Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have something using bandwidth constantly and I cant find it


  • This topic is locked This topic is locked
18 replies to this topic

#1 18rmiller

18rmiller

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 14 November 2014 - 04:21 PM

I downloaded Netbalancer and the process comes up as "service Traffic". It is a small amount but it constantly uploads and downloads data. It happens while not even having a browser open and without performing any kind of task on the PC. Have done several scans and nothing is being found. What can I do?

 

Windows 7 64 bit

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 20 November 2014 - 09:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556151 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 18rmiller

18rmiller
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 20 November 2014 - 07:28 PM

I do still need help. In addition to the problem stated above, I looked at the process with Windows Resourse Monitor and it list that process as svshost.exe (NetworkService) I do not have the Windows CD

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:54 PM

Posted 21 November 2014 - 09:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Download Malwarebytes' Anti-Malware from Here
 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
  • POST THE LOG FOR MY REVIEW.
     
    Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.
    ===
     
    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.


    #5 18rmiller

    18rmiller
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:08:54 PM

    Posted 21 November 2014 - 09:28 PM

     

    Hello, Welcome to BleepingComputer.
    I'm nasdaq and will be helping you.
     
    If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
    ===
     
    Download Malwarebytes' Anti-Malware from Here
     
    Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
    •  
    • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
    • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
    • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
    • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
    • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
    • The scan may take some time to finish,so please be patient.
    • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
    • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
    • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
     
    POST THE LOG FOR MY REVIEW.
     
    Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.
    ===

     

     

     

    I already have MBAM pro but I dont have the detections and protection thing or scan for rootkits?

     

    Never mind. I downloaded the version from the link and its different for some reason. Do you know why?

     

    Scanning now


    Edited by 18rmiller, 21 November 2014 - 09:33 PM.


    #6 18rmiller

    18rmiller
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:08:54 PM

    Posted 21 November 2014 - 10:32 PM

    MBAM scan

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/21/2014
    Scan Time: 9:31:44 PM
    Logfile: mbamscan141121.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.22.02
    Rootkit Database: v2014.11.21.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Rodney

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 416585
    Time Elapsed: 17 min, 45 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    PUP.Optional.RocketTab.A, HKU\S-1-5-21-2204052819-887068423-1664883573-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, , [35366fcf4e2ed85e0507d274db283dc3],
    PUP.Optional.SevereWeatherAlerts.A, HKU\S-1-5-21-2204052819-887068423-1664883573-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SevereWeatherAlerts.exe, , [dc8f4bf3abd1b28476ae6145b1536e92],
    PUP.Optional.RocketTab.A, HKU\S-1-5-21-2204052819-887068423-1664883573-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS, , [591269d58eee1b1b2e1d971e689c55ab],

    Registry Values: 1
    PUP.Optional.RocketTab.A, HKU\S-1-5-21-2204052819-887068423-1664883573-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, , [591269d58eee1b1b2e1d971e689c55ab]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

     

    ADW scan

     

    # AdwCleaner v4.101 - Report created 21/11/2014 at 22:10:23
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-16.1 [Live]
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Rodney - BROOKE-PC
    # Running from : C:\Users\Rodney\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\Users\Ashlan & Madison\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Ashlan & Madison\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17420


    -\\ Mozilla Firefox v33.1 (x86 en-US)


    -\\ Google Chrome v39.0.2171.65

    [C:\Users\Brooke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [2484 octets] - [11/11/2014 21:38:51]
    AdwCleaner[R1].txt - [913 octets] - [13/11/2014 20:46:11]
    AdwCleaner[R2].txt - [1469 octets] - [21/11/2014 22:00:17]
    AdwCleaner[S0].txt - [2571 octets] - [11/11/2014 21:48:30]
    AdwCleaner[S1].txt - [973 octets] - [13/11/2014 20:49:59]
    AdwCleaner[S2].txt - [1396 octets] - [21/11/2014 22:10:23]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1456 octets] ##########
     

    Farbar scan

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-11-2014
    Ran by Rodney (administrator) on BROOKE-PC on 21-11-2014 22:22:14
    Running from C:\Users\Rodney\Desktop
    Loaded Profile: Rodney (Available profiles: Brooke & Rodney & Ashlan & Madison)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Flux Software LLC) C:\Users\Rodney\AppData\Local\FluxSoftware\Flux\flux.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    (SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
    HKU\S-1-5-21-2204052819-887068423-1664883573-1003\...\Run: [f.lux] => C:\Users\Rodney\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\S-1-5-21-2204052819-887068423-1664883573-1003\...\Run: [NetBalancer] => C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe [1801992 2014-11-12] (SeriousBit)
    HKU\S-1-5-21-2204052819-887068423-1664883573-1003\...\Run: [Google Update] => C:\Users\Rodney\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-28] (Google Inc.)
    BootExecute: autocheck autochk *  BootDefrag.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2204052819-887068423-1664883573-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2204052819-887068423-1664883573-1003\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-2204052819-887068423-1664883573-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x90F3697EC985CF01
    HKU\S-1-5-21-2204052819-887068423-1664883573-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\S-1-5-21-2204052819-887068423-1664883573-1003 -> DefaultScope {390791D8-230C-4CA4-80C8-F927E39A959F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2204052819-887068423-1664883573-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2204052819-887068423-1664883573-1003 -> {390791D8-230C-4CA4-80C8-F927E39A959F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\g8pfvged.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2204052819-887068423-1664883573-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Rodney\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-2204052819-887068423-1664883573-1003: @talk.google.com/O1DPlugin -> C:\Users\Rodney\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-2204052819-887068423-1664883573-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Rodney\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2204052819-887068423-1664883573-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Rodney\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Rodney\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Rodney\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: LastPass - C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\g8pfvged.default\Extensions\support@lastpass.com [2014-11-13]
    FF Extension: YouTube Unblocker - C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\g8pfvged.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-13]
    FF Extension: Imgur Uploader - C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\g8pfvged.default\Extensions\giorgio@gilestro.tk.xpi [2014-11-13]
    FF Extension: YouTube ALL HTML5 - C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\g8pfvged.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2014-11-13]
    FF Extension: Reddit Enhancement Suite - C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\g8pfvged.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-11-13]
    FF Extension: Reddit History - C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\g8pfvged.default\Extensions\reddit-history@ahal.ca.xpi [2014-11-13]
    FF Extension: Download Manager (S3) - C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\g8pfvged.default\Extensions\s3download@statusbar.xpi [2014-11-13]
    FF Extension: Gmail Manager - C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\g8pfvged.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2014-11-20]
    FF Extension: Adblock Plus - C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\g8pfvged.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-13]

    Chrome:
    =======
    CHR Profile: C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-21]
    CHR Extension: (Google Drive) - C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-21]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
    CHR Extension: (YouTube) - C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-21]
    CHR Extension: (Pushbullet) - C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-08-28]
    CHR Extension: (Google Search) - C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-21]
    CHR Extension: (Google Wallet) - C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-21]
    CHR Extension: (Gmail) - C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-21]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R3 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [129288 2014-11-12] (SeriousBit)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-10-22] (RaMMicHaeL)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-02] (Glarysoft Ltd)
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-15] (Glarysoft Ltd)
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [41392 2013-11-25] (SeriousBit)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-21 22:22 - 2014-11-21 22:22 - 00018285 _____ () C:\Users\Rodney\Desktop\FRST.txt
    2014-11-21 22:20 - 2014-11-21 22:20 - 02117632 _____ (Farbar) C:\Users\Rodney\Desktop\FRST64.exe
    2014-11-21 22:17 - 2014-11-21 22:19 - 00000000 ____D () C:\Users\Rodney\Downloads\FRST-OlderVersion
    2014-11-21 22:12 - 2014-11-21 22:12 - 00001536 _____ () C:\Users\Rodney\Desktop\AdwCleaner[S2].txt
    2014-11-21 21:51 - 2014-11-21 21:51 - 00001815 _____ () C:\Users\Rodney\Desktop\mbamscan141121.txt
    2014-11-21 21:30 - 2014-11-21 22:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-21 21:30 - 2014-11-21 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-21 21:29 - 2014-11-21 21:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-21 21:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-21 21:29 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-21 21:29 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-21 21:28 - 2014-11-21 21:29 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Rodney\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-20 19:27 - 2014-11-20 19:27 - 00003064 _____ () C:\Users\Rodney\Desktop\attach.rar
    2014-11-20 19:21 - 2014-11-20 19:21 - 00024295 _____ () C:\Users\Rodney\Desktop\dds.txt
    2014-11-20 19:20 - 2014-11-20 19:20 - 00688992 ____R (Swearware) C:\Users\Rodney\Downloads\dds.com
    2014-11-17 20:50 - 2014-11-21 22:11 - 00004088 _____ () C:\Windows\PFRO.log
    2014-11-17 20:45 - 2014-11-20 19:26 - 00007597 _____ () C:\Users\Rodney\AppData\Local\Resmon.ResmonCfg
    2014-11-17 20:38 - 2014-11-21 22:11 - 00000448 _____ () C:\Windows\setupact.log
    2014-11-17 20:38 - 2014-11-17 20:38 - 00000000 _____ () C:\Windows\setuperr.log
    2014-11-17 20:25 - 2014-11-17 20:25 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-11-17 20:25 - 2014-11-17 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-11-17 20:24 - 2014-11-17 20:25 - 00000000 ____D () C:\Program Files\CCleaner
    2014-11-17 20:21 - 2014-11-17 20:21 - 04977216 _____ (Piriform Ltd) C:\Users\Rodney\Downloads\ccsetup419.exe
    2014-11-17 20:17 - 2014-11-17 20:17 - 00000085 _____ () C:\Windows\wininit.ini
    2014-11-17 20:14 - 2014-11-17 20:14 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
    2014-11-17 20:05 - 2014-11-17 20:15 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-11-17 20:05 - 2014-11-17 20:05 - 11222744 _____ (SurfRight B.V.) C:\Users\Rodney\Downloads\HitmanPro_x64.exe
    2014-11-17 20:04 - 2014-11-17 20:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
    2014-11-17 20:03 - 2014-11-17 20:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-11-17 20:03 - 2014-11-17 20:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-11-17 20:01 - 2014-11-17 20:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Rodney\Downloads\spybot-2.4(1).exe
    2014-11-17 19:45 - 2014-11-15 21:16 - 01707532 _____ (Thisisu) C:\Users\Rodney\Desktop\JRT_NEW.exe
    2014-11-17 19:14 - 2014-11-17 19:16 - 00000648 _____ () C:\Users\Rodney\Downloads\Result.txt
    2014-11-17 19:13 - 2014-11-17 19:13 - 00401920 _____ (Farbar) C:\Users\Rodney\Downloads\MiniToolBox.exe
    2014-11-15 14:58 - 2014-11-15 14:58 - 00029614 _____ () C:\Users\Brooke\Documents\comcast chat3.odt
    2014-11-15 14:57 - 2014-11-15 14:57 - 00033084 _____ () C:\Users\Brooke\Documents\comcast chat2.odt
    2014-11-15 14:57 - 2014-11-15 14:57 - 00022445 _____ () C:\Users\Brooke\Documents\comcast chat1.odt
    2014-11-14 20:01 - 2014-11-14 20:01 - 00000000 __SHD () C:\Users\Brooke\AppData\Local\EmieBrowserModeList
    2014-11-14 18:31 - 2014-11-14 18:31 - 00216133 _____ () C:\Users\Brooke\Desktop\SignatureCard.aspx
    2014-11-14 18:30 - 2014-11-14 18:30 - 00216133 _____ () C:\Users\Brooke\Desktop\Chase SignatureCard.aspx
    2014-11-14 16:26 - 2014-08-29 21:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-11-14 16:26 - 2014-08-29 20:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-11-14 15:32 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-11-14 15:32 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2014-11-13 22:36 - 2014-11-13 22:36 - 01706808 _____ (Thisisu) C:\Users\Rodney\Downloads\JRT.exe
    2014-11-13 22:36 - 2014-11-13 22:36 - 00000000 ____D () C:\Windows\ERUNT
    2014-11-13 21:56 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-11-13 21:56 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2014-11-13 21:55 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-11-13 21:55 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-11-13 21:55 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-11-13 21:55 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-11-13 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-11-13 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-11-13 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-11-13 21:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-11-13 21:55 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-11-13 21:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-11-13 21:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-11-13 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-11-13 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-11-13 21:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-11-13 21:55 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-11-13 21:55 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-11-13 21:55 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-11-13 21:55 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-11-13 21:55 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2014-11-13 21:55 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2014-11-13 21:55 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2014-11-13 21:55 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2014-11-13 21:55 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
    2014-11-13 21:55 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
    2014-11-13 21:55 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
    2014-11-13 21:55 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
    2014-11-13 21:55 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
    2014-11-13 21:55 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
    2014-11-13 21:55 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
    2014-11-13 21:55 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
    2014-11-13 21:55 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
    2014-11-13 21:55 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
    2014-11-13 21:55 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
    2014-11-13 21:55 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
    2014-11-13 21:55 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
    2014-11-13 21:55 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
    2014-11-13 21:55 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
    2014-11-13 21:55 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
    2014-11-13 21:55 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
    2014-11-13 21:55 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
    2014-11-13 21:55 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
    2014-11-13 21:55 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
    2014-11-13 21:55 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2014-11-13 21:55 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
    2014-11-13 21:55 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
    2014-11-13 21:55 - 2011-03-11 01:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
    2014-11-13 21:55 - 2011-03-11 01:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
    2014-11-13 21:55 - 2011-03-11 01:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
    2014-11-13 21:55 - 2011-03-11 01:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
    2014-11-13 21:55 - 2011-03-11 01:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
    2014-11-13 21:55 - 2011-03-11 01:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
    2014-11-13 21:55 - 2011-03-11 01:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
    2014-11-13 21:55 - 2011-03-11 00:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
    2014-11-13 21:55 - 2011-03-11 00:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
    2014-11-13 21:55 - 2011-03-10 23:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2014-11-13 21:54 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-13 21:54 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-11-13 21:54 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-11-13 21:54 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-11-13 21:54 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-11-13 21:54 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2014-11-13 21:54 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2014-11-13 21:54 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2014-11-13 21:54 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2014-11-13 21:54 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2014-11-13 21:54 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2014-11-13 21:54 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
    2014-11-13 21:54 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
    2014-11-13 21:54 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2014-11-13 21:54 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2014-11-13 21:54 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2014-11-13 21:54 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2014-11-13 21:54 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2014-11-13 21:54 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
    2014-11-13 21:52 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-11-13 21:52 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-11-13 21:51 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2014-11-13 21:41 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2014-11-13 21:41 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-11-13 21:41 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-11-13 21:41 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2014-11-13 21:41 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2014-11-13 21:41 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-11-13 21:41 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-11-13 21:41 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-11-13 21:41 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-11-13 21:41 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-11-13 21:41 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2014-11-13 21:41 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2014-11-13 21:41 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-11-13 21:41 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-11-13 21:41 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-11-13 21:41 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-11-13 21:40 - 2012-12-07 08:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
    2014-11-13 21:40 - 2012-12-07 08:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
    2014-11-13 21:40 - 2012-12-07 07:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2014-11-13 21:40 - 2012-12-07 07:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
    2014-11-13 21:40 - 2012-12-07 06:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
    2014-11-13 21:40 - 2012-12-07 06:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
    2014-11-13 21:40 - 2012-12-07 06:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
    2014-11-13 21:40 - 2012-12-07 06:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
    2014-11-13 21:40 - 2012-12-07 06:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
    2014-11-13 21:40 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
    2014-11-13 21:40 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
    2014-11-13 21:40 - 2012-12-07 06:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
    2014-11-13 21:40 - 2012-12-07 06:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
    2014-11-13 21:40 - 2012-12-07 06:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
    2014-11-13 21:40 - 2012-12-07 06:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
    2014-11-13 21:40 - 2012-12-07 06:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
    2014-11-13 21:40 - 2012-12-07 06:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
    2014-11-13 21:40 - 2012-12-07 06:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
    2014-11-13 21:40 - 2012-12-07 05:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
    2014-11-13 21:40 - 2012-10-09 13:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
    2014-11-13 21:40 - 2012-10-09 13:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
    2014-11-13 21:40 - 2012-10-09 12:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2014-11-13 21:40 - 2012-10-09 12:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2014-11-13 21:39 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
    2014-11-13 21:39 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
    2014-11-13 21:38 - 2013-01-24 01:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
    2014-11-13 21:27 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2014-11-13 21:27 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2014-11-13 21:27 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
    2014-11-13 21:27 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2014-11-13 21:27 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2014-11-13 21:26 - 2012-10-03 12:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2014-11-13 21:26 - 2012-10-03 12:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
    2014-11-13 21:26 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2014-11-13 21:26 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2014-11-13 21:26 - 2012-10-03 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
    2014-11-13 21:26 - 2012-10-03 12:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
    2014-11-13 21:26 - 2012-10-03 11:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2014-11-13 21:26 - 2012-10-03 11:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2014-11-13 21:26 - 2012-10-03 11:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2014-11-13 21:26 - 2012-10-03 11:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2014-11-13 21:26 - 2012-08-22 13:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2014-11-13 21:26 - 2012-07-04 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
    2014-11-13 21:26 - 2012-05-01 00:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2014-11-13 21:26 - 2012-01-13 02:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2014-11-13 21:26 - 2012-01-04 05:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
    2014-11-13 21:26 - 2012-01-04 03:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
    2014-11-13 21:26 - 2011-12-30 01:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
    2014-11-13 21:26 - 2011-12-30 00:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
    2014-11-13 21:25 - 2012-08-21 16:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
    2014-11-13 21:05 - 2014-11-13 21:05 - 00000000 ____D () C:\Program Files\LSI SoftModem
    2014-11-13 21:04 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
    2014-11-13 21:04 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
    2014-11-13 21:04 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
    2014-11-13 21:04 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
    2014-11-13 21:04 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
    2014-11-13 21:04 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
    2014-11-13 21:04 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
    2014-11-13 21:04 - 2012-06-02 09:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2014-11-13 21:04 - 2011-05-04 00:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2014-11-13 21:04 - 2011-05-04 00:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2014-11-13 21:04 - 2011-05-04 00:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2014-11-13 21:03 - 2011-06-16 00:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
    2014-11-13 21:03 - 2011-06-15 23:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
    2014-11-13 21:03 - 2011-05-04 00:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2014-11-13 21:03 - 2011-05-04 00:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2014-11-13 21:03 - 2011-05-04 00:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2014-11-13 21:03 - 2011-05-04 00:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2014-11-13 21:03 - 2011-05-04 00:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2014-11-13 21:03 - 2011-05-04 00:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2014-11-13 21:03 - 2011-05-03 23:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2014-11-13 21:03 - 2011-05-03 23:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2014-11-13 21:03 - 2011-05-03 23:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2014-11-13 21:03 - 2011-05-03 23:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2014-11-13 21:03 - 2011-05-03 23:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2014-11-13 21:03 - 2011-05-03 23:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
    2014-11-13 21:03 - 2011-05-03 23:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2014-11-13 21:03 - 2011-05-03 23:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2014-11-13 21:03 - 2011-05-03 23:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2014-11-13 21:03 - 2011-02-18 05:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
    2014-11-13 21:03 - 2011-02-18 00:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
    2014-11-13 20:25 - 2014-11-13 20:25 - 00001508 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
    2014-11-13 20:24 - 2014-11-13 20:25 - 00000000 ____D () C:\ProgramData\Citrix
    2014-11-13 20:21 - 2014-11-13 20:22 - 53860688 _____ (Citrix Systems, Inc.) C:\Users\Rodney\Downloads\CitrixReceiver.exe
    2014-11-13 20:20 - 2014-11-13 20:20 - 05096528 _____ (SeriousBit ) C:\Users\Rodney\Downloads\NetBalancerSetup(1).exe
    2014-11-13 20:20 - 2014-11-13 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBalancer
    2014-11-13 20:00 - 2014-11-13 20:00 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-11-13 19:21 - 2014-11-13 19:21 - 00023353 _____ () C:\ComboFix.txt
    2014-11-13 19:06 - 2014-11-13 19:06 - 05597734 ____R (Swearware) C:\Users\Rodney\Desktop\combofix.exe
    2014-11-13 18:55 - 2014-11-13 18:55 - 00380416 _____ () C:\Users\Rodney\Downloads\u1lqey4e.exe
    2014-11-13 18:35 - 2014-11-13 18:36 - 00029692 _____ () C:\Users\Rodney\Desktop\Addition.txt
    2014-11-13 18:33 - 2014-11-21 22:22 - 00000000 ____D () C:\FRST
    2014-11-13 18:20 - 2014-11-13 18:20 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-11-13 18:20 - 2014-11-13 18:20 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-11-13 18:20 - 2014-11-13 18:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-13 18:19 - 2014-11-13 18:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-13 18:18 - 2014-11-13 18:19 - 00244088 _____ () C:\Users\Rodney\Downloads\Firefox Setup Stub 33.1.exe
    2014-11-12 20:11 - 2014-11-12 20:11 - 00000000 __SHD () C:\Users\Rodney\AppData\Local\EmieBrowserModeList
    2014-11-11 21:36 - 2014-11-21 22:10 - 00000000 ____D () C:\AdwCleaner
    2014-11-11 21:35 - 2014-11-11 21:35 - 02140160 _____ () C:\Users\Rodney\Downloads\AdwCleaner.exe
    2014-11-11 21:26 - 2014-11-17 19:49 - 00000959 _____ () C:\Users\Public\Desktop\SoftPerfect WiFi Guard.lnk
    2014-11-11 21:26 - 2014-11-11 21:26 - 00000000 ____D () C:\Users\Rodney\AppData\Local\WiFi Guard
    2014-11-11 21:26 - 2014-11-11 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard
    2014-11-11 21:26 - 2014-11-11 21:26 - 00000000 ____D () C:\Program Files\SoftPerfect WiFi Guard
    2014-11-11 21:25 - 2014-11-11 21:25 - 01923360 _____ (SoftPerfect Research ) C:\Users\Rodney\Downloads\wifiguard_windows_setup.exe
    2014-11-11 21:00 - 2014-11-11 21:01 - 00108178 _____ () C:\Users\Rodney\Downloads\cports-x64.zip
    2014-11-11 21:00 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-11-11 21:00 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-11-11 21:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-11-11 21:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-11-11 21:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-11-11 21:00 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-11-11 21:00 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-11-11 21:00 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-11-11 20:59 - 2014-11-13 19:21 - 00000000 ____D () C:\Qoobox
    2014-11-11 20:58 - 2014-11-11 21:12 - 00000000 ____D () C:\Windows\erdnt
    2014-11-11 20:57 - 2014-11-11 20:57 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Rodney\Downloads\rkill.exe
    2014-11-11 20:57 - 2014-11-11 20:57 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Rodney\Downloads\rkill64.exe
    2014-11-11 20:34 - 2014-11-11 20:35 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Rodney\Downloads\Malwarebytes_Anti_Malware_v2.0.3.exe
    2014-11-11 20:34 - 2014-11-11 20:34 - 17334960 _____ (Adobe Systems Incorporated) C:\Users\Rodney\Downloads\Adobe_Flash_Player_(IE)_v15.0.0.189.exe
    2014-11-11 20:24 - 2014-11-11 20:24 - 00000000 ____D () C:\Windows\pss
    2014-11-11 19:52 - 2014-11-11 19:52 - 00013358 _____ () C:\Users\Rodney\Desktop\HijackThis - Shortcut.lnk
    2014-11-11 19:44 - 2014-11-11 19:44 - 00000000 ____D () C:\Users\Rodney\Desktop\Ejuice
    2014-11-11 19:42 - 2014-11-19 15:58 - 00000000 ____D () C:\Users\Rodney\Desktop\Tools
    2014-11-11 19:29 - 2014-11-11 19:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Rodney\Downloads\HijackThis.exe
    2014-11-11 18:07 - 2014-11-11 18:07 - 14668392 _____ () C:\Users\Rodney\Downloads\Glary_Utilities_v5.12.0.25.exe
    2014-11-11 16:04 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-11 16:04 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-11 16:04 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-11 16:04 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-11 16:04 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-11 16:04 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-11 16:04 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-11 16:04 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-11 16:04 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-11 16:03 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-11 16:03 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-11-11 16:03 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-11 16:03 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-11 16:03 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-11 16:03 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-11 16:03 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-11 16:03 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-11 16:03 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-11 16:03 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-11 16:03 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-11 16:03 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-11 16:03 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-11 16:03 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-11 16:03 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-11 16:03 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-11 16:03 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-11-11 16:03 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-11 16:03 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-11 16:03 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-11 16:03 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-11-11 16:03 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-11-11 16:03 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-11-11 16:03 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-11-11 16:03 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-11-11 16:03 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-11 16:03 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-11-11 16:03 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-11-11 16:03 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-11-11 16:03 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-11 16:03 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-11-11 16:03 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-11 16:03 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-11-11 16:03 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-11-11 16:03 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-11 16:03 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-11-11 16:03 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-11 16:03 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-11 16:03 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-11 16:03 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-11 16:03 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-11 16:03 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-11-11 16:03 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-11-11 16:03 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-11-11 16:03 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-11 16:03 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-11-11 16:03 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-11-11 16:03 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-11-11 16:03 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-11-11 16:03 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-11 16:03 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-11 16:03 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-11-11 16:03 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-11 16:03 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-11-11 16:03 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-11-11 16:03 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-11-11 16:03 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-11 16:03 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-11 16:03 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-11 16:03 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-11 16:03 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-11 16:03 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-11 16:03 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-11 16:03 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-11 16:03 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-11 16:03 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-11 16:03 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-11 16:03 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-11 16:03 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-11 16:03 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-11 16:02 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-11 16:02 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-11 16:02 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-11 16:02 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-11 16:02 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-11 16:02 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-11 16:02 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-11 16:02 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-11 16:02 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-11 16:02 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-11 16:02 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-11 16:02 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-11 16:02 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-11 16:02 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-11 16:02 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-11 16:02 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-11 16:02 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-11 16:02 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-11 16:02 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-11 15:50 - 2014-11-11 15:50 - 00022519 _____ () C:\Users\Brooke\Documents\comcast chat.odt
    2014-11-07 21:22 - 2014-11-07 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
    2014-11-07 16:31 - 2014-11-07 19:43 - 06588560 _____ (TeamViewer GmbH) C:\Users\Rodney\Downloads\TeamViewer_v9.0.32494.exe
    2014-11-07 16:30 - 2014-11-07 19:43 - 41353016 _____ (Dropbox, Inc.) C:\Users\Rodney\Downloads\Dropbox_v2.10.45.exe
    2014-11-07 16:30 - 2014-11-07 19:43 - 36440240 _____ () C:\Users\Rodney\Downloads\Mozilla_Firefox_v33.0.3.exe
    2014-11-07 16:30 - 2014-11-07 19:43 - 15204184 _____ (Ventis Media Inc. ) C:\Users\Rodney\Downloads\MediaMonkey_v4.1.5.1719.exe
    2014-11-07 16:30 - 2014-11-07 19:43 - 14661216 _____ () C:\Users\Rodney\Downloads\Glary_Utilities_v5.11.0.23.exe
    2014-11-07 16:30 - 2014-11-07 19:43 - 02705808 _____ () C:\Users\Rodney\Downloads\Mp3tag_v2.65a.exe
    2014-11-06 22:03 - 2014-11-06 22:03 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Rodney\Downloads\rkill.scr
    2014-11-06 21:52 - 2014-11-06 21:52 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Rodney\Downloads\tdsskiller.exe
    2014-11-06 21:39 - 2014-11-06 21:39 - 00000000 ____D () C:\ProgramData\SeriousBit
    2014-11-06 21:38 - 2014-11-13 20:20 - 00000000 ____D () C:\Program Files\NetBalancer
    2014-11-06 21:38 - 2013-11-25 09:28 - 00041392 _____ (SeriousBit) C:\Windows\system32\Drivers\nbdrv.sys
    2014-11-06 21:37 - 2014-11-06 21:37 - 05095048 _____ (SeriousBit ) C:\Users\Rodney\Downloads\NetBalancerSetup.exe
    2014-11-06 21:24 - 2014-11-06 21:24 - 04181904 _____ (Softperfect Research ) C:\Users\Rodney\Downloads\networx_setup.exe
    2014-11-05 15:28 - 2014-11-05 15:28 - 00880272 _____ (Google Inc.) C:\Users\Rodney\Downloads\GoogleVoiceAndVideoSetup.exe
    2014-10-24 15:01 - 2014-10-24 15:01 - 00000000 ____D () C:\Users\Rodney\AppData\Local\FileMaintenance
    2014-10-22 23:14 - 2014-10-22 23:14 - 00000000 ____D () C:\Users\Rodney\AppData\Local\EJuiceCalculator
    2014-10-22 22:29 - 2014-11-20 18:39 - 00000000 ____D () C:\Users\Rodney\Documents\JuiceCalculator
    2014-10-22 22:29 - 2014-10-22 23:15 - 00000000 ____D () C:\Users\Rodney\AppData\Roaming\JuiceCalculator
    2014-10-22 22:29 - 2014-10-22 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JuiceCalculator
    2014-10-22 22:29 - 2014-10-22 22:29 - 00000000 ____D () C:\Program Files (x86)\EJuiceCalculator
    2014-10-22 22:28 - 2014-10-22 22:28 - 09069998 _____ () C:\Users\Rodney\Downloads\setup_V4.0.3.5.zip
    2014-10-22 16:44 - 2014-10-22 16:44 - 04557201 _____ () C:\Users\Rodney\Downloads\ejuicemeup.zip

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-21 22:18 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-21 22:18 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-21 22:15 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-21 22:14 - 2014-06-11 20:56 - 01647288 _____ () C:\Windows\WindowsUpdate.log
    2014-11-21 22:13 - 2014-06-13 16:06 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
    2014-11-21 22:12 - 2014-06-13 16:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-21 22:12 - 2014-06-13 16:06 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
    2014-11-21 22:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-21 22:04 - 2014-08-28 18:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-21 21:57 - 2014-06-13 16:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-21 21:49 - 2014-08-28 20:44 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204052819-887068423-1664883573-1003UA.job
    2014-11-21 21:30 - 2014-06-13 16:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-21 21:02 - 2014-06-13 16:58 - 00000000 ____D () C:\Users\Rodney\Desktop\work timesheets
    2014-11-20 21:08 - 2014-08-30 20:34 - 00000000 ____D () C:\Users\Rodney\AppData\Roaming\MediaMonkey
    2014-11-20 18:13 - 2014-08-28 20:44 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204052819-887068423-1664883573-1003Core.job
    2014-11-17 21:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-11-17 20:50 - 2014-06-13 16:06 - 00000000 ____D () C:\Users\Rodney\AppData\Roaming\DiskDefrag
    2014-11-17 20:37 - 2009-07-14 00:08 - 00020432 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-11-17 20:25 - 2014-06-15 08:58 - 00000000 ____D () C:\Windows\Minidump
    2014-11-17 20:25 - 2014-06-11 21:53 - 00000000 ____D () C:\Windows\Panther
    2014-11-17 19:55 - 2014-06-18 11:31 - 00000000 ___RD () C:\Users\Ashlan & Madison\Google Drive
    2014-11-17 19:54 - 2014-06-13 16:05 - 00000000 ____D () C:\Users\Rodney\AppData\Local\Google
    2014-11-17 19:09 - 2014-06-18 11:26 - 00000000 ____D () C:\Users\Ashlan & Madison\AppData\Local\Google
    2014-11-17 17:27 - 2014-07-12 15:19 - 00000000 ____D () C:\Users\Ashlan & Madison\AppData\Local\Citrix
    2014-11-17 17:27 - 2014-06-18 11:27 - 00064416 _____ () C:\Users\Ashlan & Madison\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-14 17:50 - 2014-07-09 20:59 - 00000000 ____D () C:\Users\Brooke\AppData\Local\Citrix
    2014-11-14 17:50 - 2014-06-15 08:59 - 00064416 _____ () C:\Users\Brooke\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-14 15:54 - 2009-07-13 23:45 - 00296360 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-13 23:44 - 2014-08-28 20:44 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2204052819-887068423-1664883573-1003UA
    2014-11-13 23:44 - 2014-08-28 20:44 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2204052819-887068423-1664883573-1003Core
    2014-11-13 23:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-13 22:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-11-13 22:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-11-13 21:47 - 2014-06-13 16:07 - 00064416 _____ () C:\Users\Rodney\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-13 21:33 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-11-13 21:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-11-13 20:25 - 2014-07-10 18:20 - 00000000 ____D () C:\Users\Rodney\AppData\Local\Citrix
    2014-11-13 20:25 - 2014-07-09 20:59 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2014-11-13 19:18 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
    2014-11-13 18:17 - 2014-08-28 18:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-13 18:17 - 2014-06-11 19:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-11-13 18:17 - 2014-06-11 19:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-13 17:52 - 2014-06-13 16:07 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-13 17:52 - 2014-06-13 16:07 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-12 03:08 - 2014-06-16 11:37 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-12 03:01 - 2014-06-16 11:37 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-11 21:14 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
    2014-11-11 20:25 - 2014-10-15 17:12 - 00000000 ___RD () C:\Users\Rodney\Dropbox
    2014-11-11 20:25 - 2014-07-01 18:33 - 00000000 ____D () C:\Users\Brooke\AppData\Roaming\Everything
    2014-11-11 18:08 - 2014-06-13 16:06 - 00002976 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
    2014-11-11 18:08 - 2014-06-13 16:06 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
    2014-11-11 18:08 - 2014-06-13 16:06 - 00001092 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    2014-11-11 18:07 - 2014-06-11 18:06 - 00000000 ____D () C:\Users\Rodney\AppData\Roaming\Mozilla
    2014-11-11 18:06 - 2014-10-15 16:55 - 00000000 ____D () C:\Users\Rodney\AppData\Roaming\Dropbox
    2014-11-07 21:42 - 2014-09-11 14:30 - 00000000 ____D () C:\ProgramData\Unchecky
    2014-11-07 21:41 - 2014-08-30 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
    2014-11-07 21:41 - 2014-08-30 20:33 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
    2014-11-07 21:23 - 2014-10-15 17:12 - 00001021 _____ () C:\Users\Rodney\Desktop\Dropbox.lnk
    2014-11-07 21:23 - 2014-10-15 16:57 - 00000000 ____D () C:\Users\Rodney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-11-07 21:22 - 2014-08-11 18:36 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
    2014-11-07 21:22 - 2014-06-13 16:05 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
    2014-11-06 21:36 - 2014-06-24 20:34 - 00000000 ____D () C:\Users\Ashlan & Madison\AppData\Roaming\Everything
    2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-25 21:02 - 2014-08-16 09:02 - 00000000 ____D () C:\ProgramData\PMS
    2014-10-22 22:28 - 2014-09-19 14:22 - 00000000 ____D () C:\Users\Rodney\AppData\Local\Downloaded Installations

    Some content of TEMP:
    ====================
    C:\Users\Rodney\AppData\Local\Temp\Quarantine.exe
    C:\Users\Rodney\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-15 03:00

    ==================== End Of Log ============================



    #7 nasdaq

    nasdaq

    • Malware Response Team
    • 38,936 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:09:54 PM

    Posted 22 November 2014 - 11:47 AM

     
    Nothing suspicious was found on your log.
    I would remove Netbalancer using the Add/Remove Program applet.
    If some issues are still present please let me know.
    ===
     
     
    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
     
    SearchScopes: HKU\S-1-5-21-2204052819-887068423-1664883573-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
     
    End
    
    Save the files as fixlist.txt into the same folder as FRST
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log Fixlog.txt please post it to your reply.
    ===
     
    Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
     
    How is the computer running now?
     
    ======
    ===


    #8 18rmiller

    18rmiller
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:08:54 PM

    Posted 23 November 2014 - 02:28 PM

    what did the fix-list do?

     

    do you know why my copy of MBAM didn't have the detections and protections thing? I bought the physical PRO CD from them

     

    Fixlist

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014
    Ran by Rodney at 2014-11-23 13:47:08 Run:1
    Running from C:\Users\Rodney\Desktop
    Loaded Profiles: Brooke & Rodney & Ashlan & Madison (Available profiles: Brooke & Rodney & Ashlan & Madison)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
     
    SearchScopes: HKU\S-1-5-21-2204052819-887068423-1664883573-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
     
    End
    *****************

    "HKU\S-1-5-21-2204052819-887068423-1664883573-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\ica" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

    ==== End of Fixlog ====

     

    Checkup

     

     Results of screen317's Security Check version 0.99.90  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
    Microsoft Security Essentials   
     Antivirus up to date!  
    `````````Anti-malware/Other Utilities Check:`````````
     Java 8 Update 25  
     Java version out of Date!
     Adobe Flash Player 15.0.0.223  
     Mozilla Firefox (33.1)
     Google Chrome (38.0.2125.122)
     Google Chrome (39.0.2171.65)
     Google Chrome (chrome.exe..)
    ````````Process Check: objlist.exe by Laurent````````  
     Microsoft Security Essentials MSMpEng.exe
     Microsoft Security Essentials msseces.exe
     Malwarebytes Anti-Malware mbamservice.exe  
     Malwarebytes Anti-Malware mbam.exe  
     Malwarebytes Anti-Malware mbamscheduler.exe   
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     


    Edited by 18rmiller, 23 November 2014 - 02:30 PM.


    #9 nasdaq

    nasdaq

    • Malware Response Team
    • 38,936 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:09:54 PM

    Posted 24 November 2014 - 07:45 AM

    what did the fix-list do?
    Just a clean up of the empty registry keys.
     
    ===
     

    Java 8 Update 25  
     Java version out of Date!
    You have the latest version for your 64 bit system.
     
    ===
     

    do you know why my copy of MBAM didn't have the detections and protections thing? I bought the physical PRO CD from them
    No.
     
    Check with them if it happens again.
     
    ===
     
    If all is well.
     
    To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
    ===


    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 38,936 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:09:54 PM

    Posted 30 November 2014 - 10:09 AM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

    #11 nasdaq

    nasdaq

    • Malware Response Team
    • 38,936 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:09:54 PM

    Posted 03 December 2014 - 09:46 AM

    This topic has been re-opened at the request of the person who originally posted.

    #12 18rmiller

    18rmiller
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:08:54 PM

    Posted 08 December 2014 - 06:43 PM

    This topic has been re-opened at the request of the person who originally posted.

    Im still seeing continuous bandwidth usage even after following all the steps provided



    #13 nasdaq

    nasdaq

    • Malware Response Team
    • 38,936 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:09:54 PM

    Posted 09 December 2014 - 08:51 AM


    Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

    at the cursor type:
    ipconfig /flushdns <-- (A space between g and / is needed)

    ipconfig /release

    repeat with
    ipconfig /renew

    Then hit Enter, type Exit, hit the Enter key.

    You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
    http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
    <<<>>>

    If the problem persists run this tool.


    --RogueKiller--
    • Download & SAVE to your Desktop For 32bit system or For 64bit system
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
    =======

    #14 18rmiller

    18rmiller
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:08:54 PM

    Posted 09 December 2014 - 05:38 PM

    If the problem persists run this tool.


    --RogueKiller--

    • Download & SAVE to your Desktop For 32bit system or For 64bit system
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
    =======

     

     

     

     

     

     

     

     

     

    My results after running the scan

     

     

     

     

     

     

    RogueKiller V10.0.9.0 (x64) [Dec  8 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Rodney [Administrator]
    Mode : Delete -- Date : 12/09/2014  17:33:36

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 24 ¤¤¤
    [PUP] (X64) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1004\Software\Microsoft\Windows\CurrentVersion\Run | RocketTab : "C:\Users\Ashlan & Madison\AppData\Local\Search Extensions\Client.exe"  -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1004\Software\Microsoft\Windows\CurrentVersion\Run | RocketTab Update Task : "C:\Users\Ashlan & Madison\AppData\Local\Search Extensions\uninstall.exe" /CheckUpdate=true  -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1004\Software\Microsoft\Windows\CurrentVersion\Run | RocketTab : "C:\Users\Ashlan & Madison\AppData\Local\Search Extensions\Client.exe"  -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1004\Software\Microsoft\Windows\CurrentVersion\Run | RocketTab Update Task : "C:\Users\Ashlan & Madison\AppData\Local\Search Extensions\uninstall.exe" /CheckUpdate=true  -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
    [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1003\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1003\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
    [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
    [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1003\Software\Microsoft\Internet Explorer\Main | Search Page :
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1003\Software\Microsoft\Internet Explorer\Main | Search Page :
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2204052819-887068423-1664883573-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 34 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

    ¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
    [Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\yk62x64.sys)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD6400AAKS-22A7B0 ATA Device +++++
    --- User ---
    [MBR] d31b464b08d53b9a1481a6f635696c9e
    [BSP] 709d96ce5b9368214caaf3be347d884e : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: IOI CF/M icroDrive Disk.. USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: IOI SM/x D-Picture Disk.. USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: IOI SD/M MC Disk ... USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: IOI MS/M sPro Disk ... USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive5: Canon MP620 series USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_12092014_171615.log


    Edited by 18rmiller, 09 December 2014 - 05:38 PM.


    #15 nasdaq

    nasdaq

    • Malware Response Team
    • 38,936 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:09:54 PM

    Posted 10 December 2014 - 07:50 AM

    Please run the Malwarebyte tool and fix/delete everyting that his identified.

    ===

    If the problem continues please execute the followoing.

    Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

    at the cursor type:
    ipconfig /flushdns <-- (A space between g and / is needed)

    ipconfig /release

    repeat with
    ipconfig /renew

    Then hit Enter, type Exit, hit the Enter key.

    You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
    http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
    <<<>>>

    Keep me posted.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users