Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy Server Hijacking - Hdvideo_exe


  • This topic is locked This topic is locked
16 replies to this topic

#1 skathari

skathari

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 30 November 2014 - 11:01 AM

I have this virus in my computer that changes the proxy on every browser. Even though I've used some programs that were able to find it and remove it, it always comes back.
 
I did follow other topics that have the same issue as me but I had no luck.
 
I've attached the log from my frst scan. Please help!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Nikolas (administrator) on NIKOLAS on 30-11-2014 10:55:19
Running from C:\Users\Nikolas\Downloads\Programs
Loaded Profile: Nikolas (Available profiles: Nikolas)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\setup.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Alcatel-Lucent) C:\Program Files\Comcast\pcTrayApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Dropbox, Inc.) C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\a\internetport3.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Comcast_McciTrayApp] => C:\Program Files\Comcast\pcTrayApp.exe [2792448 2012-12-10] (Alcatel-Lucent)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Driver Genius] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [autoauto] => 77496270.bat
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3882576 2014-11-07] (Tonec Inc.)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\MountPoints2: {07d3a6ad-2aa5-11e2-be6c-6894230a0d1c} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2455710959-1152450058-1220463979-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2455710959-1152450058-1220463979-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?p=pLsH3anR-Rz0cILJ
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {6F4492B3-5F95-4250-B92F-9BEC9664C408} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKU\S-1-5-21-2455710959-1152450058-1220463979-1001 -> {6F4492B3-5F95-4250-B92F-9BEC9664C408} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\a6izbb2e.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC -> C:\Users\Nikolas\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\a6izbb2e.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2014-11-14]
FF HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Nikolas\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Nikolas\AppData\Roaming\IDM\idmmzcc5 [2014-11-16]
FF HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Nikolas\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - mozilla_cc@internetdownloadmanager.com [Not Found]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Motive Management Plug-in) - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Alarm) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjkdjnaajdmnminlhhhcicfnokdhjfg [2014-10-16]
CHR Extension: (IDM Integration Module) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-10-28]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-11-07]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-02-23]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-11-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations)
U2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-12-10] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-12-10] (Alcatel-Lucent) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-30] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2014-02-06] ()
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [17568 2014-11-19] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-11-30] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 10:54 - 2014-11-30 10:54 - 00000000 ___RD () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-30 10:45 - 2014-11-30 10:45 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-30 10:45 - 2014-11-30 10:45 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-30 10:24 - 2014-11-30 10:55 - 00000000 ____D () C:\FRST
2014-11-30 09:53 - 2014-11-30 09:53 - 00000958 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-11-30 09:53 - 2014-11-30 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-11-30 09:53 - 2014-11-30 09:53 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-11-30 09:52 - 2014-11-30 09:53 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-11-30 09:30 - 2014-11-30 09:30 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-11-30 09:30 - 2014-11-30 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-30 09:26 - 2014-11-30 09:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-30 09:23 - 2014-11-30 09:28 - 00639257 _____ () C:\Users\Nikolas\Downloads\jxpiinstall.exe
2014-11-30 09:09 - 2014-11-30 10:07 - 00000000 ___HD () C:\a
2014-11-30 09:06 - 2014-11-30 09:06 - 00000019 _____ () C:\WINDOWS\SysWOW64\77496270.bat
2014-11-30 09:06 - 2014-11-30 09:06 - 00000000 __SHD () C:\Users\Nikolas\AppData\Local\EmieBrowserModeList
2014-11-24 17:28 - 2014-11-24 17:28 - 00412950 _____ () C:\Users\Nikolas\Downloads\Attach1_2.tif
2014-11-24 17:27 - 2014-11-24 17:27 - 00412950 _____ () C:\Users\Nikolas\Downloads\Attach1.tif
2014-11-24 14:21 - 2014-11-26 16:35 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\tbp
2014-11-20 12:39 - 2014-11-20 12:49 - 00000000 ____D () C:\Users\Nikolas\Downloads\MPROYSKO.S02.EP.238
2014-11-19 15:48 - 2014-11-19 15:48 - 00000000 _____ () C:\WINDOWS\Progs_.ini
2014-11-19 15:31 - 2008-06-23 16:41 - 00000002 _____ () C:\WINDOWS\1way.ini
2014-11-19 05:25 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 05:25 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 05:25 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 05:25 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-19 04:08 - 2014-11-19 04:08 - 00017568 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\gtkdrv.sys
2014-11-17 11:14 - 2014-11-17 11:14 - 00080384 _____ () C:\Users\Nikolas\Downloads\E6H60 INVOICE #1.xls
2014-11-15 18:54 - 2014-11-15 18:54 - 00079872 _____ () C:\Users\Nikolas\Downloads\E3L01 - INVOICE #10.xls
2014-11-15 14:28 - 2014-11-15 14:28 - 00079872 _____ () C:\Users\Nikolas\Downloads\Company Letterhead.xls
2014-11-15 12:17 - 2014-11-15 12:17 - 00025576 _____ () C:\Users\Nikolas\Downloads\(389717911) SE-SR9A over NW17 thru NW17th - Update Template.xlsx
2014-11-14 16:39 - 2014-11-14 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-14 14:28 - 2014-11-14 14:28 - 00703488 _____ () C:\Users\Nikolas\Downloads\Bridge Masters - 2013 Paperwork(1).xls
2014-11-14 10:04 - 2014-11-14 10:04 - 00030208 _____ () C:\Users\Nikolas\Downloads\blank np.XLS
2014-11-12 07:08 - 2014-11-12 07:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-11-12 07:08 - 2014-11-12 07:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-11-11 23:17 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-11 23:17 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-11 23:17 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-11 23:17 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-11 23:17 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-11 23:17 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-11 23:17 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-11 23:17 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-11 23:17 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-11 23:17 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-11 23:17 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-11 23:17 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-11 23:17 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-11 23:17 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-11 23:16 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-11 23:16 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-11 23:16 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-11 23:15 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-11 23:15 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-11 23:15 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-11 23:15 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-11 23:15 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-11 23:15 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-11 23:15 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-11 23:15 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-11 23:15 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-11 23:15 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-11 23:15 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-11 23:15 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-11 23:15 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-11 23:15 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-11 23:15 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-11 23:15 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-11 23:15 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-11 23:15 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-11 23:15 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-11 23:15 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-11 23:15 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-11 23:15 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-11 23:15 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-11 23:15 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-11 23:15 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-11 23:15 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-11 23:15 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-11 23:15 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-11 23:15 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-11 23:15 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-11 23:15 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-11 23:15 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-11 23:15 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-11 23:15 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-11 23:15 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-11 23:15 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-11 23:15 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-11 23:15 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-11 23:15 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-11 23:15 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-11 23:15 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-11 23:15 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-11 23:15 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-11 23:15 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-11 23:15 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-11 23:15 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-11 23:15 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-11 23:15 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-11 23:15 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-11 23:15 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-11 23:15 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-11 23:15 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-11 23:15 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-11 23:15 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-11 23:15 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-11 23:15 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-11 23:15 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-11 23:15 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-11 23:15 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-11 23:15 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-11 23:15 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-11 23:15 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-11 23:15 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-11 23:15 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-11 23:15 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-11 23:15 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-11 23:15 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 23:15 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-11 23:15 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-11 23:15 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-11 23:15 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-11 23:15 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-11 23:15 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-11 23:15 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-11 23:15 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-11 23:15 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-11 23:15 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-11 23:15 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-11 23:15 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-11 23:15 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-11 23:15 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-11 23:15 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-11 23:15 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-11 23:15 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-11 23:15 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-11 23:15 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-11 23:15 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-11 23:14 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-11 23:14 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-11 23:14 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-11 23:14 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-11 23:14 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-11 23:14 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-11 23:14 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-11 23:14 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-11 23:14 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-11 23:14 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-11 23:14 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-11 23:14 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-11 23:14 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-11 23:14 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-11 23:14 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-11 23:14 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-11 23:14 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-11 23:14 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-11 23:14 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-11 23:14 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-11 23:14 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-11 23:13 - 2014-11-04 18:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-11 23:13 - 2014-11-03 19:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-11 23:13 - 2014-10-30 23:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-11 23:13 - 2014-10-30 23:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-11 23:13 - 2014-10-30 23:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-11 23:13 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-11 23:13 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-11 23:13 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-11 23:13 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-11 23:13 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-11 23:13 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-11 23:13 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-11 23:13 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-11 23:13 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-11 23:13 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-11 23:13 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-11 23:13 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-11 23:13 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-11 23:13 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-11 23:13 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-11 23:13 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-11 23:13 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-11 23:13 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-11 23:13 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-11 23:13 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-11 23:13 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-11 23:13 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-11 23:13 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-11 23:13 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-11 23:13 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-11 23:13 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-11 23:13 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-11 23:13 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-11 23:12 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-11 23:12 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-11 23:12 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-11 23:12 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-11 23:12 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-11 23:12 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-11 23:12 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-11 23:12 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-11 23:12 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-11 23:12 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-11 23:12 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-11 23:12 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-11 23:12 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-11 23:12 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-11 23:12 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-11 23:12 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-11 23:12 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-11 23:12 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-11 23:12 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-11 23:12 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-11 23:12 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-11 23:12 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-11 23:12 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-11 23:12 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-11 23:12 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-11 23:12 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-11 23:12 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-11 23:12 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-11 23:11 - 2014-09-07 17:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-11 23:11 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-11 23:11 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-07 04:34 - 2014-11-19 16:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-11-07 02:21 - 2014-09-30 23:19 - 00180136 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2014-11-05 17:06 - 2014-11-05 17:06 - 00046976 _____ () C:\Users\Nikolas\Downloads\TS101877358.xltx
2014-11-03 08:09 - 2014-11-03 08:24 - 00002267 _____ () C:\Users\Nikolas\Downloads\bd_test
2014-11-02 16:16 - 2014-11-30 09:03 - 00041472 ___SH () C:\Users\Nikolas\Desktop\Thumbs.db

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 10:56 - 2012-10-31 19:44 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-11-30 10:55 - 2012-11-06 19:28 - 00000000 ___RD () C:\Users\Nikolas\Dropbox
2014-11-30 10:54 - 2014-09-18 14:47 - 00000000 ___RD () C:\Users\Nikolas\OneDrive
2014-11-30 10:54 - 2012-11-06 19:27 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Dropbox
2014-11-30 10:53 - 2014-09-18 14:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-30 10:53 - 2014-01-25 08:43 - 00001022 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-30 10:53 - 2014-01-25 08:43 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-30 10:53 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-30 10:53 - 2013-05-21 08:33 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 10:52 - 2014-09-18 14:12 - 01534189 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-30 10:52 - 2013-01-21 11:54 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\DMCache
2014-11-30 10:51 - 2012-11-06 19:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2455710959-1152450058-1220463979-1001
2014-11-30 10:45 - 2013-05-21 08:34 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-30 10:28 - 2014-09-20 12:01 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{34D0B3B2-E365-498C-90C6-A4744020944B}
2014-11-30 10:22 - 2013-05-21 08:33 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 10:11 - 2014-03-18 05:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-30 10:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-30 10:02 - 2012-11-06 19:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-30 09:51 - 2014-10-18 22:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 09:39 - 2014-03-18 04:54 - 00030552 _____ () C:\WINDOWS\PFRO.log
2014-11-30 09:38 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-30 09:30 - 2013-09-01 15:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-30 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-11-30 09:02 - 2012-11-16 19:16 - 00000000 ___RD () C:\Users\Nikolas\Podcasts
2014-11-30 09:00 - 2013-08-22 09:44 - 00534136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-30 08:59 - 2013-01-21 11:53 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-11-30 08:59 - 2012-11-06 19:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-30 08:58 - 2013-11-30 13:27 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-30 08:56 - 2014-07-12 09:00 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-30 08:55 - 2014-09-18 14:19 - 00000000 ____D () C:\Users\Nikolas
2014-11-30 03:21 - 2012-11-06 19:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-29 17:02 - 2014-09-24 19:28 - 00000000 ____D () C:\Users\Nikolas\Documents\Get FLV
2014-11-29 16:34 - 2014-09-24 19:17 - 00000000 ____D () C:\Program Files (x86)\GetFLV
2014-11-29 10:26 - 2013-01-21 11:54 - 00000000 ____D () C:\Users\Nikolas\Downloads\Video
2014-11-28 19:31 - 2012-11-08 18:43 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\vlc
2014-11-28 12:01 - 2013-01-22 09:36 - 00000000 ____D () C:\Users\Nikolas\Downloads\Compressed
2014-11-27 05:20 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-26 04:14 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-25 14:02 - 2012-11-06 19:36 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-25 13:13 - 2013-07-30 16:46 - 00000000 ____D () C:\Users\Nikolas\Documents\CD - November
2014-11-24 17:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-11-21 16:01 - 2012-11-06 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-11-20 15:51 - 2014-10-15 13:11 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-20 15:51 - 2014-10-15 13:11 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-16 18:34 - 2013-01-21 11:54 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\IDM
2014-11-14 17:15 - 2012-11-06 19:28 - 00001076 _____ () C:\Users\Nikolas\Desktop\Dropbox.lnk
2014-11-14 17:15 - 2012-11-06 19:28 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-12 07:02 - 2013-08-15 02:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 06:55 - 2012-12-13 03:10 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-06 10:54 - 2013-04-25 08:37 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-05 18:09 - 2013-10-31 18:31 - 00001473 _____ () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-11-04 14:15 - 2012-11-06 19:54 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\Microsoft Help
2014-11-04 10:50 - 2014-10-21 15:52 - 00014872 _____ () C:\Users\Nikolas\Documents\Bank log since August 11.xlsx
2014-11-03 16:16 - 2013-11-30 13:27 - 00107392 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2014-11-03 16:16 - 2013-11-30 13:27 - 00092520 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2014-11-03 16:16 - 2013-11-30 13:27 - 00035688 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2014-11-03 16:16 - 2013-11-30 13:27 - 00000000 ____D () C:\Program Files (x86)\LogMeIn

Some content of TEMP:
====================
C:\Users\Nikolas\AppData\Local\Temp\crdli.dll
C:\Users\Nikolas\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nikolas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6wapye.dll
C:\Users\Nikolas\AppData\Local\Temp\Launcher.exe
C:\Users\Nikolas\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Nikolas\AppData\Local\Temp\optprosetup.exe
C:\Users\Nikolas\AppData\Local\Temp\Quarantine.exe
C:\Users\Nikolas\AppData\Local\Temp\sqlite3.dll
C:\Users\Nikolas\AppData\Local\Temp\updatejv.exe
C:\Users\Nikolas\AppData\Local\Temp\upliyer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-26 04:12

==================== End Of Log ============================

Attached Files


Edited by nasdaq, 05 December 2014 - 08:42 AM.


BC AdBot (Login to Remove)

 


m

#2 skathari

skathari
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 03 December 2014 - 10:13 AM

Can anyone help?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 05 December 2014 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Using the Add/Remove programs delete this installed program.

Torch (HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Torch) (Version: 33.0.0.7326 - Torch Media, Inc) <==== ATTENTION
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

() C:\a\internetport3.exe
HKLM-x32\...\Run: [Driver Genius] => [X]
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2455710959-1152450058-1220463979-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2455710959-1152450058-1220463979-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {6F4492B3-5F95-4250-B92F-9BEC9664C408} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
FF NetworkProxy: "type", 0
FF user.js: detected! => C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\a6izbb2e.default\user.js
FF Extension: No Name - mozilla_cc@internetdownloadmanager.com [Not Found]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
S4 LMIRfsClientNP; No ImagePath
C:\a\internetport3.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:8877 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

If required press the Apply button.
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.

Restart the computer normally to reset the registry.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Let me know what problem persists.

#4 skathari

skathari
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 05 December 2014 - 10:15 AM

Hi, thank you for replying and helping me! I did all of that but the problem is still there. One thing that was fixed was that I'm able to uncheck the "use proxy" from Internet Explorer and check the "Automatically detect settings". Before, I couldnt uncheck the "use proxy"; it was greyed out.

 

Here is the report from Adwcleaner

 

# AdwCleaner v4.000 - Report created 05/12/2014 at 10:08:50
# DB v201.62
# Updated 12/10/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Nikolas - NIKOLAS
# Running from : C:\Users\Nikolas\Downloads\Programs\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Nikolas\AppData\Local\torch
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius
[x] Not Deleted : C:\ProgramData\drivergenius
[x] Not Deleted : C:\ProgramData\pcdr
[x] Not Deleted : C:\Users\Nikolas\AppData\Roaming\pcdr
[x] Not Deleted : C:\Users\Nikolas\AppData\Local\Temp\OptimizerPro.exe
[x] Not Deleted : C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\a6izbb2e.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\torch
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8877;hxxps=127.0.0.1:8877

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1.1 (x86 en-US)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [7545 octets] - [18/10/2014 21:46:32]
AdwCleaner[R1].txt - [3755 octets] - [30/11/2014 11:18:45]
AdwCleaner[R2].txt - [3355 octets] - [30/11/2014 12:39:05]
AdwCleaner[R3].txt - [2434 octets] - [05/12/2014 10:06:13]
AdwCleaner[S0].txt - [7374 octets] - [18/10/2014 21:51:55]
AdwCleaner[S1].txt - [3526 octets] - [30/11/2014 11:22:09]
AdwCleaner[S2].txt - [3105 octets] - [30/11/2014 12:41:32]
AdwCleaner[S3].txt - [2291 octets] - [05/12/2014 10:08:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2351 octets] ##########
 

 

And here is the Fixlog report

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Nikolas at 2014-12-05 09:59:52 Run:5
Running from C:\Users\Nikolas\Downloads\Programs
Loaded Profile: Nikolas (Available profiles: Nikolas)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

() C:\a\internetport3.exe
HKLM-x32\...\Run: [Driver Genius] => [X]
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2455710959-1152450058-1220463979-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2455710959-1152450058-1220463979-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {6F4492B3-5F95-4250-B92F-9BEC9664C408} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
FF NetworkProxy: "type", 0
FF user.js: detected! => C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\a6izbb2e.default\user.js
FF Extension: No Name - mozilla_cc@internetdownloadmanager.com [Not Found]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
S4 LMIRfsClientNP; No ImagePath
C:\a\internetport3.exe

End
*****************

[4720] C:\a\internetport3.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Driver Genius => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension" => Key deleted successfully.
"HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
"HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F4492B3-5F95-4250-B92F-9BEC9664C408}" => Key deleted successfully.
"HKCR\CLSID\{6F4492B3-5F95-4250-B92F-9BEC9664C408}" => Key not found.
Firefox Proxy settings were reset.
C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\a6izbb2e.default\user.js => Moved successfully.
FF Extension: No Name - mozilla_cc@internetdownloadmanager.com [Not Found] not found.
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
LMIRfsClientNP => Service deleted successfully.
C:\a\internetport3.exe => Moved successfully.

==== End of Fixlog ====

 

 

Thank you!



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 05 December 2014 - 01:42 PM

I suggest you run the AdwCleaner one more time and clean everything that is found.

Will take it from there.

#6 skathari

skathari
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 05 December 2014 - 04:54 PM

Ok I just did. Here is the report

 

# AdwCleaner v4.102 - Report created 05/12/2014 at 16:49:03
# Updated 23/11/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Nikolas - NIKOLAS
# Running from : C:\Users\Nikolas\Downloads\Programs\adwcleaner_4.102.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\drivergenius
Folder Deleted : C:\ProgramData\pcdr
Folder Deleted : C:\ProgramData\ddOwnloiaditkEep
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius
Folder Deleted : C:\Program Files (x86)\ddOwnloiaditkEep
Folder Deleted : C:\Users\Nikolas\AppData\Roaming\pcdr
File Deleted : C:\Users\Nikolas\AppData\Local\Temp\OptimizerPro.exe
File Deleted : C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\a6izbb2e.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\downloadoitkeeep.downloadoitkeeep
Key Deleted : HKLM\SOFTWARE\Classes\downloadoitkeeep.downloadoitkeeep.6.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{377994A8-7B21-2932-7898-047D980160A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{377994A8-7B21-2932-7898-047D980160A1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{377994A8-7B21-2932-7898-047D980160A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1.1 (x86 en-US)


-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R0].txt - [7545 octets] - [18/10/2014 21:46:32]
AdwCleaner[R1].txt - [3755 octets] - [30/11/2014 11:18:45]
AdwCleaner[R2].txt - [3355 octets] - [30/11/2014 12:39:05]
AdwCleaner[R3].txt - [2434 octets] - [05/12/2014 10:06:13]
AdwCleaner[R4].txt - [2770 octets] - [05/12/2014 16:46:33]
AdwCleaner[S0].txt - [7374 octets] - [18/10/2014 21:51:55]
AdwCleaner[S1].txt - [3526 octets] - [30/11/2014 11:22:09]
AdwCleaner[S2].txt - [3105 octets] - [30/11/2014 12:41:32]
AdwCleaner[S3].txt - [2435 octets] - [05/12/2014 10:08:50]
AdwCleaner[S4].txt - [2721 octets] - [05/12/2014 16:49:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2781 octets] ##########
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 06 December 2014 - 08:59 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

How is the computer running now?

#8 skathari

skathari
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 06 December 2014 - 10:24 AM

Here it is

 

 Results of screen317's Security Check version 0.99.91  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player     15.0.0.239  
 Adobe Reader XI  
 Mozilla Firefox (33.1.1)
 Google Chrome 38.0.2125.104 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

The computer is running fine because I immediately go to the browsers and uncheck the use proxy, and check the automatically detect. The computer was never going crazy, i just had to go to the tools, options and change the proxy back to normal so the advertisements stop popping up like crazy. But, as of now when I restart the computer the proxies are still there.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 06 December 2014 - 10:36 AM

Java 8 Update 25
Java version 32-bit out of Date!

Ignore this you have the latest version for your operating 32bit system.

===

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Click Next at the Welcome Screen, Click Next on Step 1 Screen
  • Click Next on Step 2 Screen, Click Do it on Step 3 Screen, After is has completed click Next
  • On Step 4 Under System Restore Click Create, Then under registry back-up Click Backup When you have completed this click Next
  • On Start Repairs Click Start
  • Click the Unselect All button then select just the items below
    Repair Proxy Settings
    Repair Winsock & DNS Cache
    Remove Temp Files
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.


#10 skathari

skathari
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 06 December 2014 - 01:21 PM

I just completed this. Unfortunately, still no change.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 06 December 2014 - 02:23 PM

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

If that fails to remove the proxy please run the Farbar tool one more time and post a fresh log for my review.

#12 skathari

skathari
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 06 December 2014 - 02:38 PM

Remember, that proxy is in my registry. It doesnt make any difference if I reset my browser settings because as soon as I restart the pc, the registry gives instructions to the browsers to use that proxy. The goal of my issue is to somehow save the changes that we make on the registry so when the system restarts, the proxy instructions are not going to be there.

 

Maybe on that fixlist that you are going to give me there is some kind of instruction that you can put to save the changes?

 

I did reset all the browsers though and I restarted the pc, run frst and here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 02
Ran by Nikolas (administrator) on NIKOLAS on 06-12-2014 14:32:20
Running from C:\Users\Nikolas\Downloads\Programs
Loaded Profile: Nikolas (Available profiles: Nikolas)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Alcatel-Lucent) C:\Program Files\Comcast\pcTrayApp.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dropbox, Inc.) C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\a\internetport3.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Comcast_McciTrayApp] => C:\Program Files\Comcast\pcTrayApp.exe [2792448 2012-12-10] (Alcatel-Lucent)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [autoauto] => 77496270.bat
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3882576 2014-11-07] (Tonec Inc.)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\MountPoints2: {07d3a6ad-2aa5-11e2-be6c-6894230a0d1c} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\MountPoints2: {2d088381-2b9c-11e2-be6d-6894230a0d1c} - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2455710959-1152450058-1220463979-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2455710959-1152450058-1220463979-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?p=pLsH3anR-Rz0cILJ
SearchScopes: HKU\S-1-5-21-2455710959-1152450058-1220463979-1001 -> {6F4492B3-5F95-4250-B92F-9BEC9664C408} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\dfetanrd.default-1417894074725
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\dfetanrd.default-1417894074725\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2014-11-14]
FF HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Nikolas\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Nikolas\AppData\Roaming\IDM\idmmzcc5 [2014-11-16]
FF HKU\S-1-5-21-2455710959-1152450058-1220463979-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Nikolas\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Motive Management Plug-in) - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-05]
CHR Extension: (Alarm) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjkdjnaajdmnminlhhhcicfnokdhjfg [2014-10-16]
CHR Extension: (IDM Integration Module) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-10-28]
CHR Extension: (Google Wallet) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-05]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-11-07]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-02-23]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-11-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations)
U2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-12-10] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-12-10] (Alcatel-Lucent) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2014-02-06] ()
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [17568 2014-11-19] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-11-30] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 14:31 - 2014-12-06 14:31 - 00000000 ___RD () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-06 14:27 - 2014-12-06 14:27 - 00000000 ____D () C:\Users\Nikolas\Desktop\Old Firefox Data
2014-12-06 12:31 - 2014-12-06 12:31 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-NIKOLAS-Microsoft-Windows-8.1-(64-bit).dat
2014-12-06 12:31 - 2014-12-06 12:31 - 00000000 ____D () C:\RegBackup
2014-12-06 10:51 - 2014-12-06 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-06 10:50 - 2014-12-06 10:50 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-06 10:01 - 2014-12-06 10:01 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\PCDr
2014-12-06 10:01 - 2014-12-06 10:01 - 00000000 ____D () C:\ProgramData\PCDr
2014-12-04 15:12 - 2014-12-04 15:12 - 00000032 _____ () C:\WINDOWS\GetFLV.ini
2014-12-04 14:29 - 2014-12-04 14:59 - 00000000 ____D () C:\Users\Nikolas\Downloads\MPROYSKO.S02.EP.244
2014-12-03 16:25 - 2014-12-03 16:32 - 00000000 ___RD () C:\Users\Nikolas\Downloads\2 12 14 pano
2014-12-03 16:24 - 2014-12-03 16:25 - 362988071 _____ () C:\Users\Nikolas\Downloads\2 12 14 pano.rar
2014-12-03 12:37 - 2014-12-03 12:37 - 00049664 _____ () C:\Users\Nikolas\Downloads\70005070.xlsm
2014-12-02 14:59 - 2014-12-02 15:11 - 00032256 _____ () C:\Users\Nikolas\Downloads\3week.xls
2014-11-30 16:58 - 2014-11-29 19:58 - 00000000 ____D () C:\Users\Nikolas\Downloads\ΠΑΝΣΕΛΙΝΟΣ ΚΑΙ ΚΑΤΙ ΕΙΣ- ΠΝΟΗ [ΠΡΩΤΟ ΜΕΡΟΣ]
2014-11-30 16:55 - 2014-11-30 16:58 - 61323547 _____ () C:\Users\Nikolas\Downloads\padelidis - panselinos kai kati eis-pnoi [a'meros].rar
2014-11-30 12:05 - 2014-11-30 12:05 - 00000746 _____ () C:\Users\Nikolas\Downloads\Remove_Windows_Update_Policies.reg
2014-11-30 10:45 - 2014-11-30 10:45 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-30 10:45 - 2014-11-30 10:45 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-30 10:24 - 2014-12-06 14:32 - 00000000 ____D () C:\FRST
2014-11-30 09:53 - 2014-11-30 09:53 - 00000958 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-11-30 09:53 - 2014-11-30 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-11-30 09:53 - 2014-11-30 09:53 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-11-30 09:52 - 2014-11-30 09:53 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-11-30 09:30 - 2014-11-30 09:30 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-11-30 09:30 - 2014-11-30 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-30 09:26 - 2014-11-30 09:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-30 09:23 - 2014-11-30 09:28 - 00639257 _____ () C:\Users\Nikolas\Downloads\jxpiinstall.exe
2014-11-30 09:09 - 2014-12-06 12:42 - 00000000 ___HD () C:\a
2014-11-30 09:06 - 2014-11-30 09:06 - 00000019 _____ () C:\WINDOWS\SysWOW64\77496270.bat
2014-11-30 09:06 - 2014-11-30 09:06 - 00000000 __SHD () C:\Users\Nikolas\AppData\Local\EmieBrowserModeList
2014-11-24 17:28 - 2014-11-24 17:28 - 00412950 _____ () C:\Users\Nikolas\Downloads\Attach1_2.tif
2014-11-24 17:27 - 2014-11-24 17:27 - 00412950 _____ () C:\Users\Nikolas\Downloads\Attach1.tif
2014-11-24 14:21 - 2014-11-26 16:35 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\tbp
2014-11-20 12:39 - 2014-11-20 12:49 - 00000000 ____D () C:\Users\Nikolas\Downloads\MPROYSKO.S02.EP.238
2014-11-19 15:48 - 2014-11-19 15:48 - 00000000 _____ () C:\WINDOWS\Progs_.ini
2014-11-19 15:31 - 2008-06-23 16:41 - 00000002 _____ () C:\WINDOWS\1way.ini
2014-11-19 05:25 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 05:25 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 05:25 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 05:25 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-19 04:08 - 2014-11-19 04:08 - 00017568 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\gtkdrv.sys
2014-11-17 11:14 - 2014-11-17 11:14 - 00080384 _____ () C:\Users\Nikolas\Downloads\E6H60 INVOICE #1.xls
2014-11-15 18:54 - 2014-11-15 18:54 - 00079872 _____ () C:\Users\Nikolas\Downloads\E3L01 - INVOICE #10.xls
2014-11-15 14:28 - 2014-11-15 14:28 - 00079872 _____ () C:\Users\Nikolas\Downloads\Company Letterhead.xls
2014-11-15 12:17 - 2014-11-15 12:17 - 00025576 _____ () C:\Users\Nikolas\Downloads\(389717911) SE-SR9A over NW17 thru NW17th - Update Template.xlsx
2014-11-14 16:39 - 2014-11-14 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-14 14:28 - 2014-11-14 14:28 - 00703488 _____ () C:\Users\Nikolas\Downloads\Bridge Masters - 2013 Paperwork(1).xls
2014-11-14 10:04 - 2014-11-14 10:04 - 00030208 _____ () C:\Users\Nikolas\Downloads\blank np.XLS
2014-11-12 07:08 - 2014-11-12 07:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-11-12 07:08 - 2014-11-12 07:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-11-11 23:17 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-11 23:17 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-11 23:17 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-11 23:17 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-11 23:17 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-11 23:17 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-11 23:17 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-11 23:17 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-11 23:17 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-11 23:17 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-11 23:17 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-11 23:17 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-11 23:17 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-11 23:17 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-11 23:16 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-11 23:16 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-11 23:16 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-11 23:15 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-11 23:15 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-11 23:15 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-11 23:15 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-11 23:15 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-11 23:15 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-11 23:15 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-11 23:15 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-11 23:15 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-11 23:15 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-11 23:15 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-11 23:15 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-11 23:15 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-11 23:15 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-11 23:15 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-11 23:15 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-11 23:15 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-11 23:15 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-11 23:15 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-11 23:15 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-11 23:15 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-11 23:15 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-11 23:15 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-11 23:15 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-11 23:15 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-11 23:15 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-11 23:15 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-11 23:15 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-11 23:15 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-11 23:15 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-11 23:15 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-11 23:15 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-11 23:15 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-11 23:15 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-11 23:15 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-11 23:15 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-11 23:15 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-11 23:15 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-11 23:15 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-11 23:15 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-11 23:15 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-11 23:15 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-11 23:15 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-11 23:15 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-11 23:15 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-11 23:15 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-11 23:15 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-11 23:15 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-11 23:15 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-11 23:15 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-11 23:15 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-11 23:15 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-11 23:15 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-11 23:15 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-11 23:15 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-11 23:15 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-11 23:15 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-11 23:15 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-11 23:15 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-11 23:15 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-11 23:15 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-11 23:15 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-11 23:15 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-11 23:15 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-11 23:15 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-11 23:15 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-11 23:15 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 23:15 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-11 23:15 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-11 23:15 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-11 23:15 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-11 23:15 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-11 23:15 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-11 23:15 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-11 23:15 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-11 23:15 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-11 23:15 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-11 23:15 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-11 23:15 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-11 23:15 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-11 23:15 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-11 23:15 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-11 23:15 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-11 23:15 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-11 23:15 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-11 23:15 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-11 23:15 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-11 23:14 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-11 23:14 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-11 23:14 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-11 23:14 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-11 23:14 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-11 23:14 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-11 23:14 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-11 23:14 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-11 23:14 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-11 23:14 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-11 23:14 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-11 23:14 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-11 23:14 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-11 23:14 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-11 23:14 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-11 23:14 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-11 23:14 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-11 23:14 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-11 23:14 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-11 23:14 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-11 23:14 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-11 23:13 - 2014-11-04 18:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-11 23:13 - 2014-11-03 19:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-11 23:13 - 2014-10-30 23:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-11 23:13 - 2014-10-30 23:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-11 23:13 - 2014-10-30 23:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-11 23:13 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-11 23:13 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-11 23:13 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-11 23:13 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-11 23:13 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-11 23:13 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-11 23:13 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-11 23:13 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-11 23:13 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-11 23:13 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-11 23:13 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-11 23:13 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-11 23:13 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-11 23:13 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-11 23:13 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-11 23:13 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-11 23:13 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-11 23:13 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-11 23:13 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-11 23:13 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-11 23:13 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-11 23:13 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-11 23:13 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-11 23:13 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-11 23:13 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-11 23:13 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-11 23:13 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-11 23:13 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-11 23:12 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-11 23:12 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-11 23:12 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-11 23:12 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-11 23:12 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-11 23:12 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-11 23:12 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-11 23:12 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-11 23:12 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-11 23:12 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-11 23:12 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-11 23:12 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-11 23:12 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-11 23:12 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-11 23:12 - 2014-08-30 19:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-11 23:12 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-11 23:12 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-11 23:12 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-11 23:12 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-11 23:12 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-11 23:12 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-11 23:12 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-11 23:12 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-11 23:12 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-11 23:12 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-11 23:12 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-11 23:12 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-11 23:12 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-11 23:11 - 2014-09-07 17:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-11 23:11 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-11 23:11 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-07 04:34 - 2014-11-19 16:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-11-07 02:21 - 2014-09-30 23:19 - 00180136 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 14:33 - 2012-10-31 19:44 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-12-06 14:31 - 2013-05-21 08:33 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-06 14:31 - 2012-11-06 19:28 - 00000000 ___RD () C:\Users\Nikolas\Dropbox
2014-12-06 14:31 - 2012-11-06 19:27 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Dropbox
2014-12-06 14:30 - 2014-09-18 14:47 - 00000000 ___RD () C:\Users\Nikolas\OneDrive
2014-12-06 14:30 - 2014-09-18 14:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-06 14:30 - 2014-01-25 08:43 - 00001022 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-12-06 14:30 - 2014-01-25 08:43 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-12-06 14:30 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-06 14:29 - 2013-01-21 11:54 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\DMCache
2014-12-06 14:12 - 2014-09-18 14:12 - 02088742 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-06 14:11 - 2013-05-21 08:33 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-06 14:02 - 2012-11-06 19:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-06 14:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-06 13:15 - 2012-11-06 19:15 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2455710959-1152450058-1220463979-1001
2014-12-06 12:47 - 2014-03-18 05:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-06 12:40 - 2014-09-20 12:01 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{34D0B3B2-E365-498C-90C6-A4744020944B}
2014-12-06 12:34 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-06 10:36 - 2013-01-21 11:54 - 00000000 ____D () C:\Users\Nikolas\Downloads\Video
2014-12-06 10:19 - 2014-09-24 19:17 - 00000000 ____D () C:\Program Files (x86)\GetFLV
2014-12-06 09:45 - 2013-11-30 13:27 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-06 04:40 - 2012-11-06 19:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-05 18:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-12-05 17:00 - 2014-05-03 09:55 - 00000000 ____D () C:\ProgramData\softthinks
2014-12-05 16:57 - 2012-11-07 06:00 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\CrashDumps
2014-12-05 16:51 - 2014-03-18 04:54 - 00032960 _____ () C:\WINDOWS\PFRO.log
2014-12-05 16:50 - 2014-10-18 21:46 - 00000000 ____D () C:\AdwCleaner
2014-12-05 13:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-05 13:16 - 2013-01-22 09:36 - 00000000 ____D () C:\Users\Nikolas\Downloads\Compressed
2014-12-05 12:55 - 2013-04-25 08:37 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-12-05 10:23 - 2012-11-08 18:43 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\vlc
2014-12-05 10:15 - 2013-05-21 08:34 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-05 10:11 - 2014-11-02 16:16 - 00041472 ___SH () C:\Users\Nikolas\Desktop\Thumbs.db
2014-12-05 10:06 - 2013-05-21 08:33 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-05 10:06 - 2013-05-21 08:33 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-03 13:30 - 2014-09-24 19:28 - 00000000 ____D () C:\Users\Nikolas\Documents\Get FLV
2014-12-01 12:39 - 2013-08-22 09:46 - 00310603 _____ () C:\WINDOWS\setupact.log
2014-11-30 16:46 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-30 12:46 - 2014-10-18 22:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 09:30 - 2013-09-01 15:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-30 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-11-30 09:02 - 2012-11-16 19:16 - 00000000 ___RD () C:\Users\Nikolas\Podcasts
2014-11-30 09:00 - 2013-08-22 09:44 - 00534136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-30 08:59 - 2013-01-21 11:53 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-11-30 08:59 - 2012-11-06 19:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-30 08:56 - 2014-07-12 09:00 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-30 08:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-30 08:55 - 2014-09-18 14:19 - 00000000 ____D () C:\Users\Nikolas
2014-11-26 04:14 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-25 14:02 - 2012-11-06 19:36 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-25 13:13 - 2013-07-30 16:46 - 00000000 ____D () C:\Users\Nikolas\Documents\CD - November
2014-11-21 16:01 - 2012-11-06 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-11-20 15:51 - 2014-10-15 13:11 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-20 15:51 - 2014-10-15 13:11 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-16 18:34 - 2013-01-21 11:54 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\IDM
2014-11-14 17:15 - 2012-11-06 19:28 - 00001076 _____ () C:\Users\Nikolas\Desktop\Dropbox.lnk
2014-11-14 17:15 - 2012-11-06 19:28 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-12 07:02 - 2013-08-15 02:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 06:55 - 2012-12-13 03:10 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Nikolas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7zd5pc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 13:15

==================== End Of Log ============================



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 07 December 2014 - 09:03 AM

I missed this process HKLM-x32\...\Run: [autoauto] => 77496270.bat in my previous fix.
It was installed at the same time as this trojan.
\internetport3.exe


Let see if this will remove the proxy.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:
HKLM-x32\...\Run: [autoauto] => 77496270.bat
ProxyEnable: [S-1-5-21-2455710959-1152450058-1220463979-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2455710959-1152450058-1220463979-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
FF user.js: detected! => C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\dfetanrd.default-1417894074725\user.js
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
C:\WINDOWS\SysWOW64\77496270.bat

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

I'm not sure but again you may have to reset the proxy.

#14 skathari

skathari
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 07 December 2014 - 01:21 PM

Yes, that was it ! Proxy has been removed and computer is back to normal.

 

 

Thank you nasdaq!



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 07 December 2014 - 01:41 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users