27 - 2014-04-30 05:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 21:09 - 2013-07-30 12:46 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-10-16 10:15 - 2013-08-05 02:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 09:55 - 2013-05-27 16:45 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Terrion\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Terrion\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyst6mk.dll
C:\Users\Terrion\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Terrion\AppData\Local\Temp\Quarantine.exe
C:\Users\Terrion\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 09:14

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:09 AM

Posted 08 November 2014 - 02:39 PM

Hi,

 

You forgot to post the other log - Addition.txt. Can you please post Addition.txt in your next reply?

From the log above I can see that your computer is still infected, but I need the other log to create a complete fix.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Terrion

Terrion
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 08 November 2014 - 07:47 PM

Sorry about that. Should be attached this time.

Attached Files



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:09 AM

Posted 09 November 2014 - 05:57 AM

Hi,

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Terrion

Terrion
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 09 November 2014 - 08:39 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Terrion at 2014-11-09 20:26:25 Run:1
Running from C:\Users\Terrion\Desktop
Loaded Profile: Terrion (Available profiles: Terrion & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
2014-10-30 23:24 - 2014-10-30 23:24 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-30 16:53 - 2014-10-30 16:53 - 00071168 _____ () C:\Windows\system32\lgvgpgr.dll
2014-10-30 16:53 - 2014-10-30 16:53 - 00003860 _____ () C:\Windows\System32\Tasks\{C60DB11E-FDFE-ECF9-4872-E011C962C2C9}
2014-10-30 16:53 - 2014-10-30 16:53 - 00000000 _____ () C:\Windows\system32\sggos.dll
2014-10-30 16:52 - 2014-10-30 16:52 - 00031232 _____ () C:\Users\Terrion\AppData\Roaming\rjdxxo.dll
2014-10-26 10:27 - 2014-10-26 10:27 - 00000000 _____ () C:\Users\Terrion\AppData\Roaming\ooikah.dll
2014-10-22 16:00 - 2014-10-22 16:22 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-21 21:30 - 2014-10-31 21:01 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
Task: {759B435C-2A7E-4146-96CD-1B596B779210} - System32\Tasks\{C60DB11E-FDFE-ECF9-4872-E011C962C2C9} => C:\Windows\system32\lgvgpgr.dll [2014-10-30] ()
end
*****************

C:\Windows\SysWOW64\u => Moved successfully.
C:\Windows\system32\lgvgpgr.dll => Moved successfully.
C:\Windows\System32\Tasks\{C60DB11E-FDFE-ECF9-4872-E011C962C2C9} => Moved successfully.
Could not move "C:\Windows\system32\sggos.dll" => Scheduled to move on reboot.
C:\Users\Terrion\AppData\Roaming\rjdxxo.dll => Moved successfully.
C:\Users\Terrion\AppData\Roaming\ooikah.dll => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{759B435C-2A7E-4146-96CD-1B596B779210}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{759B435C-2A7E-4146-96CD-1B596B779210}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C60DB11E-FDFE-ECF9-4872-E011C962C2C9} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C60DB11E-FDFE-ECF9-4872-E011C962C2C9}" => Key deleted successfully.



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:09 AM

Posted 10 November 2014 - 04:45 AM

Hi,

 

Nice work,

 

Next let's give Combofix a try:

 

  • Now please download Combofix from here.
     
  • Save it to your Desktop.
     
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
     
  • Double click it & follow the prompts.
     
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
     
  • Click on Yes, to continue scanning for malware.
     
  • When finished, it will produce a log for you.
     
  • Please include the C:\ComboFix.txt in your next reply.
     
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

 

Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Terrion

Terrion
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 11 November 2014 - 07:45 PM

ComboFix 14-11-11.01 - Terrion 11/11/2014  19:03:24.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3894.2369 [GMT -5:00]
Running from: c:\users\Terrion\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-12 to 2014-11-12  )))))))))))))))))))))))))))))))
.
.
2014-11-12 00:25 . 2014-11-12 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-11 23:54 . 2014-11-11 23:54 17323696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-11-03 06:16 . 2014-11-03 06:16 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-03 05:40 . 2014-11-03 05:44 -------- d-----w- c:\users\TEMP
2014-11-03 04:35 . 2014-11-03 04:36 -------- d-----w- c:\users\Admin
2014-11-02 19:26 . 2014-11-02 19:26 -------- d-----w- c:\program files (x86)\ESET
2014-11-02 18:33 . 2014-11-02 19:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-31 05:17 . 2014-10-31 05:12 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-31 05:14 . 2014-10-31 05:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-31 04:38 . 2014-10-31 04:38 -------- d-----w- c:\users\Terrion\AppData\Roaming\ProductData
2014-10-31 04:37 . 2014-11-10 01:29 -------- d-----w- c:\programdata\ProductData
2014-10-31 04:37 . 2014-10-31 04:37 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-10-31 04:36 . 2014-10-31 04:36 -------- d-----w- c:\programdata\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-10-30 06:04 . 2014-11-10 01:27 -------- d-----w- C:\FRST
2014-10-28 18:22 . 2014-10-28 18:23 -------- d-----w- c:\programdata\Sophos
2014-10-28 18:22 . 2014-10-28 18:22 73728 ----a-r- c:\users\Terrion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-10-28 18:22 . 2014-10-28 18:22 73728 ----a-r- c:\users\Terrion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-10-28 18:22 . 2014-10-28 18:22 73728 ----a-r- c:\users\Terrion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-10-28 18:22 . 2014-10-28 18:22 -------- d-----w- c:\program files (x86)\Sophos
2014-10-28 17:54 . 2014-10-28 17:54 -------- d-----w- C:\NPE
2014-10-28 17:52 . 2014-10-28 18:02 -------- d-----w- c:\users\Terrion\AppData\Local\NPE
2014-10-28 17:52 . 2014-10-28 17:52 -------- d-----w- c:\programdata\Norton
2014-10-28 17:11 . 2014-11-07 11:18 -------- d-----w- c:\users\Terrion\AppData\Local\CrashDumps
2014-10-26 02:29 . 2014-10-30 04:48 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-26 02:29 . 2014-10-26 02:29 -------- d-----w- c:\programdata\RogueKiller
2014-10-26 01:30 . 2014-10-28 17:23 -------- d-----w- C:\AdwCleaner
2014-10-25 14:30 . 2014-10-31 04:35 -------- d-----w- c:\programdata\IObit
2014-10-25 14:30 . 2014-10-31 04:37 -------- d-----w- c:\users\Terrion\AppData\Roaming\IObit
2014-10-25 14:30 . 2014-11-03 06:18 -------- d-----w- c:\program files (x86)\IObit
2014-10-21 15:15 . 2014-11-04 06:51 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-21 15:12 . 2014-10-21 15:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-21 15:12 . 2014-10-21 15:12 -------- d-----w- c:\programdata\Malwarebytes
2014-10-21 15:12 . 2014-10-01 15:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-21 15:12 . 2014-10-01 15:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-21 15:12 . 2014-10-01 15:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-16 04:19 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 14:55 . 2013-05-27 21:45 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-09-25 18:14 . 2013-08-08 16:34 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 18:14 . 2013-08-08 16:34 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-25 02:08 . 2014-10-06 00:26 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-06 00:26 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-23 01:39 . 2013-07-29 04:20 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-09 22:11 . 2014-09-25 18:30 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-25 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-28 00:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 00:23 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-25 08:18 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-25 08:18 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-25 08:18 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-10-21 1938624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [x]
S1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20141104.011\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20141104.011\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe;c:\program files (x86)\Pogo Games\PGMTrusted.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [x]
S2 SoftshieldService;ExamsoftShieldService;c:\program files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe;c:\program files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-29 08:29 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08 18:14]
.
2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26 23:29]
.
2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26 23:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-11-03 06:16 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*FRST"="c:\users\Terrion\Desktop\FRST64.exe" [2014-11-10 2116096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
AddRemove-Cook'n - c:\users\Dean Hendrick\AppData\Local\DVO\Cook'n10App\Uninstall.exe
AddRemove-{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1 - c:\users\Dean Hendrick\Documents\Paradox Interactive\Crusader Kings II\mod\unins000.exe
AddRemove-Dropbox - c:\users\Dean Hendrick\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,97,79,0c,50,2f,d8,4f,9f,41,73,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,97,79,0c,50,2f,d8,4f,9f,41,73,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-11  19:28:47
ComboFix-quarantined-files.txt  2014-11-12 00:28
.
Pre-Run: 255,714,816,000 bytes free
Post-Run: 258,443,243,520 bytes free
.
- - End Of File - - A4F351B1D6379839886447974DD8BB15
A36C5E4F47E84449FF07ED3517B43A31
 



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:09 AM

Posted 12 November 2014 - 03:04 PM

Hello,

 

The log looks ok. Is MBAM still blocking incoming IPs?

 

 

STEP 1

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

STEP 2

 

 

I'd like to scan your machine with ESET OnlineScan
 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

Let me know for any remaining issues.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:09 AM

Posted 19 November 2014 - 03:54 AM

Hi,

 

Are you still around?

 

 

Regards,

Georgi


cXfZ4wS.png


#12 Terrion

Terrion
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 November 2014 - 11:42 PM

Still here, just got crazy buisy for the past week. Hopefully I'll be able to run the programs and post the logs tomorrow.



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:09 AM

Posted 20 November 2014 - 05:02 AM

Ok, thanks for letting me know! Take your time! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#14 Terrion

Terrion
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 20 November 2014 - 11:25 PM

Unfortunately, the battery and/or power cord have stopped working, and the laptop isn't charging. I'm not really sure when I'll be able to resolve that problem, so it's probably best to wrap things up here.

 

Thanks again for your help.



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:09 AM

Posted 21 November 2014 - 02:08 AM

Hi,

 

I am sorry to hear about your troubles and thank you for letting me know.

Take your time.

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users