Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware changes proxy settings


  • This topic is locked This topic is locked
17 replies to this topic

#1 ohnowatdoihave

ohnowatdoihave

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 20 November 2014 - 10:30 AM

Hi, something keeps changing my proxy settings.  [Attach.txt was too big so I zipped it.]

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.18631
Run by Laurie at 10:18:51 on 2014-11-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16355.13846 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Users\Laurie\Desktop\utils\AudioSwitcher (win7 output switcher).exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\misc\locate32\locate32.exe
C:\Program Files (x86)\Brownie\BrStsW64.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [AudioSwitcher] "C:\Users\Laurie\Desktop\utils\AudioSwitcher (win7 output switcher).exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOCATE~1.LNK - C:\Program Files (x86)\misc\locate32\locate32.exe
StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A66B9036-182E-4D6B-8EE6-79A2B77B96A8} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= C:\Windows\Jaksta\AC\x86\jaudcap.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\uhuml4dc.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - file:///N:/my_docs_win7/mystartpg.html
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
FF - ExtSQL: 2014-09-22 10:45; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\sne2qxfz.default-1396983442391\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2014-10-02 10:32; ascsurfingprotection@iobit.com; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\uhuml4dc.default\extensions\ascsurfingprotection@iobit.com
.
---- FIREFOX POLICIES ----
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 appliand;Applian LightWeight Filter;C:\Windows\System32\drivers\appliand.sys [2014-10-4 30304]
R1 klhk;klhk;C:\Windows\System32\drivers\klhk.sys [2014-10-2 243808]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2014-3-25 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-3-26 179296]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-10-2 893216]
R2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [2014-4-20 233552]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-5-21 2135232]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 hcw89;hcw89 service;C:\Windows\System32\drivers\hcw89.sys [2013-3-28 1605760]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2014-10-2 141320]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-3-28 28768]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-8-8 29280]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-2-25 30304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-10-2 2282272]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-2 111616]
S3 jakndis;Jaksta Service;C:\Windows\System32\drivers\jakndis.sys [2014-10-3 32064]
S3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-4-12 32344]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-12 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: TextPad.txt="C:\Program Files (x86)\TextPad 4\TextPad.exe" -s
.
=============== Created Last 30 ================
.
2014-11-20 14:43:05    11632448    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ECB49BD9-3731-4681-94B0-A9B04F4F5F64}\mpengine.dll
2014-11-19 21:31:34    --------    d-----w-    C:\Users\Laurie\AppData\Local\gtk-2.0
2014-11-18 23:33:41    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-18 23:33:41    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-18 23:33:41    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-18 23:33:41    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-17 18:25:55    --------    d-----r-    C:\Users\Laurie\AppData\Roaming\Brother
2014-11-17 18:22:04    --------    d-----w-    C:\Users\Laurie\.thumbnails
2014-11-17 18:19:00    --------    d-----w-    C:\Users\Laurie\AppData\Local\fontconfig
2014-11-17 18:18:59    --------    d-----w-    C:\Users\Laurie\AppData\Local\gegl-0.2
2014-11-17 18:18:59    --------    d-----w-    C:\Users\Laurie\.gimp-2.8
2014-11-17 18:17:13    --------    d-----w-    C:\Program Files\GIMP 2
2014-11-15 23:56:45    539984    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-11-15 09:07:41    2876528    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-11-15 09:07:32    42168    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-11-14 22:52:53    736952    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-11-13 21:44:27    736952    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-11-13 21:44:09    2876528    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-11-13 21:43:59    42168    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-11-13 21:43:56    539984    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-11-13 21:43:17    --------    d-----w-    C:\Program Files\PlayReady
2014-11-13 17:20:39    --------    d-----w-    C:\Users\Laurie\AppData\Local\Comodo
2014-11-13 17:20:37    57096    ----a-w-    C:\Windows\System32\certsentry.dll
2014-11-13 17:20:37    48392    ----a-w-    C:\Windows\SysWow64\certsentry.dll
2014-11-13 17:20:32    --------    d-----w-    C:\Program Files (x86)\Comodo
2014-11-13 17:05:29    48240    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-11-13 17:05:29    220784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-11-12 04:25:59    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-11-12 04:25:59    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-11-06 09:30:20    213    ----a-w-    C:\Program Files (x86)\1N71HG10.bat
2014-11-06 09:24:23    --------    d-----w-    C:\Program Files\CamStudio 2.7
2014-11-01 10:39:17    96272    ----a-w-    C:\Windows\System32\KemXML.dll
2014-11-01 10:39:17    235536    ----a-w-    C:\Windows\System32\KemUtil.dll
2014-11-01 10:39:17    235536    ----a-w-    C:\Windows\System32\kemutb.dll
2014-11-01 10:39:17    190992    ----a-w-    C:\Windows\System32\BtCoreIf.dll
2014-11-01 10:39:17    159248    ----a-w-    C:\Windows\System32\KemWnd.dll
2014-10-24 17:32:23    --------    d-----w-    C:\Users\Laurie\AppData\Roaming\Anvsoft
2014-10-24 17:32:21    --------    d-----w-    C:\Program Files (x86)\AnvSoft
2014-10-24 17:17:48    --------    d-----w-    C:\ProgramData\Auslogics
2014-10-24 16:57:30    --------    d-----w-    C:\Program Files (x86)\Auslogics
2014-10-22 16:26:04    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-10-22 16:26:04    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-10-22 16:25:53    6144    ----a-w-    C:\Program Files\Internet Explorer\iecompat.dll
2014-10-22 16:25:53    6144    ----a-w-    C:\Program Files (x86)\Internet Explorer\iecompat.dll
2014-10-22 16:25:48    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2014-10-22 16:25:48    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2014-10-22 16:25:35    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2014-10-22 16:25:35    859648    ----a-w-    C:\Windows\System32\tdh.dll
2014-10-22 16:25:35    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2014-10-22 16:25:35    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2014-10-22 16:25:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2014-10-22 16:25:35    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2014-10-22 13:01:13    --------    d-----w-    C:\Users\Laurie\AppData\Local\Chromium
2014-10-22 12:34:23    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2014-10-22 12:34:23    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2014-10-22 12:34:23    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
.
==================== Find3M  ====================
.
2014-11-13 17:08:14    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-12 03:01:08    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 03:01:08    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-04 19:30:58    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-25 16:05:52    1188864    ----a-w-    C:\Windows\System32\wininet.dll
2014-10-25 16:04:08    47616    ----a-w-    C:\Windows\System32\mshta.exe
2014-10-25 16:04:00    174592    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-10-25 16:03:41    1538048    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-10-25 15:46:09    981504    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-10-25 15:43:59    50176    ----a-w-    C:\Windows\SysWow64\mshta.exe
2014-10-25 15:43:48    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-10-25 15:43:07    1466368    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-10-25 13:00:26    1638912    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-10-25 12:39:39    1638912    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-09 10:49:23    1294336    ----a-w-    C:\Windows\System32\vorbis.acm
2014-10-08 08:05:04    141320    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2014-10-04 03:04:31    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:26:39    230840    ----a-w-    C:\Windows\System32\drivers\truecrypt.sys
2014-10-02 19:03:11    46592    ------w-    C:\Windows\SysWow64\fpb.rs
2014-10-02 19:03:11    46592    ------w-    C:\Windows\System32\fpb.rs
2014-10-02 19:03:11    45568    ------w-    C:\Windows\SysWow64\oflc-nz.rs
2014-10-02 19:03:11    45568    ------w-    C:\Windows\System32\oflc-nz.rs
2014-10-02 19:03:11    40960    ------w-    C:\Windows\SysWow64\cob-au.rs
2014-10-02 19:03:11    40960    ------w-    C:\Windows\System32\cob-au.rs
2014-10-02 19:03:11    15360    ------w-    C:\Windows\SysWow64\djctq.rs
2014-10-02 19:03:11    15360    ------w-    C:\Windows\System32\djctq.rs
2014-10-02 18:52:51    228864    ------w-    C:\Windows\System32\rdpendp_winip.dll
2014-10-02 18:52:51    192000    ------w-    C:\Windows\SysWow64\rdpendp_winip.dll
2014-10-02 18:44:44    245760    ------w-    C:\Windows\System32\OxpsConverter.exe
2014-10-02 14:48:34    9728    ------w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-01 15:11:26    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-01 15:11:16    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 15:11:12    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-19 09:42:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49    342016    ----a-w-    C:\Windows\System32\schannel.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-09-09 21:29:18    910920    ----a-w-    C:\Windows\System32\drivers\VBoxDrv.sys
2014-09-09 21:27:58    157448    ----a-w-    C:\Windows\System32\drivers\VBoxNetFlt.sys
2014-09-09 21:27:58    142528    ----a-w-    C:\Windows\System32\drivers\VBoxNetAdp.sys
2014-09-09 21:27:54    129168    ----a-w-    C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-09-09 21:26:36    205352    ----a-w-    C:\Windows\System32\VBoxNetFltNobj.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 10:18:59.37 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:07 AM

Posted 20 November 2014 - 06:11 PM

Hi. I'm checking your log now and will reply with instructions soon.

#3 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:07 AM

Posted 20 November 2014 - 08:51 PM

Download Farbar Recovery Scan Tool and save it to your desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

#4 ohnowatdoihave

ohnowatdoihave
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 20 November 2014 - 09:25 PM

Hi, thanks for your help. Here is FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Laurie (administrator) on LPC-W7 on 20-11-2014 21:11:52
Running from C:\Users\Laurie\Downloads
Loaded Profiles: Laurie & UpdatusUser (Available profiles: Laurie & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Forty One Ltd.) C:\Users\Laurie\Desktop\utils\AudioSwitcher (win7 output switcher).exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Dropbox, Inc.) C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\misc\locate32\locate32.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\et.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Internet Scrabble Club) C:\Program Files (x86)\misc\WordBiz\Wordbiz (2nd)\WordBiz.exe
(Helios Software Solutions) C:\Program Files (x86)\TextPad 4\TextPad.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
() C:\Users\Laurie\Desktop\utils\window- keep  on top - always-on-top.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Jaksta Technologies Pty Ltd) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jrmcp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Internet Scrabble Club) C:\Program Files (x86)\misc\WordBiz\WordBiz (3rd)\WordBiz.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6612072 2011-03-07] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695928 2009-08-19] (brother)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2591493025-1418008374-2904148042-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-2591493025-1418008374-2904148042-1000\...\Run: [AudioSwitcher] => C:\Users\Laurie\Desktop\utils\AudioSwitcher (win7 output switcher).exe [360448 2014-11-11] (Forty One Ltd.)
HKU\S-1-5-21-2591493025-1418008374-2904148042-1000\...\MountPoints2: {aa68d170-59e5-11e4-8689-8c89a516c319} - Y:\TL-Bootstrap.exe
HKU\S-1-5-21-2591493025-1418008374-2904148042-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-06-09] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2014-06-09] (Jaksta Technologies Pty Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Locate32 Autorun.lnk
ShortcutTarget: Locate32 Autorun.lnk -> C:\Program Files (x86)\misc\locate32\locate32.exe ()
Startup: C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2591493025-1418008374-2904148042-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2591493025-1418008374-2904148042-1000] => https=127.0.0.1:58422;
HKU\S-1-5-21-2591493025-1418008374-2904148042-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2591493025-1418008374-2904148042-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-2591493025-1418008374-2904148042-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7E69BF5263FFCF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\uhuml4dc.default
FF SelectedSearchEngine:
FF Homepage: file:///N:/my_docs_win7/mystart_page6.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]<script type="text/javascript"> /* */ </script> ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\uhuml4dc.default\user.js
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\uhuml4dc.default\Extensions\[email protected][2014-10-02]
FF Extension: Session Manager - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\uhuml4dc.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-10-02]
FF Extension: Adblock Plus - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\uhuml4dc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected][2014-10-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected][2014-10-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected][2014-10-02]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR HomePage: Default -> file:///N:/my_docs_win7/mystart_page6.html
CHR Profile: C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-02]
CHR Extension: (Google Docs) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-02]
CHR Extension: (Google Drive) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-02]
CHR Extension: (Google Search) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-02]
CHR Extension: (Kaspersky Protection) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-10-02]
CHR Extension: (Session Buddy) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-10-02]
CHR Extension: (Google Sheets) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-10-04]
CHR Extension: (Google Wallet) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-02]
CHR Extension: (Gmail) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-02]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-10-02] (Microsoft Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 appliand; C:\Windows\System32\DRIVERS\appliand.sys [30304 2013-02-06] (Applian Technologies Inc.)
R3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1605760 2013-03-28] (Hauppauge Computer Works, Inc.)
S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [32064 2013-02-06] (Jaksta Technologies Pty Ltd)
S3 jakndis; C:\Windows\SysWOW64\DRIVERS\jakndis.sys [21504 2009-05-11] (Jaksta LLC) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-08] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-08] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 21:11 - 2014-11-20 21:11 - 00019371 _____ () C:\Users\Laurie\Downloads\FRST.txt
2014-11-20 21:11 - 2014-11-20 21:11 - 00000000 ____D () C:\FRST
2014-11-20 21:10 - 2014-11-20 21:10 - 02117632 _____ (Farbar) C:\Users\Laurie\Downloads\FRST64.exe
2014-11-20 10:28 - 2014-11-20 10:28 - 00103016 _____ () C:\Users\Laurie\Desktop\attach.zip
2014-11-20 10:14 - 2014-11-20 10:22 - 00023679 _____ () C:\Users\Laurie\Desktop\dds.txt
2014-11-20 10:14 - 2014-11-20 10:21 - 00528263 _____ () C:\Users\Laurie\Desktop\attach.txt
2014-11-20 09:42 - 2014-11-20 09:42 - 00000311 _____ () C:\Users\Laurie\Desktop\1Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Remov.URL
2014-11-20 09:38 - 2014-11-20 09:38 - 00688992 ____R (Swearware) C:\Users\Laurie\Downloads\dds.com
2014-11-19 16:31 - 2014-11-19 16:31 - 00002660 _____ () C:\Users\Laurie\AppData\Local\recently-used.xbel
2014-11-19 16:31 - 2014-11-19 16:31 - 00000000 ____D () C:\Users\Laurie\AppData\Local\gtk-2.0
2014-11-18 18:33 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 18:33 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 18:33 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 18:33 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 13:58 - 2014-11-18 13:58 - 00057344 _____ () C:\Users\Laurie\Downloads\Boiler_Sizing_Chart.xls
2014-11-17 18:54 - 2014-11-17 18:54 - 04976456 _____ (Piriform Ltd) C:\Users\Laurie\Downloads\ccsetup419.exe
2014-11-17 13:25 - 2014-11-17 13:25 - 00000000 ___RD () C:\Users\Laurie\AppData\Roaming\Brother
2014-11-17 13:22 - 2014-11-17 13:22 - 00000000 ____D () C:\Users\Laurie\.thumbnails
2014-11-17 13:18 - 2014-11-19 16:32 - 00000000 ____D () C:\Users\Laurie\.gimp-2.8
2014-11-17 13:18 - 2014-11-17 13:18 - 00000000 ____D () C:\Users\Laurie\AppData\Local\gegl-0.2
2014-11-17 13:17 - 2014-11-17 13:17 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-11-17 13:17 - 2014-11-17 13:17 - 00000000 ____D () C:\Program Files\GIMP 2
2014-11-17 13:15 - 2014-11-17 13:16 - 91931728 _____ (The GIMP Team ) C:\Users\Laurie\Downloads\gimp-2.8.14-setup-1.exe
2014-11-15 14:58 - 2014-11-19 17:54 - 00000000 ____D () C:\Users\Laurie\Desktop\sienna pix
2014-11-13 16:43 - 2014-11-13 16:43 - 00000000 ____D () C:\Program Files\PlayReady
2014-11-13 14:30 - 2014-11-13 14:31 - 00000000 ____D () C:\Users\Laurie\Desktop\tires
2014-11-13 14:29 - 2014-11-13 14:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-11-13 12:50 - 2014-11-13 12:51 - 55915216 _____ (Microsoft Corporation) C:\Users\Laurie\Downloads\IE11-Windows6.1-x64-en-us (1).exe
2014-11-13 12:43 - 2014-11-13 13:06 - 00024173 _____ () C:\Windows\IE11_main.log
2014-11-13 12:31 - 2014-11-20 09:44 - 00008968 _____ () C:\Windows\PFRO.log
2014-11-13 12:20 - 2014-11-13 12:20 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-11-13 12:20 - 2014-11-13 12:20 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-11-13 12:20 - 2014-11-13 12:20 - 00001120 _____ () C:\Users\Public\Desktop\Dragon Comodo.lnk
2014-11-13 12:20 - 2014-11-13 12:20 - 00000000 ____D () C:\Users\Laurie\AppData\Local\Comodo
2014-11-13 12:20 - 2014-11-13 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-11-13 12:20 - 2014-11-13 12:20 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-11-13 12:19 - 2014-11-13 12:19 - 51340512 _____ (COMODO) C:\Users\Laurie\Downloads\DragonSetup (1).exe
2014-11-13 12:04 - 2014-11-13 12:04 - 00244088 _____ () C:\Users\Laurie\Downloads\Firefox Setup Stub 33.1.exe
2014-11-13 11:56 - 2014-11-13 11:55 - 04933176 _____ () C:\Users\Laurie\Desktop\current_.session
2014-11-11 23:26 - 2014-10-25 11:05 - 09057280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 23:26 - 2014-10-25 11:05 - 01541632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 23:26 - 2014-10-25 11:05 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 23:26 - 2014-10-25 11:05 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 23:26 - 2014-10-25 11:05 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 23:26 - 2014-10-25 11:05 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 23:26 - 2014-10-25 11:05 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 23:26 - 2014-10-25 11:04 - 12289024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 23:26 - 2014-10-25 11:04 - 02467328 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 23:26 - 2014-10-25 11:04 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 23:26 - 2014-10-25 11:04 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 23:26 - 2014-10-25 11:04 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 23:26 - 2014-10-25 11:04 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 23:26 - 2014-10-25 11:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 23:26 - 2014-10-25 11:04 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 23:26 - 2014-10-25 11:04 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 23:26 - 2014-10-25 11:03 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 23:26 - 2014-10-25 10:46 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 23:26 - 2014-10-25 10:45 - 11019264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 23:26 - 2014-10-25 10:45 - 06026240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 23:26 - 2014-10-25 10:45 - 02086912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 23:26 - 2014-10-25 10:45 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 23:26 - 2014-10-25 10:45 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 23:26 - 2014-10-25 10:45 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 23:26 - 2014-10-25 10:45 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-11 23:26 - 2014-10-25 10:45 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 23:26 - 2014-10-25 10:45 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-11 23:26 - 2014-10-25 10:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 23:26 - 2014-10-25 10:44 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 23:26 - 2014-10-25 10:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 23:26 - 2014-10-25 10:43 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 23:26 - 2014-10-25 10:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 23:26 - 2014-10-25 10:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-11 23:26 - 2014-10-25 10:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 23:26 - 2014-10-25 08:00 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 23:26 - 2014-10-25 07:39 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 23:26 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 23:26 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 23:26 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 23:26 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 23:26 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 23:26 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 23:26 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 23:26 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 23:26 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 23:26 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 23:26 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 23:26 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 23:26 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 23:26 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 23:26 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 23:26 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 23:26 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 23:26 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 23:26 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 23:26 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 23:26 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 23:26 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 23:26 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 23:26 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 23:26 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 23:26 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 23:26 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 23:26 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 23:26 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 23:26 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 23:26 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 23:26 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 23:26 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 23:26 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 23:26 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 23:26 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 23:26 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 23:26 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 23:25 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 23:25 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 12:01 - 2014-11-11 12:01 - 00283919 _____ () C:\Users\Laurie\Downloads\AudioSwitcher_1_5_4_1.zip
2014-11-11 09:50 - 2014-11-11 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-11 09:50 - 2014-11-11 09:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-11 09:50 - 2014-11-11 09:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-11 09:49 - 2014-11-11 09:49 - 13087456 _____ (Microsoft Corporation) C:\Users\Laurie\Downloads\Silverlight_x64.exe
2014-11-07 10:56 - 2014-11-07 10:56 - 00000062 _____ () C:\Users\Laurie\Desktop\Broadcasts - Grooveshark.url
2014-11-06 04:30 - 2014-11-06 04:30 - 00000213 _____ () C:\Program Files (x86)\1N71HG10.bat
2014-11-06 04:29 - 2014-11-20 09:08 - 00004546 _____ () C:\Users\Laurie\AppData\Roaming\CamStudio.cfg
2014-11-06 04:29 - 2014-11-20 09:08 - 00000408 _____ () C:\Users\Laurie\AppData\Roaming\CamShapes.ini
2014-11-06 04:29 - 2014-11-20 09:08 - 00000408 _____ () C:\Users\Laurie\AppData\Roaming\CamLayout.ini
2014-11-06 04:29 - 2014-11-20 09:08 - 00000096 _____ () C:\Users\Laurie\AppData\Roaming\Camdata.ini
2014-11-06 04:24 - 2014-11-20 09:06 - 00000096 _____ () C:\Users\Laurie\AppData\Roaming\version2.xml
2014-11-06 04:24 - 2014-11-10 07:46 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-11-06 04:24 - 2014-11-06 04:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2014-11-01 05:39 - 2014-11-01 05:39 - 00006520 _____ () C:\Windows\LDPINST.LOG
2014-11-01 05:39 - 2014-11-01 05:39 - 00001833 _____ () C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
2014-11-01 05:39 - 2014-11-01 05:39 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\Leadertech
2014-11-01 05:39 - 2014-11-01 05:39 - 00000000 ____D () C:\ProgramData\Logitech
2014-11-01 05:39 - 2014-11-01 05:39 - 00000000 ____D () C:\Program Files\Logitech
2014-11-01 05:39 - 2014-11-01 05:39 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-11-01 05:39 - 2009-07-20 11:35 - 00096272 _____ (Logitech, Inc.) C:\Windows\system32\KemXML.dll
2014-11-01 05:39 - 2009-07-20 11:34 - 00235536 _____ (Logitech, Inc.) C:\Windows\system32\KemUtil.dll
2014-11-01 05:39 - 2009-07-20 11:34 - 00235536 _____ (Logitech, Inc.) C:\Windows\system32\kemutb.dll
2014-11-01 05:39 - 2009-07-20 11:34 - 00159248 _____ (Logitech, Inc.) C:\Windows\system32\KemWnd.dll
2014-11-01 05:39 - 2009-07-20 11:33 - 00190992 _____ (Broadcom Corporation.) C:\Windows\system32\BtCoreIf.dll
2014-11-01 05:35 - 2014-11-01 05:36 - 71448960 _____ (Logitech Inc. ) C:\Users\Laurie\Downloads\setpoint480_x64.exe
2014-10-29 05:03 - 2014-11-20 09:54 - 00046640 _____ () C:\Windows\IE10_main.log
2014-10-24 12:32 - 2014-10-24 12:32 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\Anvsoft
2014-10-24 12:32 - 2014-10-24 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-10-24 12:32 - 2014-10-24 12:32 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-10-24 12:17 - 2014-10-24 12:17 - 00000000 ____D () C:\ProgramData\Auslogics
2014-10-24 11:57 - 2014-10-24 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-10-24 11:57 - 2014-10-24 11:57 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-10-24 11:56 - 2014-10-24 11:56 - 06877784 _____ (Auslogics Labs Pty Ltd ) C:\Users\Laurie\Downloads\auslogics - duplicate-file-finder-setup.exe
2014-10-24 11:10 - 2014-10-24 11:10 - 00023280 _____ () C:\Users\Laurie\Downloads\generaltirerebates receipt.htm
2014-10-24 11:10 - 2014-10-24 11:10 - 00000000 ____D () C:\Users\Laurie\Downloads\generaltirerebates receipt_files
2014-10-22 11:55 - 2014-11-20 21:09 - 06064226 _____ () C:\Windows\setupact.log
2014-10-22 11:55 - 2014-10-22 11:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-22 11:26 - 2014-10-22 11:26 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-22 11:26 - 2014-10-22 11:26 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-22 11:25 - 2014-10-22 11:25 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-22 11:25 - 2014-10-22 11:25 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-22 11:25 - 2014-10-22 11:25 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-10-22 11:25 - 2014-10-22 11:25 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-10-22 11:25 - 2014-10-22 11:25 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-10-22 11:25 - 2014-10-22 11:25 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-10-22 11:25 - 2014-10-22 11:25 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-10-22 11:25 - 2014-10-22 11:25 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-10-22 09:45 - 2014-10-22 09:45 - 53391360 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-10-22 09:45 - 2014-10-22 09:45 - 00208896 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-10-22 09:45 - 2014-10-22 09:45 - 00028672 _____ () C:\Windows\system32\config\SAM.iobit
2014-10-22 09:45 - 2014-10-22 09:45 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-10-22 08:01 - 2014-11-13 12:16 - 00000000 ____D () C:\Users\Laurie\AppData\Local\Chromium
2014-10-22 08:00 - 2014-10-22 08:01 - 39979520 _____ (The Chromium Authors) C:\Users\Laurie\Downloads\mini_installer.exe
2014-10-22 07:42 - 2014-10-22 07:42 - 00167296 _____ (Gibson Research Corp.) C:\Users\Laurie\Downloads\DNSBench.exe
2014-10-22 07:34 - 2014-10-22 07:34 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-10-22 07:34 - 2014-10-22 07:34 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-10-22 07:34 - 2014-10-22 07:34 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-10-22 07:33 - 2014-10-22 07:33 - 51340512 _____ (COMODO) C:\Users\Laurie\Downloads\DragonSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 21:11 - 2014-10-08 05:46 - 00000376 _____ () C:\Windows\Tasks\WpsUpdateTask_Laurie.job
2014-11-20 21:01 - 2014-10-02 12:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 20:31 - 2014-10-02 09:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 20:14 - 2014-10-08 05:46 - 00000376 _____ () C:\Windows\Tasks\WpsNotifyTask_Laurie.job
2014-11-20 20:11 - 2014-10-02 09:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-20 12:31 - 2014-10-02 09:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 11:22 - 2014-10-03 20:40 - 01302246 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 10:31 - 2014-10-04 01:39 - 00000000 ____D () C:\Users\Laurie\Desktop\temp
2014-11-20 10:18 - 2009-07-13 23:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 10:18 - 2009-07-13 23:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 10:16 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-20 10:13 - 2014-10-14 10:59 - 00000000 ___RD () C:\Users\Laurie\Dropbox
2014-11-20 10:13 - 2014-10-14 10:57 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\Dropbox
2014-11-20 10:13 - 2014-10-08 05:49 - 00000295 _____ () C:\Windows\Brownie.ini
2014-11-20 10:11 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-20 10:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 04:57 - 2014-10-04 04:17 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\vlc
2014-11-19 18:01 - 2014-10-02 11:50 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\TextPad
2014-11-19 15:01 - 2014-10-02 22:47 - 00000000 ____D () C:\Users\Laurie\.VirtualBox
2014-11-19 07:32 - 2014-10-02 09:13 - 00002273 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-17 18:55 - 2014-10-03 18:38 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-17 18:55 - 2014-10-03 18:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-17 13:25 - 2014-10-08 05:58 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-11-17 13:22 - 2014-10-03 20:43 - 00000000 ____D () C:\Users\Laurie
2014-11-17 13:18 - 2014-10-02 09:33 - 00000000 ____D () C:\Users\Laurie\Desktop\utils
2014-11-15 15:52 - 2014-10-14 10:59 - 00001018 _____ () C:\Users\Laurie\Desktop\Dropbox.lnk
2014-11-15 15:52 - 2014-10-14 10:58 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 12:26 - 2014-10-02 09:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 12:26 - 2014-10-02 09:13 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 20:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 16:41 - 2011-04-12 03:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-13 13:12 - 2014-10-03 23:30 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-11-13 13:12 - 2014-10-03 23:28 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\GlarySoft
2014-11-13 13:05 - 2014-10-03 22:42 - 00000134 _____ () C:\Users\Laurie\Desktop\Internet Explorer Troubleshooting.url
2014-11-13 12:32 - 2014-10-02 15:42 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\Logitech
2014-11-13 12:31 - 2014-10-02 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-13 12:31 - 2014-10-02 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-13 12:31 - 2014-10-02 09:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-13 12:31 - 2009-07-13 23:45 - 00268448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 12:25 - 2014-10-02 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 12:23 - 2014-10-03 22:31 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 12:18 - 2014-10-04 00:14 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-11-13 12:17 - 2014-10-04 00:14 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\Opera Software
2014-11-13 12:17 - 2014-10-04 00:14 - 00000000 ____D () C:\Users\Laurie\AppData\Local\Opera Software
2014-11-13 12:08 - 2014-10-02 09:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 12:05 - 2014-10-02 11:37 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-13 12:05 - 2014-10-02 11:37 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-11 22:01 - 2014-10-02 12:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 22:01 - 2014-10-02 12:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 22:01 - 2014-10-02 12:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 09:28 - 2014-10-09 03:47 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-11-01 05:39 - 2014-10-02 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-11-01 05:39 - 2014-10-02 15:43 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-11-01 05:39 - 2013-04-12 19:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-29 07:49 - 2014-10-02 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 07:45 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-23 06:29 - 2014-10-08 05:46 - 00000000 ____D () C:\Users\Laurie\AppData\Local\Kingsoft
2014-10-22 11:24 - 2014-10-04 00:37 - 00000000 ____D () C:\Windows\Panther
2014-10-22 07:53 - 2014-10-02 11:35 - 00000000 ____D () C:\Program Files (x86)\misc
2014-10-22 07:22 - 2014-10-02 12:24 - 00000000 ____D () C:\Users\Laurie\AppData\Local\Adobe
2014-10-21 09:24 - 2014-10-02 09:32 - 00000000 ____D () C:\Users\Laurie\Desktop\blank folder9:16 PM 11/20/2014

Some content of TEMP:
====================
C:\Users\Laurie\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Laurie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzwf0i.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-20 10:54

==================== End Of Log ============================

 

Attached Files



#5 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:07 AM

Posted 21 November 2014 - 03:19 PM

Please follow these steps:

1.- Navigate to this file and right-click it (if you can't find the file, you may need to show the hidden files):
C:\Program Files (x86)\1N71HG10.bat
Then click Edit and copy/paste its content into your next reply.

2.- Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 
ProxyEnable: [S-1-5-21-2591493025-1418008374-2904148042-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2591493025-1418008374-2904148042-1000] => https=127.0.0.1:58422;
C:\Users\Laurie\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Laurie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzwf0i.dll
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

3.- Run FRST again, check Addition.txt, press Scan and attach both reports.

4.- Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt ('n' represents the number of the most recent report).
5.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKillerX64.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.


#6 ohnowatdoihave

ohnowatdoihave
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 22 November 2014 - 07:53 AM

Hi, here are the contents of C:\Program Files (x86)\1N71HG10.bat:

 

:try
del "C:\Program Files (x86)\Backgammo1\Uninstall.exe"
if exist "C:\Program Files (x86)\Backgammon\Uninstall.exe" goto try
rd "C:\Program Files (x86)\Backgammo1"
del "C:\Program Files (x86)\1N71HG10.bat"
 

------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014
Ran by Laurie at 2014-11-22 07:08:12 Run:1
Running from C:\Users\Laurie\Downloads
Loaded Profiles: Laurie & UpdatusUser (Available profiles: Laurie & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [S-1-5-21-2591493025-1418008374-2904148042-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2591493025-1418008374-2904148042-1000] => https=127.0.0.1:58422;
C:\Users\Laurie\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Laurie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzwf0i.dll
EmptyTemp:

*****************

HKU\S-1-5-21-2591493025-1418008374-2904148042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2591493025-1418008374-2904148042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"C:\Users\Laurie\AppData\Local\Temp\A~NSISu_.exe" => File/Directory not found.
C:\Users\Laurie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzwf0i.dll => Moved successfully.
EmptyTemp: => Removed 591.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
 

---------------------

RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Laurie [Administrator]
Mode : Scan -- Date : 11/22/2014  07:52:00

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2591493025-1418008374-2904148042-1000\Software\Microsoft\Windows\CurrentVersion\Run | AudioSwitcher : "C:\Users\Laurie\Desktop\utils\AudioSwitcher (win7 output switcher).exe"  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2591493025-1418008374-2904148042-1000\Software\Microsoft\Windows\CurrentVersion\Run | AudioSwitcher : "C:\Users\Laurie\Desktop\utils\AudioSwitcher (win7 output switcher).exe"  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD40EFRX-68WT0N0 ATA Device +++++
--- User ---
[MBR] 87c6519ff41e86dc0ce83061ab81b858
[BSP] d387fa1f37e1ae72532c0758885051a3 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EADS-65M2B0 ATA Device +++++
--- User ---
[MBR] 2392ec969f9892899608d7714d126f3b
[BSP] 2277dd600ec2d874d9fbef8ec57e2034 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 182221 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 373189950 | Size: 261150 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 955706850 | Size: 487213 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD1001FALS-00E3A0 ATA Device +++++
--- User ---
[MBR] 33d8396158333d71c92ee1aaf1b699a2
[BSP] 0d36ecb555c8f8ee4bacb289839c74af : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 95286 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 195352576 | Size: 100000 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 400152576 | Size: 758482 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WDC WD10EARS-22Y5B1 ATA Device +++++
--- User ---
[MBR] 98ff060fcb8d6cd722dd69bdd4e68604
[BSP] 5e55d0a852102e08df0aff011b5d2359 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 250003 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 512007615 | Size: 353861 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1236715830 | Size: 350002 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 68f7eb5dc8641a105a4f5d40a79924df
[BSP] 7860d06ab89f3f5f0763f4518ebf9e92 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_11222014_072653.log

 

 

Attached Files



#7 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:07 AM

Posted 22 November 2014 - 10:04 AM

I still need the AdwCleaner log.

#8 ohnowatdoihave

ohnowatdoihave
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 22 November 2014 - 10:42 AM

Oops, sorry, here it is:

 

# AdwCleaner v4.101 - Report created 22/11/2014 at 07:18:53
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Laurie - LPC-W7
# Running from : C:\Users\Laurie\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : N:\my_docs_win7\DownloadManager
Folder Deleted : C:\Users\Laurie\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
File Deleted : C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\uhuml4dc.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

[x] Not Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[x] Not Disinfected : C:\Users\Laurie\Desktop\from old desktop\Google Chrome.lnk
[x] Not Disinfected : C:\Users\Laurie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.18631


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v39.0.2171.65

[C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Laurie\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Laurie\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&q={searchTerms}

-\\ Chromium v

[C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Laurie\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Laurie\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&q={searchTerms}

-\\ Comodo Dragon v33.1.0.0

[C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Laurie\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Laurie\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Laurie\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&q={searchTerms}
[C:\Users\Laurie\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja

*************************

AdwCleaner[R0].txt - [2677 octets] - [22/11/2014 07:16:54]
AdwCleaner[S0].txt - [5117 octets] - [22/11/2014 07:18:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5177 octets] ##########
 



#9 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:07 AM

Posted 22 November 2014 - 06:03 PM

Please follow these steps:

1.- Open Malwarebytes Anti-Malware
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
  • Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
  • MBAM%20rootkit%20setting.jpg
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
  • MBAMThreatScan_zpsc6c6daeb.jpg
  • After viewing the results, please click on the Copy to Clipboard button > OK.
    MBAMScanLog_zps21b494ad.jpg
  • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.
2.- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes and if it finds anything, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#10 ohnowatdoihave

ohnowatdoihave
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 23 November 2014 - 10:02 AM

FYI The eset online scanner could not download an update  - I googled and ran 'minitoolbox' from here and then could run the eset scanner.

 

-----

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/23/2014
Scan Time: 6:47:43 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.23.04
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Laurie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350965
Time Elapsed: 5 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

---

eset online scanner results:

 

C:\Users\Laurie\Downloads\ccsetup418.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Laurie\Downloads\ccsetup419.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Laurie\Downloads\FreeVideoToMP3Converter.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined
C:\Users\Laurie\Downloads\Free_Download_Setup (1).exe    a variant of Win32/InstallCore.OZ potentially unwanted application    deleted - quarantined
C:\Users\Laurie\Downloads\winamp5666_full_all_inst.exe    a variant of Win32/InstallCore.RA potentially unwanted application    deleted - quarantined
C:\Users\Laurie\Downloads\avc-free.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined

 



#11 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:07 AM

Posted 23 November 2014 - 08:44 PM

Your logs looks OK. How are things running now?

#12 ohnowatdoihave

ohnowatdoihave
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 24 November 2014 - 11:07 AM

The problem is still there... Something changes the proxy settings. Also, I forgot to say, but besides the Eset server, the malware also was blocking a fresh download of firefox and chrome.

 

I just ran a bunch of rootkit scanners and they didn't find anything. :(



#13 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:07 AM

Posted 25 November 2014 - 08:11 AM

Please do the following:

Download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List IP configuration
  • List Winsock Entries

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Next, restart the computer and open Internet Explorer (No Add-ons) by going to: Start, All Programs, Accessories, System Tools, Internet Explorer (No Add-ons), and see if the proxy is set.


Edited by Rootk, 25 November 2014 - 08:12 AM.


#14 ohnowatdoihave

ohnowatdoihave
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 25 November 2014 - 08:33 AM

Hi, after running it, 'Internet Explorer (No Add-ons)' says the proxy is not set, but I'll wait a few hours and try again, since the malware seems to turn the proxy on every so often.

 

 

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Laurie (administrator) on 25-11-2014 at 08:17:59
Running from "C:\Users\Laurie\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : LPC-W7
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 8C-89-A5-16-C3-19
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1c28:57dd:406d:9a77%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.112(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, November 25, 2014 8:11:27 AM
   Lease Expires . . . . . . . . . . : Friday, January 01, 2151 2:46:21 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 227314085
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-1A-9D-B2-00-50-8D-B7-71-1A
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-DC-A5
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::21ab:575:247b:8ff%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 386400295
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-1A-9D-B2-00-50-8D-B7-71-1A
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{A66B9036-182E-4D6B-8EE6-79A2B77B96A8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DDA738D8-9C83-48B4-9CA5-46411B0B0335}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  DD-WRT
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:80b::1002
      74.125.226.33
      74.125.226.46
      74.125.226.40
      74.125.226.36
      74.125.226.32
      74.125.226.35
      74.125.226.38
      74.125.226.41
      74.125.226.39
      74.125.226.37
      74.125.226.34


Pinging google.com [74.125.226.34] with 32 bytes of data:
Reply from 74.125.226.34: bytes=32 time=16ms TTL=54
Reply from 74.125.226.34: bytes=32 time=18ms TTL=54

Ping statistics for 74.125.226.34:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 18ms, Average = 17ms
Server:  DD-WRT
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=88ms TTL=51
Reply from 206.190.36.45: bytes=32 time=87ms TTL=51

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 87ms, Maximum = 88ms, Average = 87ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...8c 89 a5 16 c3 19 ......Realtek PCIe GBE Family Controller
 14...08 00 27 00 dc a5 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.112     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.112    276
    192.168.1.112  255.255.255.255         On-link     192.168.1.112    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.112    276
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.1.112    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.1.112    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 14    276 fe80::/64                On-link
 13    276 fe80::/64                On-link
 13    276 fe80::1c28:57dd:406d:9a77/128
                                    On-link
 14    276 fe80::21ab:575:247b:8ff/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [] ()
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [File Not found] ()
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****
 



#15 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:12:07 AM

Posted 25 November 2014 - 08:26 PM

According to that log, there wasn't any proxy set. Did you delete it before running MiniToolBox?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users