Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google processes


  • This topic is locked This topic is locked
16 replies to this topic

#1 Furieus

Furieus

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 13 November 2014 - 08:29 PM

It started off with only 3 processes, now its up to ~15..

 

I ran FRST and have attached the nessassary logs.

 

Thanks for the help

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 PM

Posted 16 November 2014 - 01:24 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
Step 3

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 PM

Posted 19 November 2014 - 07:03 AM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 Furieus

Furieus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 November 2014 - 09:30 PM

Sorry the issues stopped after working on some things but now it seemed to have started back up, lemme try your method and get back to you.



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 PM

Posted 20 November 2014 - 07:29 AM

OK... :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 Furieus

Furieus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 21 November 2014 - 08:10 PM

Sorry it took so long, the google processes seem to be gone, however it seems like something is eatting up my bandwidth. Took forever to load this website and my latency in most games shot up to about 500-1000ms +

 

Here is ESET log:

 

[2014.11.21 20:05:12.321] - INFO: OS: 6.1.7601 SP1
[2014.11.21 20:05:12.322] - INFO: Product Type: Workstation
[2014.11.21 20:05:12.322] - INFO: WoW64: True
[2014.11.21 20:05:12.322] - INFO: Machine guid: 2EE41F59-6084-488C-A620-0CDBBA43C438 
[2014.11.21 20:05:12.322] - 
[2014.11.21 20:05:12.326] - INFO: Scanning for system infection...
[2014.11.21 20:05:12.326] - --------------------------------------------------------------------------------
[2014.11.21 20:05:12.326] - 
[2014.11.21 20:05:12.326] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.21 20:05:12.327] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.21 20:05:12.327] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.21 20:05:12.327] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.21 20:05:12.327] - INFO: Processing classes...
[2014.11.21 20:05:12.327] - INFO: Processing clsid [\Registry\User\S-1-5-21-2759077170-2881541920-2421041487-1000\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}]
[2014.11.21 20:05:12.327] - INFO: Processing clsid [\Registry\User\S-1-5-21-2759077170-2881541920-2421041487-1000\SOFTWARE\Classes\CLSID\{3a40e87a-cd89-4703-b006-4598cc9b2a63}]
[2014.11.21 20:05:12.327] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.21 20:05:12.327] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.21 20:05:12.327] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.21 20:05:12.327] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.21 20:05:12.327] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.21 20:05:12.327] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.21 20:05:12.327] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.21 20:05:12.327] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.21 20:05:12.327] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.21 20:05:12.327] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.21 20:05:12.328] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.21 20:05:12.328] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.21 20:05:12.328] - INFO: Win32/Poweliks not found
 
 
Here is FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-11-2014
Ran by Dan (administrator) on DAN-PC on 21-11-2014 20:06:01
Running from D:\Users\Dan\Downloads
Loaded Profile: Dan (Available profiles: Dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) D:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) D:\Windows\System32\audiodg.exe
(AMD) D:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Razer Inc.) D:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(A-Volute) D:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Razer, Inc.) D:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
() D:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Google Inc.) D:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) D:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
() D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Razer USA Ltd) D:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
(Razer Inc.) D:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc.) D:\Program Files (x86)\Razer\Razer Cortex\main.exe
(Advanced Micro Devices Inc.) D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Blizzard Entertainment) D:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
(Blizzard Entertainment) D:\Program Files (x86)\Battle.net\Battle.net.5293\Battle.net.exe
(Blizzard Entertainment) D:\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) D:\World of Warcraft\Utils\WowBrowserProxy.exe
(Microsoft Corporation) D:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) D:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [DivXMediaServer] => D:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Razer Naga Driver] => D:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-04-12] (Razer USA Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => D:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-10-24] (Razer Inc.)
HKLM-x32\...\Run: [CAM] => D:\Program Files (x86)\NZXT\CAM\CAM_Client.exe [6346784 2014-05-20] ()
HKLM-x32\...\Run: [StartCCC] => D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RazerCortex] => D:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-09-11] (Razer Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => D:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-11] (Microsoft Corporation)
Startup: D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2759077170-2881541920-2421041487-1000: @unity3d.com/UnityPlayer,version=1.0 -> D:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> ""
CHR Profile: D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-08]
CHR Extension: (Google Drive) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-08]
CHR Extension: (Facebook) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-05-08]
CHR Extension: (Spotify - Music for every moment) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-08]
CHR Extension: (Google Search) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-08]
CHR Extension: (AdBlock) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-08]
CHR Extension: (Bookmark Manager) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-11-21]
CHR Extension: (Kindle Cloud Reader) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-08]
CHR Extension: (Dino Storm) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcelgimengeaokbmmfenpkfbnlkpdhi [2014-05-08]
CHR Extension: (iHeartRadio) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjomejjjilohigjkfncoodmnmkokomgd [2014-06-09]
CHR Extension: (Dark Abstract Blue Theme) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgbblllkkobiknmjelnfcdjkcjjbdfc [2014-05-08]
CHR Extension: (Alt-O-Magic Identifizer) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhcnifflbjndominljlejmeheiiolfdp [2014-05-08]
CHR Extension: (Google Wallet) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-08]
CHR Extension: (Gmail) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S4 ASGT; D:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Razer Game Scanner Service; D:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzKLService; D:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-09-11] (Razer Inc.)
R2 RzMaelstromVADStreamingService; D:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 RzOvlMon; D:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; D:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 FTT3; D:\Windows\System32\DRIVERS\FTT3.sys [199176 2008-02-20] (Promise Technology, Inc.)
S3 MBAMProtector; D:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; D:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 RzDxgk; D:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; D:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 RZMAELSTROMVADService; D:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; D:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
S3 RzSynapse; D:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-03-31] (Razer USA Ltd)
R1 Serial; D:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; D:\Windows\System32\drivers\TrueSight.sys [37624 2014-11-13] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-21 20:05 - 2014-11-21 20:05 - 00007726 _____ () D:\Users\Dan\Downloads\ESETPoweliksCleaner.exe_20141121.200512.5308.log
2014-11-21 20:05 - 2014-11-21 20:05 - 00000000 ____D () D:\Users\Dan\Downloads\FRST-OlderVersion
2014-11-19 22:51 - 2014-11-19 22:51 - 00007726 _____ () D:\Users\Dan\Downloads\ESETPoweliksCleaner.exe_20141119.225132.3500.log
2014-11-19 21:51 - 2014-11-19 21:51 - 00007792 _____ () D:\Users\Dan\Downloads\ESETPoweliksCleaner.exe_20141119.215144.1568.log
2014-11-19 21:44 - 2014-11-19 21:44 - 00007792 _____ () D:\Users\Dan\Downloads\ESETPoweliksCleaner.exe_20141119.214408.956.log
2014-11-19 21:35 - 2014-11-19 21:35 - 00031189 _____ () D:\zoek-results2014-11-20-023508.log
2014-11-19 21:33 - 2014-11-19 21:37 - 00031105 _____ () D:\zoek-results.log
2014-11-19 21:32 - 2014-11-19 21:32 - 01294848 _____ () D:\Users\Dan\Downloads\zoek.exe
2014-11-19 21:32 - 2014-11-19 21:32 - 00000000 ____D () D:\zoek_backup
2014-11-19 21:31 - 2014-11-19 21:32 - 00013946 _____ () D:\Users\Dan\Downloads\ESETPoweliksCleaner.exe_20141119.213125.2320.log
2014-11-19 21:30 - 2014-11-19 21:30 - 00186568 _____ (ESET) D:\Users\Dan\Downloads\ESETPoweliksCleaner.exe
2014-11-13 22:11 - 2014-11-13 22:12 - 00000000 ___SD () D:\ComboFix
2014-11-13 22:11 - 2014-11-13 22:11 - 00000000 ___SD () D:\32788R22FWJFW
2014-11-13 22:11 - 2014-11-13 22:11 - 00000000 ____D () D:\Windows\erdnt
2014-11-13 22:11 - 2014-11-13 22:11 - 00000000 ____D () D:\Qoobox
2014-11-13 22:11 - 2011-06-26 01:45 - 00256000 _____ () D:\Windows\PEV.exe
2014-11-13 22:11 - 2010-11-07 12:20 - 00208896 _____ () D:\Windows\MBR.exe
2014-11-13 22:11 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) D:\Windows\NIRCMD.exe
2014-11-13 22:11 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) D:\Windows\SWREG.exe
2014-11-13 22:11 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) D:\Windows\SWSC.exe
2014-11-13 22:11 - 2000-08-30 19:00 - 00098816 _____ () D:\Windows\sed.exe
2014-11-13 22:11 - 2000-08-30 19:00 - 00080412 _____ () D:\Windows\grep.exe
2014-11-13 22:11 - 2000-08-30 19:00 - 00068096 _____ () D:\Windows\zip.exe
2014-11-13 22:10 - 2014-11-13 22:11 - 05597734 ____R (Swearware) D:\Users\Dan\Downloads\ComboFix.exe
2014-11-13 22:08 - 2014-11-13 22:08 - 00688992 ____R (Swearware) D:\Users\Dan\Downloads\dds.com
2014-11-13 22:08 - 2014-11-13 22:08 - 00018540 _____ () D:\Users\Dan\Desktop\dds.txt
2014-11-13 22:08 - 2014-11-13 22:08 - 00011430 _____ () D:\Users\Dan\Desktop\attach.txt
2014-11-13 21:23 - 2014-11-13 21:47 - 00000000 ____D () D:\Users\Dan\AppData\Local\CrashDumps
2014-11-13 21:01 - 2014-11-13 21:54 - 00037624 _____ () D:\Windows\system32\Drivers\TrueSight.sys
2014-11-13 21:01 - 2014-11-13 21:02 - 06000640 _____ () D:\Program Files (x86)\GUTEF9C.tmp
2014-11-13 21:01 - 2014-11-13 21:01 - 00880784 _____ (Google Inc.) D:\Users\Dan\Downloads\ChromeSetup.exe
2014-11-13 21:01 - 2014-11-13 21:01 - 00000000 ____D () D:\ProgramData\RogueKiller
2014-11-13 21:01 - 2014-11-13 21:01 - 00000000 ____D () D:\Program Files (x86)\GUMEF9B.tmp
2014-11-13 20:58 - 2014-11-13 21:00 - 17535064 _____ () D:\Users\Dan\Downloads\RogueKillerX64 (1).exe
2014-11-13 20:56 - 2014-11-13 20:56 - 00000000 ____D () D:\Users\Dan\Desktop\RK_Quarantine
2014-11-13 20:51 - 2014-11-13 22:06 - 00000000 ____D () D:\AdwCleaner
2014-11-13 20:48 - 2014-11-13 20:48 - 02140160 _____ () D:\Users\Dan\Downloads\adwcleaner_4.101.exe
2014-11-13 20:32 - 2014-11-13 20:32 - 00046544 _____ () D:\Users\Dan\Downloads\FRST (1).txt
2014-11-13 20:14 - 2014-11-13 20:15 - 00020095 _____ () D:\Users\Dan\Downloads\Addition.txt
2014-11-13 20:13 - 2014-11-21 20:06 - 00000000 ____D () D:\FRST
2014-11-13 20:13 - 2014-11-21 20:05 - 02117632 _____ (Farbar) D:\Users\Dan\Downloads\FRST64.exe
2014-11-13 20:12 - 2014-11-21 20:06 - 00011921 _____ () D:\Users\Dan\Downloads\FRST.txt
2014-11-13 19:43 - 2014-11-13 19:44 - 00000060 _____ () D:\Users\Dan\Desktop\New Text Document.txt
2014-11-13 10:53 - 2014-11-13 10:53 - 00000000 ____D () D:\Windows\pss
2014-11-13 10:46 - 2014-11-13 10:46 - 00448512 _____ (OldTimer Tools) D:\Users\Dan\Downloads\TFC.exe
2014-11-11 17:17 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) D:\Windows\system32\iedkcs32.dll
2014-11-11 17:17 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 17:17 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb
2014-11-11 17:17 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll
2014-11-11 17:17 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollectorres.dll
2014-11-11 17:17 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll
2014-11-11 17:17 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) D:\Windows\system32\vbscript.dll
2014-11-11 17:17 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) D:\Windows\system32\ieetwproxystub.dll
2014-11-11 17:17 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) D:\Windows\system32\MshtmlDac.dll
2014-11-11 17:17 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll
2014-11-11 17:17 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll
2014-11-11 17:17 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll
2014-11-11 17:17 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll
2014-11-11 17:17 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) D:\Windows\system32\ieUnatt.exe
2014-11-11 17:17 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollector.exe
2014-11-11 17:17 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) D:\Windows\system32\jscript9diag.dll
2014-11-11 17:17 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb
2014-11-11 17:17 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll
2014-11-11 17:17 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) D:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 17:17 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) D:\Windows\system32\dxtmsft.dll
2014-11-11 17:17 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) D:\Windows\SysWOW64\vbscript.dll
2014-11-11 17:17 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesetup.dll
2014-11-11 17:17 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 17:17 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll
2014-11-11 17:17 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) D:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 17:17 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) D:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 17:17 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iertutil.dll
2014-11-11 17:17 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jsproxy.dll
2014-11-11 17:17 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iernonce.dll
2014-11-11 17:17 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) D:\Windows\system32\msrating.dll
2014-11-11 17:17 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieui.dll
2014-11-11 17:17 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) D:\Windows\system32\mshtmled.dll
2014-11-11 17:17 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 17:17 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 17:17 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) D:\Windows\system32\dxtrans.dll
2014-11-11 17:17 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 17:17 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) D:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 17:17 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll
2014-11-11 17:17 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) D:\Windows\system32\ie4uinit.exe
2014-11-11 17:17 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) D:\Windows\system32\mshtmlmedia.dll
2014-11-11 17:17 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) D:\Windows\system32\inetcpl.cpl
2014-11-11 17:17 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msrating.dll
2014-11-11 17:17 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmled.dll
2014-11-11 17:17 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dxtrans.dll
2014-11-11 17:17 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll
2014-11-11 17:17 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msfeeds.dll
2014-11-11 17:17 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9.dll
2014-11-11 17:17 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) D:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 17:17 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 17:17 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll
2014-11-11 17:17 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll
2014-11-11 17:17 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieframe.dll
2014-11-11 17:17 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) D:\Windows\system32\ieapfltr.dll
2014-11-11 17:17 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wininet.dll
2014-11-11 17:17 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) D:\Windows\SysWOW64\urlmon.dll
2014-11-11 17:17 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 17:14 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) D:\Windows\system32\generaltel.dll
2014-11-11 17:14 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) D:\Windows\system32\aepdu.dll
2014-11-11 17:14 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) D:\Windows\system32\aeinv.dll
2014-11-11 17:14 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 17:14 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) D:\Windows\system32\termsrv.dll
2014-11-11 17:14 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) D:\Windows\system32\lsasrv.dll
2014-11-11 17:14 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) D:\Windows\system32\msaudite.dll
2014-11-11 17:14 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) D:\Windows\system32\adtschema.dll
2014-11-11 17:14 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) D:\Windows\SysWOW64\secur32.dll
2014-11-11 17:14 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) D:\Windows\SysWOW64\sspicli.dll
2014-11-11 17:14 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msaudite.dll
2014-11-11 17:14 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) D:\Windows\SysWOW64\adtschema.dll
2014-11-11 17:09 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) D:\Windows\system32\packager.dll
2014-11-11 17:09 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) D:\Windows\SysWOW64\packager.dll
2014-11-11 17:09 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) D:\Windows\system32\oleaut32.dll
2014-11-11 17:09 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) D:\Windows\SysWOW64\oleaut32.dll
2014-11-11 17:09 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) D:\Windows\system32\msi.dll
2014-11-11 17:09 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msi.dll
2014-11-11 17:09 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) D:\Windows\system32\win32k.sys
2014-11-11 17:09 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) D:\Windows\system32\AUDIOKSE.dll
2014-11-11 17:09 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) D:\Windows\system32\audiosrv.dll
2014-11-11 17:09 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) D:\Windows\system32\AudioEng.dll
2014-11-11 17:09 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) D:\Windows\system32\AudioSes.dll
2014-11-11 17:09 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) D:\Windows\system32\EncDump.dll
2014-11-11 17:09 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) D:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 17:09 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) D:\Windows\SysWOW64\AudioEng.dll
2014-11-11 17:09 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) D:\Windows\SysWOW64\AudioSes.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) D:\Windows\system32\kerberos.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) D:\Windows\system32\schannel.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) D:\Windows\system32\msv1_0.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) D:\Windows\system32\ncrypt.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) D:\Windows\system32\wdigest.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) D:\Windows\system32\TSpkg.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) D:\Windows\system32\credssp.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) D:\Windows\SysWOW64\kerberos.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msv1_0.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) D:\Windows\SysWOW64\schannel.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ncrypt.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wdigest.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) D:\Windows\SysWOW64\TSpkg.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) D:\Windows\SysWOW64\credssp.dll
2014-11-11 17:09 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) D:\Windows\system32\msxml3.dll
2014-11-11 17:09 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) D:\Windows\system32\msxml3r.dll
2014-11-11 17:09 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msxml3.dll
2014-11-11 17:09 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msxml3r.dll
2014-11-11 17:09 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) D:\Windows\system32\IMJP10K.DLL
2014-11-11 17:09 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\IMJP10K.DLL
2014-11-09 00:11 - 2014-11-09 00:11 - 00000000 ____D () D:\Users\Dan\Pavtube
2014-11-09 00:10 - 2014-11-09 00:10 - 00001382 _____ () D:\Users\Public\Desktop\Pavtube Blu-ray Video Converter Ultimate.lnk
2014-11-09 00:06 - 2014-11-09 00:11 - 00000000 ____D () D:\Users\Dan\AppData\Roaming\Pavtube
2014-11-09 00:06 - 2014-11-09 00:10 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pavtube
2014-11-09 00:06 - 2014-11-09 00:10 - 00000000 ____D () D:\Program Files (x86)\Pavtube
2014-11-09 00:06 - 2014-11-09 00:06 - 00001263 _____ () D:\Users\Public\Desktop\Pavtube Video Converter.lnk
2014-11-08 09:19 - 2014-11-08 09:19 - 00001266 _____ () D:\Users\Public\Desktop\Razer Cortex.lnk
2014-11-08 09:19 - 2014-10-31 18:27 - 00037184 _____ (Razer, Inc.) D:\Windows\system32\Drivers\rzpmgrk.sys
2014-11-08 09:18 - 2014-11-21 15:38 - 00129752 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 09:17 - 2014-11-08 09:17 - 00000831 _____ () D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-08 09:17 - 2014-11-08 09:17 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-08 09:17 - 2014-11-08 09:17 - 00000000 ____D () D:\ProgramData\Malwarebytes
2014-11-08 09:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-08 09:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mwac.sys
2014-11-08 09:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbam.sys
2014-10-27 19:25 - 2014-10-27 19:25 - 00002958 _____ () D:\Windows\System32\Tasks\{E25FB704-C2E7-40DD-807D-27FEE49CA219}
2014-10-27 19:25 - 2014-10-27 19:25 - 00000821 _____ () D:\Users\Dan\Desktop\µTorrent.lnk
2014-10-26 20:28 - 2014-10-26 20:28 - 00000000 _____ () D:\Users\Dan\AppData\Local\{70C4D92E-EDD6-4447-AC67-F38B9FB582A2}
2014-10-23 20:30 - 2014-11-13 19:35 - 00000000 ____D () D:\ProgramData\TeguKmep
2014-10-23 15:37 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) D:\Windows\system32\KBDYAK.DLL
2014-10-23 15:37 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) D:\Windows\system32\KBDTAT.DLL
2014-10-23 15:37 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) D:\Windows\system32\KBDRU1.DLL
2014-10-23 15:37 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) D:\Windows\system32\KBDBASH.DLL
2014-10-23 15:37 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) D:\Windows\system32\KBDRU.DLL
2014-10-23 15:37 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) D:\Windows\SysWOW64\KBDYAK.DLL
2014-10-23 15:37 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) D:\Windows\SysWOW64\KBDTAT.DLL
2014-10-23 15:37 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) D:\Windows\SysWOW64\KBDRU1.DLL
2014-10-23 15:37 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) D:\Windows\SysWOW64\KBDRU.DLL
2014-10-23 15:37 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) D:\Windows\SysWOW64\KBDBASH.DLL
2014-10-23 15:37 - 2014-07-08 17:38 - 00419992 _____ () D:\Windows\system32\locale.nls
2014-10-23 15:37 - 2014-07-08 17:30 - 00419992 _____ () D:\Windows\SysWOW64\locale.nls
2014-10-22 19:40 - 2014-10-22 19:40 - 00262426 _____ () D:\Windows\msxml4-KB2758694-enu.LOG
2014-10-22 19:40 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) D:\Windows\system32\msmpeg2vdec.dll
2014-10-22 19:40 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-22 19:38 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) D:\Windows\system32\icardres.dll
2014-10-22 19:38 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) D:\Windows\SysWOW64\icardres.dll
2014-10-22 19:38 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) D:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-22 19:38 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) D:\Windows\system32\TsWpfWrp.exe
2014-10-22 19:38 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) D:\Windows\system32\icardagt.exe
2014-10-22 19:38 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) D:\Windows\system32\infocardapi.dll
2014-10-22 19:38 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) D:\Windows\SysWOW64\icardagt.exe
2014-10-22 19:38 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) D:\Windows\SysWOW64\infocardapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-21 20:06 - 2014-05-08 11:54 - 00000892 _____ () D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 20:04 - 2014-05-08 10:16 - 00000000 ____D () D:\Users\Dan\AppData\Local\Battle.net
2014-11-21 19:41 - 2014-07-21 15:30 - 00000830 _____ () D:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 17:18 - 2014-05-08 11:54 - 00000000 ____D () D:\Users\Dan\AppData\Local\Deployment
2014-11-21 17:17 - 2014-05-08 11:50 - 00000000 ____D () D:\Users\Dan
2014-11-21 17:16 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\system32\NDF
2014-11-21 15:41 - 2009-07-14 00:13 - 00781790 _____ () D:\Windows\system32\PerfStringBackup.INI
2014-11-21 15:38 - 2014-05-08 11:54 - 00000888 _____ () D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 15:35 - 2009-07-14 00:08 - 00000006 ____H () D:\Windows\Tasks\SA.DAT
2014-11-21 15:35 - 2009-07-13 23:51 - 00033824 _____ () D:\Windows\setupact.log
2014-11-21 01:21 - 2014-05-08 11:49 - 01711225 _____ () D:\Windows\WindowsUpdate.log
2014-11-20 20:04 - 2014-05-08 09:22 - 00015194 _____ () D:\Windows\PFRO.log
2014-11-19 21:30 - 2014-08-08 17:51 - 00000000 ____D () D:\Windows\Downloaded Installations
2014-11-19 21:30 - 2014-05-17 08:59 - 00000000 ____D () D:\Users\Dan\AppData\Local\Razer_Inc
2014-11-19 21:12 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\LiveKernelReports
2014-11-18 19:59 - 2014-05-08 10:16 - 00000000 ____D () D:\Program Files (x86)\Battle.net
2014-11-17 00:52 - 2014-06-12 19:18 - 00000000 ____D () D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-13 22:11 - 2009-07-13 22:20 - 00000000 __RHD () D:\Users\Default
2014-11-13 21:02 - 2014-05-08 11:55 - 00002269 _____ () D:\Users\Public\Desktop\Google Chrome.lnk
2014-11-13 21:01 - 2014-05-08 11:54 - 00003888 _____ () D:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 21:01 - 2014-05-08 11:54 - 00003636 _____ () D:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 19:35 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\Cursors
2014-11-13 12:56 - 2009-07-13 23:45 - 00018960 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 12:56 - 2009-07-13 23:45 - 00018960 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 11:31 - 2014-03-12 13:51 - 00000000 ____D () D:\World of Warcraft
2014-11-13 11:04 - 2014-05-08 09:24 - 01714379 _____ () D:\Users\Dan\cssdt.log
2014-11-13 10:33 - 2014-06-27 08:55 - 00000000 ____D () D:\Users\Dan\AppData\Roaming\Raptr
2014-11-12 18:45 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\rescache
2014-11-12 17:42 - 2009-07-13 23:45 - 00270144 _____ () D:\Windows\system32\FNTCACHE.DAT
2014-11-12 17:41 - 2014-05-13 07:12 - 00000000 ___SD () D:\Windows\system32\CompatTel
2014-11-11 23:33 - 2014-05-10 17:00 - 00000000 ____D () D:\Windows\system32\MRT
2014-11-11 23:32 - 2014-05-10 17:00 - 103374192 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe
2014-11-09 03:56 - 2014-07-21 15:57 - 00000000 ____D () D:\Users\Dan\AppData\Roaming\uTorrent
2014-11-09 00:09 - 2014-07-21 15:34 - 00000000 __SHD () D:\Windows\SysWOW64\AI_RecycleBin
2014-11-08 09:57 - 2014-05-08 09:22 - 00000000 ____D () D:\Users\Dan\AppData\Local\ATI
2014-11-08 09:19 - 2014-05-10 12:22 - 00000000 ____D () D:\Users\Dan\AppData\Local\Razer
2014-11-08 09:19 - 2014-05-10 12:22 - 00000000 ____D () D:\ProgramData\Razer
2014-11-08 09:19 - 2014-05-10 12:20 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-11-08 09:19 - 2014-05-10 12:20 - 00000000 ____D () D:\Program Files (x86)\Razer
2014-11-07 11:24 - 2014-05-08 11:54 - 00060912 _____ () D:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 12:09 - 2009-07-14 02:44 - 00000000 ___RD () D:\Users\Public\Recorded TV
2014-11-06 10:42 - 2014-05-10 12:20 - 00299986 _____ () D:\Windows\DPINST.LOG
2014-10-29 21:35 - 2014-05-31 22:56 - 00000000 ____D () D:\Users\Dan\AppData\Roaming\Mumble
2014-10-28 05:34 - 2014-05-08 09:07 - 00275080 ____N (Microsoft Corporation) D:\Windows\system32\MpSigStub.exe
2014-10-27 19:25 - 2014-07-21 15:58 - 00000801 _____ () D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-10-26 18:22 - 2009-07-14 00:08 - 00032544 _____ () D:\Windows\Tasks\SCHEDLGU.TXT
2014-10-23 17:04 - 2014-06-01 04:46 - 00000000 ____D () D:\Users\Dan\Desktop\simc-548-3-win64
2014-10-22 23:31 - 2009-07-14 02:45 - 00000000 ____D () D:\Program Files\Windows Journal
2014-10-22 23:31 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\SysWOW64\Dism
2014-10-22 23:31 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\system32\Dism
2014-10-22 23:31 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\PolicyDefinitions
2014-10-22 19:44 - 2014-05-08 09:10 - 00773912 _____ () D:\Windows\SysWOW64\PerfStringBackup.INI
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
D:\Windows\System32\winlogon.exe => File is digitally signed
D:\Windows\System32\wininit.exe => File is digitally signed
D:\Windows\SysWOW64\wininit.exe => File is digitally signed
D:\Windows\explorer.exe => File is digitally signed
D:\Windows\SysWOW64\explorer.exe => File is digitally signed
D:\Windows\System32\svchost.exe => File is digitally signed
D:\Windows\SysWOW64\svchost.exe => File is digitally signed
D:\Windows\System32\services.exe => File is digitally signed
D:\Windows\System32\User32.dll => MD5 is legit
D:\Windows\SysWOW64\User32.dll => MD5 is legit
D:\Windows\System32\userinit.exe => File is digitally signed
D:\Windows\SysWOW64\userinit.exe => File is digitally signed
D:\Windows\System32\rpcss.dll => File is digitally signed
D:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-15 17:00
 
==================== End Of Log ============================
 
Here is Zoek:
 
 
Zoek.exe v5.0.0.0 Updated 21-11-2014
Tool run by Dan on Fri 11/21/2014 at 20:06:52.73.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Dan\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
D:\zoek-results2014-11-20-023508.log 31189 bytes
D:\zoek-results2014-11-20-023712.log 31105 bytes
 
==== Running Processes ======================
 
D:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
D:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
D:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
D:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
D:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
D:\Program Files (x86)\Razer\Razer Cortex\main.exe
D:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
D:\Program Files (x86)\Battle.net\Battle.net.5293\Battle.net.exe
D:\World of Warcraft\Utils\WowBrowserProxy.exe
D:\Users\Dan\Downloads\zoek.exe
D:\Windows\SysWOW64\cmd.exe
D:\Windows\SysWOW64\cmd.exe
D:\Windows\SysWOW64\cmd.exe
 
==== Services(whitelist) ======================
Powered by E Dev
 
R2 - [AMD External Events Utility] - AMD External Events Utility - d:\windows\system32\atiesrxx.exe
R2 - [AMD FUEL Service] - AMD FUEL Service - d:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
R2 - [Razer Game Scanner Service] - Razer Game Scanner - d:\program files (x86)\razer\razer services\gss\gamescannerservice.exe
R2 - [RzKLService] - RzKLService - d:\program files (x86)\razer\razer cortex\rzklservice.exe
R2 - [RzMaelstromVADStreamingService] - Razer Surround Audio Service - d:\programdata\razer\synapse\devices\razer surround\driver\rzmaelstromvadstreamingservice.exe
R2 - [RzOvlMon] - Razer Overlay Subsystem Emergency Service - d:\program files (x86)\razer\core\64bit\rzovlmon.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - d:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - d:\windows\system32\searchindexer.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - d:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - d:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - d:\program files (x86)\google\update\googleupdate.exe
S2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - d:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - d:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - d:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - d:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - d:\windows\ehome\ehsched.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - d:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - d:\windows\system32\ieetwcollector.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - d:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - d:\windows\system32\msiexec.exe
S3 - [PerfHost] - Performance Counter DLL Host - d:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - d:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - d:\windows\system32\snmptrap.exe
S3 - [sppsvc] - Software Protection - d:\windows\system32\sppsvc.exe
S3 - [TrustedInstaller] - Windows Modules Installer - d:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - d:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - d:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - d:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - d:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - d:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - d:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - d:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - d:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [Fax] - Fax - d:\windows\system32\fxssvc.exe
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4096 MB
CPU Info: AMD Phenom™ II X4 965 Processor
CPU Speed: 3398.7 MHz
Sound Card: Speakers (Razer Surround Audio  | 
Digital Audio (S/PDIF) (High De | 
Speakers (High Definition Audio | 
AMD HDMI Output (AMD High Defin | 
Display Adapters: AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | AMD Radeon HD 6700 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVD-RW_GSA-H11N
Ports: COM1 LPT Port NOT Present. 
Mouse: 7 Button Wheel Mouse Present
Hard Disks: C:  596.1GB | D:  111.8GB
Hard Disks - Free: C:  368.2GB | D:  27.9GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 06/21/10 | 062110 - 20100621
Time Zone: Eastern Standard Time
Motherboard *: MICRO-STAR INTERNATIONAL CO.,LTD K9A2 Platinum (MS-7376)
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 39.0.2171.62
Internet Explorer Version: 11.0.9600.17420 
Google Chrome version: 39.0.2171.62
 
==== Files Recently Created / Modified ======================
 
====== D:\Windows ====
2014-11-14 03:11:51 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- D:\Windows\PEV.exe
2014-11-14 03:11:51 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- D:\Windows\grep.exe
2014-11-14 03:11:51 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- D:\Windows\zip.exe
2014-11-14 03:11:51 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- D:\Windows\SWSC.exe
2014-11-14 03:11:51 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- D:\Windows\MBR.exe
====== D:\Users\Dan\AppData\Local\Temp ====
====== Java Cache =====
====== D:\Windows\SysWOW64 =====
2014-11-11 22:17:24 FB56C76FEA44693752BD99D7D9930ABA 341168 ----a-w- D:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 22:17:24 B6273619A3DF28F03B64E911E45A6AB2 30720 ----a-w- D:\Windows\SysWOW64\iernonce.dll
2014-11-11 22:17:24 A6E51BDCB8F4B84E874F918F0452763D 76288 ----a-w- D:\Windows\SysWOW64\mshtmled.dll
2014-11-11 22:17:24 93074C4FA92A8399404D032F6AF72C1B 19781632 ----a-w- D:\Windows\SysWOW64\mshtml.dll
2014-11-11 22:17:24 843BD9DAF03ABB6761DEE6D155301F28 60416 ----a-w- D:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 22:17:24 66F4FFDBCD501260ABC198317D2B0D10 285696 ----a-w- D:\Windows\SysWOW64\dxtrans.dll
2014-11-11 22:17:24 5D5640C34C4A97467F77489DBB157568 47616 ----a-w- D:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 22:17:24 4772DB007FFBD4BBE3F526704BCA67FE 1310208 ----a-w- D:\Windows\SysWOW64\urlmon.dll
2014-11-11 22:17:24 26EE6C9780A8FC872C60F9E35D7EBD4B 688640 ----a-w- D:\Windows\SysWOW64\msfeeds.dll
2014-11-11 22:17:23 FA310BD4A5DE904445DDDE54C5A654F2 2277376 ----a-w- D:\Windows\SysWOW64\iertutil.dll
2014-11-11 22:17:23 7748B3DDDC92C7FC11F7462DB872E8E7 2051072 ----a-w- D:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 22:17:23 5E01004CBC35A78FE2AB4016CCAD4760 708096 ----a-w- D:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 22:17:23 5972510EF1C6097D9C14C17387A5EDB2 2724864 ----a-w- D:\Windows\SysWOW64\mshtml.tlb
2014-11-11 22:17:23 19D68FDEE62519C5A0387EB4E88A01EF 62464 ----a-w- D:\Windows\SysWOW64\iesetup.dll
2014-11-11 22:17:22 A1A2EE55A2C69F79AED00973E604B9C4 418304 ----a-w- D:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 22:17:22 8A46404AC1AEB22AA2D4C906D0FC86C2 620032 ----a-w- D:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 22:17:22 8585BC27224F97458C186AA085B754A7 478208 ----a-w- D:\Windows\SysWOW64\ieui.dll
2014-11-11 22:17:22 6DDC0F44A70976C492CB1666BA9A7912 47104 ----a-w- D:\Windows\SysWOW64\jsproxy.dll
2014-11-11 22:17:22 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- D:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 22:17:22 36EE0A2A981617610F921BCBB997DB06 12819456 ----a-w- D:\Windows\SysWOW64\ieframe.dll
2014-11-11 22:17:20 AE39939F1E25401B9A4952A7A8D372AC 4298240 ----a-w- D:\Windows\SysWOW64\jscript9.dll
2014-11-11 22:17:20 9ED3132B7F0D36FA9911721E8B2CB968 501248 ----a-w- D:\Windows\SysWOW64\vbscript.dll
2014-11-11 22:17:20 755D0A90CFC4BCB178D7070B0351F0AE 64000 ----a-w- D:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 22:17:20 6DD7D61A8EF3DFEC4FAEFEB395E77424 1892864 ----a-w- D:\Windows\SysWOW64\wininet.dll
2014-11-11 22:17:20 4169C6A6613856D69224498620F0C2B5 1155072 ----a-w- D:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 22:17:20 139E85C4E5DF322AE1BF6544D8C32B0A 168960 ----a-w- D:\Windows\SysWOW64\msrating.dll
2014-11-11 22:14:24 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- D:\Windows\SysWOW64\adtschema.dll
2014-11-11 22:14:23 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- D:\Windows\SysWOW64\msaudite.dll
2014-11-11 22:14:23 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- D:\Windows\SysWOW64\secur32.dll
2014-11-11 22:14:23 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- D:\Windows\SysWOW64\sspicli.dll
2014-11-11 22:09:21 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- D:\Windows\SysWOW64\msxml3.dll
2014-11-11 22:09:21 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- D:\Windows\SysWOW64\msxml3r.dll
2014-11-11 22:09:20 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- D:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 22:09:19 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- D:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 22:09:18 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- D:\Windows\SysWOW64\AudioEng.dll
2014-11-11 22:09:18 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- D:\Windows\SysWOW64\AudioSes.dll
2014-11-11 22:09:17 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- D:\Windows\SysWOW64\msv1_0.dll
2014-11-11 22:09:17 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- D:\Windows\SysWOW64\TSpkg.dll
2014-11-11 22:09:17 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- D:\Windows\SysWOW64\ncrypt.dll
2014-11-11 22:09:17 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- D:\Windows\SysWOW64\schannel.dll
2014-11-11 22:09:17 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- D:\Windows\SysWOW64\credssp.dll
2014-11-11 22:09:17 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- D:\Windows\SysWOW64\kerberos.dll
2014-11-11 22:09:17 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- D:\Windows\SysWOW64\wdigest.dll
2014-11-11 22:09:12 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- D:\Windows\SysWOW64\packager.dll
2014-11-11 22:09:10 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- D:\Windows\SysWOW64\msi.dll
2014-11-11 22:09:09 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- D:\Windows\SysWOW64\oleaut32.dll
====== D:\Windows\SysWOW64\drivers =====
====== D:\Windows\Sysnative =====
2014-11-11 22:17:24 854B230F5D77486B67D809FFB8A10C7E 2724864 ----a-w- D:\Windows\Sysnative\mshtml.tlb
2014-11-11 22:17:24 7293701905DF1F40760C851F20DDC9EC 114688 ----a-w- D:\Windows\Sysnative\ieetwcollector.exe
2014-11-11 22:17:24 4E47ABA3C6C5032446A2AF7EFD026037 716800 ----a-w- D:\Windows\Sysnative\ie4uinit.exe
2014-11-11 22:17:24 33098C85B789630865CD3F5D22FB0DFC 77824 ----a-w- D:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-11-11 22:17:24 26BC4EC95E363DD59171710E22108F15 34304 ----a-w- D:\Windows\Sysnative\iernonce.dll
2014-11-11 22:17:24 1F3794CE1AEA5DA12ACF90210EAE4ECB 48640 ----a-w- D:\Windows\Sysnative\ieetwproxystub.dll
2014-11-11 22:17:23 56651A76C63DAF2C593F1F767FC8A856 1550336 ----a-w- D:\Windows\Sysnative\urlmon.dll
2014-11-11 22:17:23 1C216980E7D21100A357B52B3C45F78D 388272 ----a-w- D:\Windows\Sysnative\iedkcs32.dll
2014-11-11 22:17:22 E17C34BECCD1388E9B386A9F82F01222 4096 ----a-w- D:\Windows\Sysnative\ieetwcollectorres.dll
2014-11-11 22:17:22 C6A719FD0B07B2DD0ADACD07636F4BAD 968704 ----a-w- D:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-11-11 22:17:22 6507CA9349500A535AF70670F248E525 66560 ----a-w- D:\Windows\Sysnative\iesetup.dll
2014-11-11 22:17:22 2A1A7F17C906941334C6A67E935F214B 316928 ----a-w- D:\Windows\Sysnative\dxtrans.dll
2014-11-11 22:17:22 1E30BECF0DB35481588FB72C9CF97CA2 800768 ----a-w- D:\Windows\Sysnative\msfeeds.dll
2014-11-11 22:17:21 BD708EBEDB35E474F1A19747154ACC47 799232 ----a-w- D:\Windows\Sysnative\ieapfltr.dll
2014-11-11 22:17:21 BA4EC6139B8830BBA9CC5D065CA5796C 2884096 ----a-w- D:\Windows\Sysnative\iertutil.dll
2014-11-11 22:17:21 5C9D58591D0091630452B04F35527240 2124288 ----a-w- D:\Windows\Sysnative\inetcpl.cpl
2014-11-11 22:17:20 69602F6259598A7837CB83D3608FE293 633856 ----a-w- D:\Windows\Sysnative\ieui.dll
2014-11-11 22:17:20 31F2A5ECFD2C75F970A3007ACD5627C7 54784 ----a-w- D:\Windows\Sysnative\jsproxy.dll
2014-11-11 22:17:20 277A4735954F1BF29EE3D138A5251BFE 490496 ----a-w- D:\Windows\Sysnative\dxtmsft.dll
2014-11-11 22:17:20 08BCDD6C9E23D00309F359620461DFE8 144384 ----a-w- D:\Windows\Sysnative\ieUnatt.exe
2014-11-11 22:17:19 F208D7FB40FD80EA9F123BABF687359C 6040064 ----a-w- D:\Windows\Sysnative\jscript9.dll
2014-11-11 22:17:19 B6DC4597FF946B0C8B29650A71F52D4E 580096 ----a-w- D:\Windows\Sysnative\vbscript.dll
2014-11-11 22:17:19 98088A13F65BE35DA3693F264740CEEC 1359360 ----a-w- D:\Windows\Sysnative\mshtmlmedia.dll
2014-11-11 22:17:19 7EE5FBD190BF5B27F7977EA6CBF0DCAC 92160 ----a-w- D:\Windows\Sysnative\mshtmled.dll
2014-11-11 22:17:19 7EC80DB959695D4F927D2D601DA59F35 814080 ----a-w- D:\Windows\Sysnative\jscript9diag.dll
2014-11-11 22:17:19 154B8555A118BCFD95F358390E418B00 14390272 ----a-w- D:\Windows\Sysnative\ieframe.dll
2014-11-11 22:17:18 EE3592B010E3F69D141323E592C01A1A 199680 ----a-w- D:\Windows\Sysnative\msrating.dll
2014-11-11 22:17:18 BBD6A636AAA65D874F3863280CD8373D 25110016 ----a-w- D:\Windows\Sysnative\mshtml.dll
2014-11-11 22:17:18 6FC2819A4F80AAB2DADEDFC1EFEE3C3F 2365440 ----a-w- D:\Windows\Sysnative\wininet.dll
2014-11-11 22:17:18 4B6D9AB2ECD11AF5F6B1C42D938E0A85 88064 ----a-w- D:\Windows\Sysnative\MshtmlDac.dll
2014-11-11 22:14:27 F992AAE3F2DF1D7D2A75B681B0C5280E 304640 ----a-w- D:\Windows\Sysnative\generaltel.dll
2014-11-11 22:14:27 9F1FA4F36406693C77CC5779AA7E532D 228864 ----a-w- D:\Windows\Sysnative\aepdu.dll
2014-11-11 22:14:27 6021CF6A11DE9B5FC1BD210B6855C497 424448 ----a-w- D:\Windows\Sysnative\aeinv.dll
2014-11-11 22:14:24 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- D:\Windows\Sysnative\lsasrv.dll
2014-11-11 22:14:24 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- D:\Windows\Sysnative\adtschema.dll
2014-11-11 22:14:24 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- D:\Windows\Sysnative\termsrv.dll
2014-11-11 22:14:23 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- D:\Windows\Sysnative\msaudite.dll
2014-11-11 22:09:21 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- D:\Windows\Sysnative\msxml3r.dll
2014-11-11 22:09:21 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- D:\Windows\Sysnative\msxml3.dll
2014-11-11 22:09:20 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- D:\Windows\Sysnative\IMJP10K.DLL
2014-11-11 22:09:19 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- D:\Windows\Sysnative\AUDIOKSE.dll
2014-11-11 22:09:18 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- D:\Windows\Sysnative\AudioSes.dll
2014-11-11 22:09:18 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- D:\Windows\Sysnative\audiosrv.dll
2014-11-11 22:09:18 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- D:\Windows\Sysnative\EncDump.dll
2014-11-11 22:09:18 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- D:\Windows\Sysnative\schannel.dll
2014-11-11 22:09:18 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- D:\Windows\Sysnative\AudioEng.dll
2014-11-11 22:09:17 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- D:\Windows\Sysnative\TSpkg.dll
2014-11-11 22:09:17 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- D:\Windows\Sysnative\wdigest.dll
2014-11-11 22:09:17 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- D:\Windows\Sysnative\msv1_0.dll
2014-11-11 22:09:17 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- D:\Windows\Sysnative\credssp.dll
2014-11-11 22:09:17 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- D:\Windows\Sysnative\ncrypt.dll
2014-11-11 22:09:17 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- D:\Windows\Sysnative\kerberos.dll
2014-11-11 22:09:13 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- D:\Windows\Sysnative\win32k.sys
2014-11-11 22:09:12 934735F508E297504460935B71E99F0B 77824 ----a-w- D:\Windows\Sysnative\packager.dll
2014-11-11 22:09:10 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- D:\Windows\Sysnative\msi.dll
2014-11-11 22:09:09 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- D:\Windows\Sysnative\oleaut32.dll
====== D:\Windows\Sysnative\drivers =====
2014-11-14 02:01:35 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- D:\Windows\Sysnative\drivers\TrueSight.sys
2014-11-11 22:14:24 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- D:\Windows\Sysnative\drivers\ksecpkg.sys
2014-11-08 14:19:09 F17F84511E7DFDEEAB646F0699A006D7 37184 ----a-w- D:\Windows\Sysnative\drivers\rzpmgrk.sys
2014-11-08 14:18:02 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- D:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-08 14:17:50 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- D:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-11-08 14:17:50 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- D:\Windows\Sysnative\drivers\mwac.sys
2014-11-08 14:17:50 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- D:\Windows\Sysnative\drivers\mbam.sys
====== D:\Windows\Tasks ======
2014-10-28 00:25:31 6838834D81F4DCBC2FDB18624D98764B 2958 ----a-w- D:\Windows\Sysnative\Tasks\{E25FB704-C2E7-40DD-807D-27FEE49CA219}
====== D:\Windows\Temp ======
======= D:\Program Files =====
======= D:\PROGRA~2 =====
2014-11-14 02:01:37 6000640 ----a-w- D:\PROGRA~2\GUTEF9C.tmp
2014-11-14 02:01:37 -------- d-----w- D:\PROGRA~2\GUMEF9B.tmp
2014-11-09 05:06:14 -------- d-----w- D:\PROGRA~2\Pavtube
======= D: =====
====== D:\Users\Dan\AppData\Roaming ======
2014-11-14 02:23:55 -------- d-----w- D:\Users\Dan\AppData\Local\CrashDumps
2014-11-09 05:06:25 -------- d-----w- D:\Users\Dan\AppData\Roaming\Pavtube
2014-11-08 14:19:10 -------- d-----w- D:\Windows\sysWoW64\config\systemprofile\AppData\Local\Razer
2014-11-06 17:00:59 -------- d-----w- D:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm
2014-11-06 17:00:26 -------- d-----w- D:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking
2014-10-27 01:28:47 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- D:\Users\Dan\AppData\Local\{70C4D92E-EDD6-4447-AC67-F38B9FB582A2}
====== D:\Users\Dan ======
2014-11-20 02:30:49 7650EF7FFE338A50ADE28288FB601B7A 186568 ----a-w- D:\Users\Dan\Downloads\ESETPoweliksCleaner.exe
2014-11-14 03:08:12 8B968045D75783A09592C3105F2865DA 688992 ------r- D:\Users\Dan\Downloads\dds.com
2014-11-14 02:01:21 -------- d-----w- D:\ProgramData\RogueKiller
2014-11-14 02:01:11 A49F9B0EFF646BF27C81055C93C161E6 880784 ----a-w- D:\Users\Dan\Downloads\ChromeSetup.exe
2014-11-14 01:58:23 47C6E378E9D4819109AEAD73A72E4B80 17535064 ----a-w- D:\Users\Dan\Downloads\RogueKillerX64 (1).exe
2014-11-14 01:48:12 6504113C2218667814D4F54847BA046A 2140160 ----a-w- D:\Users\Dan\Downloads\adwcleaner_4.101.exe
2014-11-14 01:13:06 D17ED4167D5642872370615A72CE88F3 2117632 ----a-w- D:\Users\Dan\Downloads\FRST64.exe
2014-11-13 15:46:54 788FCDDD88240A85039F7F561093B118 448512 ----a-w- D:\Users\Dan\Downloads\TFC.exe
2014-11-09 05:11:14 -------- d-----w- D:\Users\Dan\Pavtube
2014-11-09 05:06:18 -------- d-----w- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pavtube
2014-10-24 01:30:09 -------- d-----w- D:\ProgramData\TeguKmep
 
====== D: exe-files ==
2014-11-22 01:05:55 D17ED4167D5642872370615A72CE88F3 2117632 ----a-w- D:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQ7O5SNM\FRST64[1].exe
2014-11-20 02:30:49 7650EF7FFE338A50ADE28288FB601B7A 186568 ----a-w- D:\Users\Dan\Downloads\ESETPoweliksCleaner.exe
2014-11-18 20:41:06 208F5294935D6814B97F028A0E032D5A 10001456 ----a-w- D:\Program Files (x86)\Battle.net\Battle.net.5293\Battle.net.exe
=== D: other files ==
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="D:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="D:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXMediaServer"="D:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"Razer Naga Driver"="D:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe"
"Razer Synapse"="D:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"CAM"="D:\Program Files (x86)\NZXT\CAM\CAM_Client.exe"
"StartCCC"="D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"RazerCortex"="D:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Raptr"
"hkey"="HKCU"
"command"="D:\\PROGRA~2\\Raptr\\raptrstub.exe --startup"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\xerptbnp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xerptbnp"
"hkey"="HKCU"
"command"="D:\\Users\\Dan\\AppData\\Local\\ATI\\xerptbnp.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{dc49261e-15c8-b577-adef-1ab164ce3290}]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="{dc49261e-15c8-b577-adef-1ab164ce3290}"
"hkey"="HKLM"
"command"="\"D:\\Users\\Dan\\AppData\\Local\\Microsoft\\{dc49261e-15c8-b577-adef-1ab164ce3290}\\{dc49261e-15c8-b577-adef-1ab164ce3290}.exe\""
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ASGT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\bthserv]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Fax]
 
 
==== Startup Folders ======================
 
2014-05-11 10:26:39 0 ----a-w- D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
 
==== Task Scheduler Jobs ======================
 
D:\Windows\tasks\Adobe Flash Player Updater.job --a------ D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/21/2014 03:30 PM]
D:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/08/2014 11:54 AM]
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/08/2014 11:54 AM]
 
==== Other Scheduled Tasks ======================
 
"D:\Windows\SysNative\tasks\Adobe Flash Player Updater" [D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"D:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [D:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"D:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [D:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"D:\Windows\SysNative\tasks\{E25FB704-C2E7-40DD-807D-27FEE49CA219}" [D:\Users\Dan\AppData\Roaming\uTorrent\uTorrent.exe]
 
==== D:\zoek_backup content ======================
 
D:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Fri 11/21/2014 at 20:08:47.24 ======================


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 PM

Posted 22 November 2014 - 12:52 PM

Hi,

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.


Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   425bytes   6 downloads


After the Reboot: Please post the Fixlog.txt


warning.gif P2P Warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


warning.gif No Resident Protection Warning

Always have one (and no more than one!) AntiVirus program, as the resident protection is absolutely a must-have on any Windows!
Nowadays we have plenty of free AV programs. This choice is up to you.

Here are some of the Anti-Virus programmes I recommend. Each paid-for Anti-Virus comes with a free trial if you wish to try the software before purchasing. For a paid solution, my choice of Anti-Virus is ESET NOD32, and for a free solution, my choice of Anti-Virus is avast!. However, please be aware that there is no universal solution that works for everyone, and there is no single best anti-virus.
Please install one (and just one!) of the listed above or any other you'd like to have. It should be done before we will proceed any further.


Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Furieus

Furieus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 November 2014 - 08:13 AM

Here is the fixlog.txt prior to the reboot.

 

I noticed this website was quick to load compared to before, i'll log on my game after I complete the steps to see how my latency is.

Attached Files


Edited by Furieus, 23 November 2014 - 08:15 AM.


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 PM

Posted 23 November 2014 - 12:15 PM

OK...:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Furieus

Furieus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 24 November 2014 - 04:10 PM

Oh i forgot to run FRST again and post logs, lemme run that real quick.

 

EDIT:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014
Ran by Dan (administrator) on DAN-PC on 24-11-2014 16:11:41
Running from D:\Users\Dan\Downloads
Loaded Profile: Dan (Available profiles: Dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) D:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) D:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) D:\Windows\System32\audiodg.exe
(Advanced Micro Devices, Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Razer Inc.) D:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(A-Volute) D:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Razer, Inc.) D:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
() D:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) D:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) D:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) D:\Program Files\Microsoft Security Client\msseces.exe
() D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Razer USA Ltd) D:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
(Razer Inc.) D:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) D:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) D:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Advanced Micro Devices Inc.) D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) D:\Program Files (x86)\Razer\Razer Cortex\main.exe
(ATI Technologies Inc.) D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) D:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) D:\Windows\System32\dllhost.exe
(Microsoft Corporation) D:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => D:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => D:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Razer Naga Driver] => D:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-04-12] (Razer USA Ltd)
HKLM-x32\...\Run: [Razer Synapse] => D:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-10-24] (Razer Inc.)
HKLM-x32\...\Run: [CAM] => D:\Program Files (x86)\NZXT\CAM\CAM_Client.exe [6346784 2014-05-20] ()
HKLM-x32\...\Run: [StartCCC] => D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RazerCortex] => D:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-09-11] (Razer Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => D:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-11] (Microsoft Corporation)
Startup: D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2759077170-2881541920-2421041487-1000: @unity3d.com/UnityPlayer,version=1.0 -> D:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> ""
CHR Profile: D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-08]
CHR Extension: (Google Drive) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-08]
CHR Extension: (Facebook) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-05-08]
CHR Extension: (Spotify - Music for every moment) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-08]
CHR Extension: (Google Search) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-08]
CHR Extension: (AdBlock) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-08]
CHR Extension: (Bookmark Manager) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-11-21]
CHR Extension: (Kindle Cloud Reader) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-08]
CHR Extension: (Dino Storm) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcelgimengeaokbmmfenpkfbnlkpdhi [2014-05-08]
CHR Extension: (iHeartRadio) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjomejjjilohigjkfncoodmnmkokomgd [2014-06-09]
CHR Extension: (Dark Abstract Blue Theme) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgbblllkkobiknmjelnfcdjkcjjbdfc [2014-05-08]
CHR Extension: (Alt-O-Magic Identifizer) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhcnifflbjndominljlejmeheiiolfdp [2014-05-08]
CHR Extension: (Google Wallet) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-08]
CHR Extension: (Gmail) - D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S4 ASGT; D:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; D:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; D:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Razer Game Scanner Service; D:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzKLService; D:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-09-11] (Razer Inc.)
R2 RzMaelstromVADStreamingService; D:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 RzOvlMon; D:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; D:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 FTT3; D:\Windows\System32\DRIVERS\FTT3.sys [199176 2008-02-20] (Promise Technology, Inc.)
R3 MBAMProtector; D:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; D:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; D:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; D:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; D:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RzDxgk; D:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; D:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 RZMAELSTROMVADService; D:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; D:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
S3 RzSynapse; D:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-03-31] (Razer USA Ltd)
U3 TrueSight; D:\Windows\System32\drivers\TrueSight.sys [37624 2014-11-13] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-23 08:40 - 2014-11-23 08:40 - 04956875 _____ () D:\Users\Dan\Downloads\Leatrix_Latency_Fix_3.00.zip
2014-11-23 08:24 - 2014-11-24 16:11 - 00012570 _____ () D:\Users\Dan\Downloads\FRST.txt
2014-11-23 08:14 - 2014-11-23 08:14 - 00002127 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-11-23 08:14 - 2014-11-23 08:14 - 00001945 _____ () D:\Windows\epplauncher.mif
2014-11-23 08:14 - 2014-11-23 08:14 - 00000000 ____D () D:\Program Files\Microsoft Security Client
2014-11-23 08:14 - 2014-11-23 08:14 - 00000000 ____D () D:\Program Files (x86)\Microsoft Security Client
2014-11-23 08:10 - 2014-11-23 08:10 - 14087848 _____ (Microsoft Corporation) D:\Users\Dan\Downloads\mseinstall.exe
2014-11-21 20:07 - 2014-11-19 21:37 - 00031105 _____ () D:\zoek-results2014-11-20-023712.log
2014-11-21 20:05 - 2014-11-23 08:07 - 00000000 ____D () D:\Users\Dan\Downloads\FRST-OlderVersion
2014-11-19 21:35 - 2014-11-19 21:35 - 00031189 _____ () D:\zoek-results2014-11-20-023508.log
2014-11-19 21:33 - 2014-11-21 20:08 - 00025100 _____ () D:\zoek-results.log
2014-11-19 21:32 - 2014-11-19 21:32 - 01294848 _____ () D:\Users\Dan\Downloads\zoek.exe
2014-11-19 21:32 - 2014-11-19 21:32 - 00000000 ____D () D:\zoek_backup
2014-11-19 21:30 - 2014-11-19 21:30 - 00186568 _____ (ESET) D:\Users\Dan\Downloads\ESETPoweliksCleaner.exe
2014-11-18 20:16 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) D:\Windows\system32\kerberos.dll
2014-11-18 20:16 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) D:\Windows\system32\pku2u.dll
2014-11-18 20:16 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) D:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:16 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) D:\Windows\SysWOW64\pku2u.dll
2014-11-13 22:11 - 2014-11-13 22:12 - 00000000 ___SD () D:\ComboFix
2014-11-13 22:11 - 2014-11-13 22:11 - 00000000 ___SD () D:\32788R22FWJFW
2014-11-13 22:11 - 2014-11-13 22:11 - 00000000 ____D () D:\Windows\erdnt
2014-11-13 22:11 - 2014-11-13 22:11 - 00000000 ____D () D:\Qoobox
2014-11-13 22:11 - 2011-06-26 01:45 - 00256000 _____ () D:\Windows\PEV.exe
2014-11-13 22:11 - 2010-11-07 12:20 - 00208896 _____ () D:\Windows\MBR.exe
2014-11-13 22:11 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) D:\Windows\NIRCMD.exe
2014-11-13 22:11 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) D:\Windows\SWREG.exe
2014-11-13 22:11 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) D:\Windows\SWSC.exe
2014-11-13 22:11 - 2000-08-30 19:00 - 00098816 _____ () D:\Windows\sed.exe
2014-11-13 22:11 - 2000-08-30 19:00 - 00080412 _____ () D:\Windows\grep.exe
2014-11-13 22:11 - 2000-08-30 19:00 - 00068096 _____ () D:\Windows\zip.exe
2014-11-13 22:10 - 2014-11-13 22:11 - 05597734 ____R (Swearware) D:\Users\Dan\Downloads\ComboFix.exe
2014-11-13 22:08 - 2014-11-13 22:08 - 00688992 ____R (Swearware) D:\Users\Dan\Downloads\dds.com
2014-11-13 22:08 - 2014-11-13 22:08 - 00018540 _____ () D:\Users\Dan\Desktop\dds.txt
2014-11-13 22:08 - 2014-11-13 22:08 - 00011430 _____ () D:\Users\Dan\Desktop\attach.txt
2014-11-13 21:23 - 2014-11-13 21:47 - 00000000 ____D () D:\Users\Dan\AppData\Local\CrashDumps
2014-11-13 21:01 - 2014-11-13 21:54 - 00037624 _____ () D:\Windows\system32\Drivers\TrueSight.sys
2014-11-13 21:01 - 2014-11-13 21:02 - 06000640 _____ () D:\Program Files (x86)\GUTEF9C.tmp
2014-11-13 21:01 - 2014-11-13 21:01 - 00880784 _____ (Google Inc.) D:\Users\Dan\Downloads\ChromeSetup.exe
2014-11-13 21:01 - 2014-11-13 21:01 - 00000000 ____D () D:\ProgramData\RogueKiller
2014-11-13 21:01 - 2014-11-13 21:01 - 00000000 ____D () D:\Program Files (x86)\GUMEF9B.tmp
2014-11-13 20:58 - 2014-11-13 21:00 - 17535064 _____ () D:\Users\Dan\Downloads\RogueKillerX64 (1).exe
2014-11-13 20:56 - 2014-11-13 20:56 - 00000000 ____D () D:\Users\Dan\Desktop\RK_Quarantine
2014-11-13 20:51 - 2014-11-13 22:06 - 00000000 ____D () D:\AdwCleaner
2014-11-13 20:48 - 2014-11-13 20:48 - 02140160 _____ () D:\Users\Dan\Downloads\adwcleaner_4.101.exe
2014-11-13 20:13 - 2014-11-24 16:11 - 00000000 ____D () D:\FRST
2014-11-13 20:13 - 2014-11-23 08:07 - 02118144 _____ (Farbar) D:\Users\Dan\Downloads\FRST64.exe
2014-11-13 19:43 - 2014-11-13 19:44 - 00000060 _____ () D:\Users\Dan\Desktop\New Text Document.txt
2014-11-13 10:53 - 2014-11-13 10:53 - 00000000 ____D () D:\Windows\pss
2014-11-13 10:46 - 2014-11-13 10:46 - 00448512 _____ (OldTimer Tools) D:\Users\Dan\Downloads\TFC.exe
2014-11-11 17:17 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) D:\Windows\system32\iedkcs32.dll
2014-11-11 17:17 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 17:17 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb
2014-11-11 17:17 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll
2014-11-11 17:17 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollectorres.dll
2014-11-11 17:17 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll
2014-11-11 17:17 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) D:\Windows\system32\vbscript.dll
2014-11-11 17:17 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) D:\Windows\system32\ieetwproxystub.dll
2014-11-11 17:17 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) D:\Windows\system32\MshtmlDac.dll
2014-11-11 17:17 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll
2014-11-11 17:17 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll
2014-11-11 17:17 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll
2014-11-11 17:17 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll
2014-11-11 17:17 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) D:\Windows\system32\ieUnatt.exe
2014-11-11 17:17 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollector.exe
2014-11-11 17:17 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) D:\Windows\system32\jscript9diag.dll
2014-11-11 17:17 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb
2014-11-11 17:17 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll
2014-11-11 17:17 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) D:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 17:17 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) D:\Windows\system32\dxtmsft.dll
2014-11-11 17:17 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) D:\Windows\SysWOW64\vbscript.dll
2014-11-11 17:17 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesetup.dll
2014-11-11 17:17 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 17:17 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll
2014-11-11 17:17 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) D:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 17:17 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) D:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 17:17 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iertutil.dll
2014-11-11 17:17 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jsproxy.dll
2014-11-11 17:17 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iernonce.dll
2014-11-11 17:17 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) D:\Windows\system32\msrating.dll
2014-11-11 17:17 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieui.dll
2014-11-11 17:17 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) D:\Windows\system32\mshtmled.dll
2014-11-11 17:17 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 17:17 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 17:17 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) D:\Windows\system32\dxtrans.dll
2014-11-11 17:17 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 17:17 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) D:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 17:17 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll
2014-11-11 17:17 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) D:\Windows\system32\ie4uinit.exe
2014-11-11 17:17 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) D:\Windows\system32\mshtmlmedia.dll
2014-11-11 17:17 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) D:\Windows\system32\inetcpl.cpl
2014-11-11 17:17 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msrating.dll
2014-11-11 17:17 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmled.dll
2014-11-11 17:17 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dxtrans.dll
2014-11-11 17:17 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll
2014-11-11 17:17 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msfeeds.dll
2014-11-11 17:17 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9.dll
2014-11-11 17:17 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) D:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 17:17 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 17:17 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll
2014-11-11 17:17 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll
2014-11-11 17:17 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieframe.dll
2014-11-11 17:17 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) D:\Windows\system32\ieapfltr.dll
2014-11-11 17:17 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wininet.dll
2014-11-11 17:17 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) D:\Windows\SysWOW64\urlmon.dll
2014-11-11 17:17 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 17:14 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) D:\Windows\system32\generaltel.dll
2014-11-11 17:14 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) D:\Windows\system32\aepdu.dll
2014-11-11 17:14 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) D:\Windows\system32\aeinv.dll
2014-11-11 17:14 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 17:14 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) D:\Windows\system32\termsrv.dll
2014-11-11 17:14 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) D:\Windows\system32\lsasrv.dll
2014-11-11 17:14 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) D:\Windows\system32\msaudite.dll
2014-11-11 17:14 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) D:\Windows\system32\adtschema.dll
2014-11-11 17:14 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) D:\Windows\SysWOW64\secur32.dll
2014-11-11 17:14 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) D:\Windows\SysWOW64\sspicli.dll
2014-11-11 17:14 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msaudite.dll
2014-11-11 17:14 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) D:\Windows\SysWOW64\adtschema.dll
2014-11-11 17:09 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) D:\Windows\system32\packager.dll
2014-11-11 17:09 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) D:\Windows\SysWOW64\packager.dll
2014-11-11 17:09 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) D:\Windows\system32\oleaut32.dll
2014-11-11 17:09 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) D:\Windows\SysWOW64\oleaut32.dll
2014-11-11 17:09 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) D:\Windows\system32\msi.dll
2014-11-11 17:09 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msi.dll
2014-11-11 17:09 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) D:\Windows\system32\win32k.sys
2014-11-11 17:09 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) D:\Windows\system32\AUDIOKSE.dll
2014-11-11 17:09 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) D:\Windows\system32\audiosrv.dll
2014-11-11 17:09 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) D:\Windows\system32\AudioEng.dll
2014-11-11 17:09 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) D:\Windows\system32\AudioSes.dll
2014-11-11 17:09 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) D:\Windows\system32\EncDump.dll
2014-11-11 17:09 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) D:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 17:09 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) D:\Windows\SysWOW64\AudioEng.dll
2014-11-11 17:09 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) D:\Windows\SysWOW64\AudioSes.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) D:\Windows\system32\schannel.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) D:\Windows\system32\msv1_0.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) D:\Windows\system32\ncrypt.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) D:\Windows\system32\wdigest.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) D:\Windows\system32\TSpkg.dll
2014-11-11 17:09 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) D:\Windows\system32\credssp.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msv1_0.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) D:\Windows\SysWOW64\schannel.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ncrypt.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wdigest.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) D:\Windows\SysWOW64\TSpkg.dll
2014-11-11 17:09 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) D:\Windows\SysWOW64\credssp.dll
2014-11-11 17:09 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) D:\Windows\system32\msxml3.dll
2014-11-11 17:09 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) D:\Windows\system32\msxml3r.dll
2014-11-11 17:09 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msxml3.dll
2014-11-11 17:09 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msxml3r.dll
2014-11-11 17:09 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) D:\Windows\system32\IMJP10K.DLL
2014-11-11 17:09 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\IMJP10K.DLL
2014-11-09 00:11 - 2014-11-09 00:11 - 00000000 ____D () D:\Users\Dan\Pavtube
2014-11-09 00:10 - 2014-11-09 00:10 - 00001382 _____ () D:\Users\Public\Desktop\Pavtube Blu-ray Video Converter Ultimate.lnk
2014-11-09 00:06 - 2014-11-09 00:11 - 00000000 ____D () D:\Users\Dan\AppData\Roaming\Pavtube
2014-11-09 00:06 - 2014-11-09 00:10 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pavtube
2014-11-09 00:06 - 2014-11-09 00:10 - 00000000 ____D () D:\Program Files (x86)\Pavtube
2014-11-09 00:06 - 2014-11-09 00:06 - 00001263 _____ () D:\Users\Public\Desktop\Pavtube Video Converter.lnk
2014-11-08 09:19 - 2014-11-08 09:19 - 00001266 _____ () D:\Users\Public\Desktop\Razer Cortex.lnk
2014-11-08 09:19 - 2014-10-31 18:27 - 00037184 _____ (Razer, Inc.) D:\Windows\system32\Drivers\rzpmgrk.sys
2014-11-08 09:18 - 2014-11-24 16:09 - 00129752 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 09:17 - 2014-11-08 09:17 - 00000831 _____ () D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-08 09:17 - 2014-11-08 09:17 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-08 09:17 - 2014-11-08 09:17 - 00000000 ____D () D:\ProgramData\Malwarebytes
2014-11-08 09:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-08 09:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mwac.sys
2014-11-08 09:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbam.sys
2014-10-27 19:25 - 2014-10-27 19:25 - 00002958 _____ () D:\Windows\System32\Tasks\{E25FB704-C2E7-40DD-807D-27FEE49CA219}
2014-10-27 19:25 - 2014-10-27 19:25 - 00000821 _____ () D:\Users\Dan\Desktop\µTorrent.lnk
2014-10-26 20:28 - 2014-10-26 20:28 - 00000000 _____ () D:\Users\Dan\AppData\Local\{70C4D92E-EDD6-4447-AC67-F38B9FB582A2}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-24 16:11 - 2014-05-11 05:28 - 00000000 ____D () D:\Users\Dan\AppData\Local\Downloaded Installations
2014-11-24 16:11 - 2014-05-08 11:49 - 01529688 _____ () D:\Windows\WindowsUpdate.log
2014-11-24 16:09 - 2014-05-08 11:54 - 00000888 _____ () D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-24 16:07 - 2009-07-14 00:08 - 00000006 ____H () D:\Windows\Tasks\SA.DAT
2014-11-24 16:07 - 2009-07-13 23:51 - 00033992 _____ () D:\Windows\setupact.log
2014-11-23 23:56 - 2009-07-13 23:45 - 00018960 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 23:56 - 2009-07-13 23:45 - 00018960 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 23:53 - 2014-05-08 10:16 - 00000000 ____D () D:\Users\Dan\AppData\Local\Battle.net
2014-11-23 23:41 - 2014-07-21 15:30 - 00000830 _____ () D:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 23:06 - 2014-05-08 11:54 - 00000892 _____ () D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 08:15 - 2009-07-14 00:13 - 00781790 _____ () D:\Windows\system32\PerfStringBackup.INI
2014-11-23 08:08 - 2014-05-10 12:22 - 00000000 ____D () D:\Users\Dan\AppData\Local\Razer
2014-11-23 08:05 - 2014-05-08 09:22 - 00015518 _____ () D:\Windows\PFRO.log
2014-11-21 17:18 - 2014-05-08 11:54 - 00000000 ____D () D:\Users\Dan\AppData\Local\Deployment
2014-11-21 17:17 - 2014-05-08 11:50 - 00000000 ____D () D:\Users\Dan
2014-11-21 17:16 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\system32\NDF
2014-11-19 21:38 - 2014-08-08 17:51 - 00000000 ____D () D:\Windows\Downloaded Installations
2014-11-19 21:30 - 2014-05-17 08:59 - 00000000 ____D () D:\Users\Dan\AppData\Local\Razer_Inc
2014-11-19 21:12 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\LiveKernelReports
2014-11-18 19:59 - 2014-05-08 10:16 - 00000000 ____D () D:\Program Files (x86)\Battle.net
2014-11-17 00:52 - 2014-06-12 19:18 - 00000000 ____D () D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-13 22:11 - 2009-07-13 22:20 - 00000000 __RHD () D:\Users\Default
2014-11-13 21:02 - 2014-05-08 11:55 - 00002269 _____ () D:\Users\Public\Desktop\Google Chrome.lnk
2014-11-13 21:01 - 2014-05-08 11:54 - 00003888 _____ () D:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 21:01 - 2014-05-08 11:54 - 00003636 _____ () D:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 19:35 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\Cursors
2014-11-13 11:31 - 2014-03-12 13:51 - 00000000 ____D () D:\World of Warcraft
2014-11-13 11:04 - 2014-05-08 09:24 - 01714379 _____ () D:\Users\Dan\cssdt.log
2014-11-13 10:33 - 2014-06-27 08:55 - 00000000 ____D () D:\Users\Dan\AppData\Roaming\Raptr
2014-11-12 18:45 - 2009-07-13 22:20 - 00000000 ____D () D:\Windows\rescache
2014-11-12 17:42 - 2009-07-13 23:45 - 00270144 _____ () D:\Windows\system32\FNTCACHE.DAT
2014-11-12 17:41 - 2014-05-13 07:12 - 00000000 ___SD () D:\Windows\system32\CompatTel
2014-11-11 23:33 - 2014-05-10 17:00 - 00000000 ____D () D:\Windows\system32\MRT
2014-11-11 23:32 - 2014-05-10 17:00 - 103374192 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe
2014-11-09 03:56 - 2014-07-21 15:57 - 00000000 ____D () D:\Users\Dan\AppData\Roaming\uTorrent
2014-11-09 00:09 - 2014-07-21 15:34 - 00000000 __SHD () D:\Windows\SysWOW64\AI_RecycleBin
2014-11-08 09:57 - 2014-05-08 09:22 - 00000000 ____D () D:\Users\Dan\AppData\Local\ATI
2014-11-08 09:19 - 2014-05-10 12:22 - 00000000 ____D () D:\ProgramData\Razer
2014-11-08 09:19 - 2014-05-10 12:20 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-11-08 09:19 - 2014-05-10 12:20 - 00000000 ____D () D:\Program Files (x86)\Razer
2014-11-07 11:24 - 2014-05-08 11:54 - 00060912 _____ () D:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 12:09 - 2009-07-14 02:44 - 00000000 ___RD () D:\Users\Public\Recorded TV
2014-11-06 10:42 - 2014-05-10 12:20 - 00299986 _____ () D:\Windows\DPINST.LOG
2014-10-30 06:25 - 2014-05-08 09:07 - 00275080 ____N (Microsoft Corporation) D:\Windows\system32\MpSigStub.exe
2014-10-29 21:35 - 2014-05-31 22:56 - 00000000 ____D () D:\Users\Dan\AppData\Roaming\Mumble
2014-10-27 19:25 - 2014-07-21 15:58 - 00000801 _____ () D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-10-26 18:22 - 2009-07-14 00:08 - 00032544 _____ () D:\Windows\Tasks\SCHEDLGU.TXT
 
Some content of TEMP:
====================
D:\Users\Dan\AppData\Local\Temp\mpam-ed1f7511.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
D:\Windows\System32\winlogon.exe => File is digitally signed
D:\Windows\System32\wininit.exe => File is digitally signed
D:\Windows\SysWOW64\wininit.exe => File is digitally signed
D:\Windows\explorer.exe => File is digitally signed
D:\Windows\SysWOW64\explorer.exe => File is digitally signed
D:\Windows\System32\svchost.exe => File is digitally signed
D:\Windows\SysWOW64\svchost.exe => File is digitally signed
D:\Windows\System32\services.exe => File is digitally signed
D:\Windows\System32\User32.dll => MD5 is legit
D:\Windows\SysWOW64\User32.dll => MD5 is legit
D:\Windows\System32\userinit.exe => File is digitally signed
D:\Windows\SysWOW64\userinit.exe => File is digitally signed
D:\Windows\System32\rpcss.dll => File is digitally signed
D:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-15 17:00
 
==================== End Of Log ============================
 
 
Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014
Ran by Dan at 2014-11-24 16:12:05
Running from D:\Users\Dan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2759077170-2881541920-2421041487-1000\...\uTorrent) (Version: 3.4.2.35141 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{E94EFAB6-653F-4837-9E8A-F6377CA1EC0D}) (Version: 11.8.800.175 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.7.0 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.6.7.0 - ASUSTek COMPUTER INC.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CAM (HKLM-x32\...\{0462AF70-3758-4365-9AB9-8EC3BB69DC0C}) (Version: 1.0.0 - NZXT)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Curse Client (HKU\S-1-5-21-2759077170-2881541920-2421041487-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.62 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.5.0 - Hermann Schinagl)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mumble 1.2.6 (HKLM-x32\...\{461A5021-EE14-4E57-9A06-8ABCE9C38FE4}) (Version: 1.2.6 - Thorvald Natvig)
Pavtube Blu-ray Video Converter Ultimate Ver 4.0.2.2902 (HKLM-x32\...\{682B3199-76C3-4745-B7AE-FC13F6676421}_is1) (Version:  - )
Pavtube Video Converter Ver 4.6.1.5363 (HKLM-x32\...\{B4EE51E6-2C80-4B04-BDE0-ED4E87BEFECD}_is1) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.1.38.0 - Razer Inc.)
Razer Naga (HKLM-x32\...\{ED4108A9-60FD-4F18-AF42-122219977773}) (Version: 3.02.05 - Razer USA Ltd.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22879 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Tukui Client (HKLM-x32\...\{6517882E-E5E0-40DC-B3B0-A531FF2A06E8}) (Version: 2.4.5 - Tukui)
Unity Web Player (HKU\S-1-5-21-2759077170-2881541920-2421041487-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2759077170-2881541920-2421041487-1000_Classes\CLSID\{3a40e87a-cd89-4703-b006-4598cc9b2a63}\InprocServer32 -> D:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
17-11-2014 22:51:23 Scheduled Checkpoint
20-11-2014 02:33:36 zoek.exe restore point
23-11-2014 13:16:48 Windows Update
24-11-2014 04:56:06 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A D:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1101B4D5-8BC5-40A6-8FE1-253A91ED799B} - System32\Tasks\Adobe Flash Player Updater => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-21] (Adobe Systems Incorporated)
Task: {297B2A39-5C24-4B4B-95E8-56F02011B675} - System32\Tasks\{E25FB704-C2E7-40DD-807D-27FEE49CA219} => D:\Users\Dan\AppData\Roaming\uTorrent\uTorrent.exe [2014-10-27] (BitTorrent Inc.)
Task: {4153F81C-B880-4119-9D3B-636E2FA24302} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.)
Task: {87E2780C-16FA-49AE-B3A2-863960937EAB} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.)
Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-15 17:13 - 2014-09-15 17:13 - 00214528 _____ () D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-10-31 18:27 - 2014-10-31 18:27 - 00183488 _____ () D:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2004-09-30 13:15 - 2004-09-30 13:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-09-15 17:13 - 2014-09-15 17:13 - 00102400 _____ () D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-13 21:02 - 2014-11-11 23:04 - 01408328 _____ () D:\Program Files (x86)\Google\Chrome\Application\39.0.2171.62\libglesv2.dll
2014-11-13 21:02 - 2014-11-11 23:03 - 00204616 _____ () D:\Program Files (x86)\Google\Chrome\Application\39.0.2171.62\libegl.dll
2014-11-13 21:02 - 2014-11-11 23:04 - 10689352 _____ () D:\Program Files (x86)\Google\Chrome\Application\39.0.2171.62\pdf.dll
2014-11-13 21:02 - 2014-11-11 23:03 - 01856840 _____ () D:\Program Files (x86)\Google\Chrome\Application\39.0.2171.62\ffmpegsumo.dll
2004-09-30 12:09 - 2004-09-30 12:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () D:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-11-08 09:19 - 2012-11-20 16:13 - 00264192 _____ () D:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ASGT => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\startupreg: Raptr => D:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: xerptbnp => D:\Users\Dan\AppData\Local\ATI\xerptbnp.exe
MSCONFIG\startupreg: {dc49261e-15c8-b577-adef-1ab164ce3290} => "D:\Users\Dan\AppData\Local\Microsoft\{dc49261e-15c8-b577-adef-1ab164ce3290}\{dc49261e-15c8-b577-adef-1ab164ce3290}.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2759077170-2881541920-2421041487-500 - Administrator - Disabled)
Dan (S-1-5-21-2759077170-2881541920-2421041487-1000 - Administrator - Enabled) => D:\Users\Dan
Guest (S-1-5-21-2759077170-2881541920-2421041487-501 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/24/2014 04:09:09 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (11/23/2014 10:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/23/2014 09:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/23/2014 08:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/23/2014 07:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/23/2014 06:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/23/2014 05:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/23/2014 04:59:42 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/23/2014 03:59:42 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/23/2014 02:59:42 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
 
System errors:
=============
Error: (11/23/2014 08:59:41 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: D:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (11/23/2014 08:17:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.189.528.0).
 
Error: (11/23/2014 08:17:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (11/23/2014 08:16:56 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %NT AUTHORITY15
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (11/23/2014 08:16:56 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %NT AUTHORITY15
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (11/23/2014 08:08:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/23/2014 08:08:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/23/2014 08:08:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/23/2014 08:08:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (11/23/2014 08:08:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (11/24/2014 04:09:09 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (11/23/2014 10:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/23/2014 09:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/23/2014 08:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/23/2014 07:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/23/2014 06:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/23/2014 05:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/23/2014 04:59:42 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/23/2014 03:59:42 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (11/23/2014 02:59:42 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 965 Processor
Percentage of memory in use: 56%
Total physical RAM: 4095.2 MB
Available physical RAM: 1794.45 MB
Total Pagefile: 8188.57 MB
Available Pagefile: 4879.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (New Volume) (Fixed) (Total:596.05 GB) (Free:368.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:111.79 GB) (Free:26.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: AAFA48A8)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.1 GB) (Disk ID: B32AE3C3)
Partition 1: (Active) - (Size=596.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by Furieus, 24 November 2014 - 04:13 PM.


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 PM

Posted 24 November 2014 - 04:36 PM

Let's do a final check up:

Step 1


Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Furieus

Furieus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 24 November 2014 - 08:07 PM

I'll edit this topic with the log pastes. As far as my computer running, it seems a bit better, latency is high in games download seems to be slow as well, but that COULD be the way i have the network setup by using an old Linksys router with DD-WRT installed on it and connecting to the main router and being hardwired into that. I'll be investing on a new routing system and we'll see how that goes.

 

Hitman log:

 

HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : DAN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Dan-PC\Dan
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-11-24 20:04:16
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 49s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 13
 
   Objects scanned . . . : 1,826,448
   Files scanned . . . . : 20,120
   Remnants scanned  . . : 970,292 files / 836,036 keys
 
Suspicious files ____________________________________________________________
 
   D:\Users\Dan\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,117,632 bytes
      Age  . . . . . . . : 11.0 days (2014-11-13 20:13:06)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : E3DF3A212593AA280C477F8361907A9B6A6A42804BBD83A0D66DB4E02C80EE26
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   D:\Users\Dan\Downloads\FRST64.exe
      Size . . . . . . . : 2,118,144 bytes
      Age  . . . . . . . : 1.5 days (2014-11-23 08:07:57)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 17809D928B4620E1C3C26F5C1CA65C7401174561290A579C4C1D3DEAB317A914
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Cookies _____________________________________________________________________
 
   D:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\1IBNC0Q1.txt
   D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\2HEMDZJT.txt
   D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\3MO8I5LU.txt
   D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\41XC32A9.txt
   D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\EJ3RA1LR.txt
   D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\HVN3ZGRR.txt
   D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\P1L7T74R.txt
   D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\PUXXCJAF.txt
   D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\THR2M7OC.txt
   D:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\ZTZUBAYW.txt
 
 

Edited by Furieus, 24 November 2014 - 08:08 PM.


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 PM

Posted 25 November 2014 - 11:36 AM

OK...:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Furieus

Furieus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 25 November 2014 - 03:18 PM

Got to running ESET....

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8cf3948dd2148147878f17bfe3d82c34
# engine=21248
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-25 03:43:43
# local_time=2014-11-24 10:43:43 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 0 39759417 0 0
# scanned=288803
# found=30
# cleaned=0
# scan_time=8320
sh=6B4F3E6EB3AAE1D1E9250E006C1EA18854A5BDED ft=1 fh=03f7934c7f4ba60d vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe"
sh=7EB8BEEC49636AAE2BD754EB51A31BDC8516E721 ft=1 fh=6a73ba54031a6efe vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe"
sh=BE80764F4BFE7F82249BF79FD6D518ED8AF3463D ft=1 fh=0da9394ebaa97c7b vn="a variant of Win32/TFTPD32.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll"
sh=BE80764F4BFE7F82249BF79FD6D518ED8AF3463D ft=1 fh=0da9394ebaa97c7b vn="a variant of Win32/TFTPD32.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe"
sh=10903598F769E2AC5F1E2372E90F6722A3A860B7 ft=1 fh=89560075533c3d40 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll"
sh=88482528CE4F67A1004B50BA93282CEACCEDE534 ft=1 fh=e40b702402e604d5 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\psmachine.dll"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe"
sh=70D49B9ABA391E6976DAB5C4BEA63733459B3F1C ft=1 fh=0b76a05977e7722a vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe"
sh=F09B9B9B1D16D1539D23CC6ACDE0DC7BC983DF59 ft=1 fh=2dbadf99ca2df2d7 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe"
sh=882681090DD5A8A870CE9C88E50FF27CC3B87329 ft=1 fh=015b93fe230fa0e5 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\Users\Dan\AppData\Local\SaveSense\SaveSenseIE.dll"
sh=E465456F417ACF3A43FE496EA3E186E6B1FBE7C4 ft=1 fh=295bbdbd63d089cd vn="a variant of Win32/DealPly.M potentially unwanted application" ac=I fn="C:\Users\Dan\AppData\Local\SaveSense\SaveSenseUpdateVer.exe"
sh=8E84B3369C409B88BFF2F167495B5BDA08485065 ft=1 fh=cea6bc5b1fc91d53 vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\Users\Dan\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe"
sh=DBF6C9D3962DECB8186BFD1A431D429DE150D631 ft=1 fh=42df3605a85e961b vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Users\Dan\Downloads\bitcoin-0.8.6-win32-setup.exe"
sh=B015CD880F99C7E4414D07BEFAFE01531063F280 ft=1 fh=c1d337c879126ade vn="a variant of Win32/TFTPD32.A potentially unsafe application" ac=I fn="C:\Users\Dan\Downloads\tb_free.exe"
sh=CA8B0F54D3B40B782FED81E8A8AE85E6E3411850 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\ProgramData\RogueKiller\Quarantine\23EE73658106D86F.reg"
sh=97A64816F208E4ABDE4FE430387E4353C2A2D271 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\ProgramData\RogueKiller\Quarantine\4C1638FE1AB09F6A.reg"
sh=11396635F028BED6E80CBFB5CAC5D4354C9F06F8 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\ProgramData\RogueKiller\Quarantine\BF3801384E8A4BDA.reg"
sh=11396635F028BED6E80CBFB5CAC5D4354C9F06F8 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\ProgramData\RogueKiller\Quarantine\CBCB7567F0A93078.reg"
sh=F9C6174CC1B7394BC96B1C2915FA78BD8F3DCB91 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\ProgramData\RogueKiller\Quarantine\F97886B15E3CA354.reg"
sh=CA8B0F54D3B40B782FED81E8A8AE85E6E3411850 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\Users\All Users\RogueKiller\Quarantine\23EE73658106D86F.reg"
sh=97A64816F208E4ABDE4FE430387E4353C2A2D271 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\Users\All Users\RogueKiller\Quarantine\4C1638FE1AB09F6A.reg"
sh=11396635F028BED6E80CBFB5CAC5D4354C9F06F8 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\Users\All Users\RogueKiller\Quarantine\BF3801384E8A4BDA.reg"
sh=11396635F028BED6E80CBFB5CAC5D4354C9F06F8 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\Users\All Users\RogueKiller\Quarantine\CBCB7567F0A93078.reg"
sh=F9C6174CC1B7394BC96B1C2915FA78BD8F3DCB91 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\Users\All Users\RogueKiller\Quarantine\F97886B15E3CA354.reg"
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8cf3948dd2148147878f17bfe3d82c34
# engine=21260
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-25 07:38:27
# local_time=2014-11-25 02:38:27 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 0 39816701 0 0
# scanned=288295
# found=30
# cleaned=0
# scan_time=8298
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2759077170-2881541920-2421041487-1000\$RE8LHNN\Update\SaveSenseLive.exe"
sh=10903598F769E2AC5F1E2372E90F6722A3A860B7 ft=1 fh=89560075533c3d40 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2759077170-2881541920-2421041487-1000\$RE8LHNN\Update\1.3.23.0\npGoogleUpdate3.dll"
sh=88482528CE4F67A1004B50BA93282CEACCEDE534 ft=1 fh=e40b702402e604d5 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2759077170-2881541920-2421041487-1000\$RE8LHNN\Update\1.3.23.0\psmachine.dll"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2759077170-2881541920-2421041487-1000\$RE8LHNN\Update\1.3.23.0\SaveSenseLive.exe"
sh=70D49B9ABA391E6976DAB5C4BEA63733459B3F1C ft=1 fh=0b76a05977e7722a vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2759077170-2881541920-2421041487-1000\$RE8LHNN\Update\1.3.23.0\SaveSenseLiveBroker.exe"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2759077170-2881541920-2421041487-1000\$RE8LHNN\Update\1.3.23.0\SaveSenseLiveHandler.exe"
sh=F09B9B9B1D16D1539D23CC6ACDE0DC7BC983DF59 ft=1 fh=2dbadf99ca2df2d7 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2759077170-2881541920-2421041487-1000\$RE8LHNN\Update\1.3.23.0\SaveSenseLiveOnDemand.exe"
sh=6B4F3E6EB3AAE1D1E9250E006C1EA18854A5BDED ft=1 fh=03f7934c7f4ba60d vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe"
sh=7EB8BEEC49636AAE2BD754EB51A31BDC8516E721 ft=1 fh=6a73ba54031a6efe vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe"
sh=BE80764F4BFE7F82249BF79FD6D518ED8AF3463D ft=1 fh=0da9394ebaa97c7b vn="a variant of Win32/TFTPD32.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll"
sh=BE80764F4BFE7F82249BF79FD6D518ED8AF3463D ft=1 fh=0da9394ebaa97c7b vn="a variant of Win32/TFTPD32.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll"
sh=882681090DD5A8A870CE9C88E50FF27CC3B87329 ft=1 fh=015b93fe230fa0e5 vn="Win32/SaveSense.A potentially unwanted application" ac=I fn="C:\Users\Dan\AppData\Local\SaveSense\SaveSenseIE.dll"
sh=E465456F417ACF3A43FE496EA3E186E6B1FBE7C4 ft=1 fh=295bbdbd63d089cd vn="a variant of Win32/DealPly.M potentially unwanted application" ac=I fn="C:\Users\Dan\AppData\Local\SaveSense\SaveSenseUpdateVer.exe"
sh=8E84B3369C409B88BFF2F167495B5BDA08485065 ft=1 fh=cea6bc5b1fc91d53 vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\Users\Dan\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe"
sh=DBF6C9D3962DECB8186BFD1A431D429DE150D631 ft=1 fh=42df3605a85e961b vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Users\Dan\Downloads\bitcoin-0.8.6-win32-setup.exe"
sh=B015CD880F99C7E4414D07BEFAFE01531063F280 ft=1 fh=c1d337c879126ade vn="a variant of Win32/TFTPD32.A potentially unsafe application" ac=I fn="C:\Users\Dan\Downloads\tb_free.exe"
sh=CA8B0F54D3B40B782FED81E8A8AE85E6E3411850 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\ProgramData\RogueKiller\Quarantine\23EE73658106D86F.reg"
sh=97A64816F208E4ABDE4FE430387E4353C2A2D271 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\ProgramData\RogueKiller\Quarantine\4C1638FE1AB09F6A.reg"
sh=11396635F028BED6E80CBFB5CAC5D4354C9F06F8 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\ProgramData\RogueKiller\Quarantine\BF3801384E8A4BDA.reg"
sh=11396635F028BED6E80CBFB5CAC5D4354C9F06F8 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\ProgramData\RogueKiller\Quarantine\CBCB7567F0A93078.reg"
sh=F9C6174CC1B7394BC96B1C2915FA78BD8F3DCB91 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\ProgramData\RogueKiller\Quarantine\F97886B15E3CA354.reg"
sh=CA8B0F54D3B40B782FED81E8A8AE85E6E3411850 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\Users\All Users\RogueKiller\Quarantine\23EE73658106D86F.reg"
sh=97A64816F208E4ABDE4FE430387E4353C2A2D271 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\Users\All Users\RogueKiller\Quarantine\4C1638FE1AB09F6A.reg"
sh=11396635F028BED6E80CBFB5CAC5D4354C9F06F8 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\Users\All Users\RogueKiller\Quarantine\BF3801384E8A4BDA.reg"
sh=11396635F028BED6E80CBFB5CAC5D4354C9F06F8 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\Users\All Users\RogueKiller\Quarantine\CBCB7567F0A93078.reg"
sh=F9C6174CC1B7394BC96B1C2915FA78BD8F3DCB91 ft=0 fh=0000000000000000 vn="Win32/Poweliks.C trojan" ac=I fn="D:\Users\All Users\RogueKiller\Quarantine\F97886B15E3CA354.reg"



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 PM

Posted 26 November 2014 - 04:30 AM

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users