Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RogueKiller Detected PUM.dns


  • This topic is locked This topic is locked
13 replies to this topic

#1 Jake Rothermel

Jake Rothermel

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 30 November 2014 - 11:42 PM

I had no idea I had this on my computer; I didn't notice any decrease in performance. I ran RogueKiller and it found 6 cases in the Registry section.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.71.2
Run by owner at 21:27:27 on 2014-11-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8162.4537 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\owner\Downloads\RogueKillerX64(3).exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [RazerGameBooster] C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: LastPass - C:\Users\owner\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\owner\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{1BA2A7EE-149E-42B3-B7ED-12390B0FA0BE} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7328C51A-4570-4447-81AA-E491AB208E62} : DHCPNameServer = 192.168.1.254
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\wic4cwx4.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-14 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-14 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-5-14 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-5-14 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-14 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-14 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-14 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-27 50344]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-9-6 2443960]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-27 1148744]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-7-31 169432]
R2 lxdi_device;lxdi_device;C:\Windows\System32\lxdicoms.exe -service --> C:\Windows\System32\lxdicoms.exe -service [?]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2012-7-31 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2012-7-31 19439944]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-10-31 183488]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-5-15 105448]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2014-11-27 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-11-27 129600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-5 413128]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-27 271752]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2014-3-7 138456]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2014-3-7 424664]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-27 4012248]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-27 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-9-27 38048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-4-22 901848]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-9-4 160424]
S1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2014-5-13 74432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2013-6-25 134656]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 254016]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-4-24 203344]
S3 GunBod;GunBod;C:\Program Files (x86)\SoftnyxGame\GunboundIS\avital\gunbod64.sys [2014-6-9 86352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-18 46568]
S3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-11-11 32344]
S3 NTIOLib_1_0_1;NTIOLib_1_0_1;C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [2014-4-22 14136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2011-8-11 694376]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-5-13 129472]
S3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2013-6-25 38016]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-1 1255736]
S4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2014-7-10 65657]
.
=============== Created Last 30 ================
.
2014-11-30 10:24:03    11632448    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7627BE77-DB68-4FE5-9F1B-5D635A3CCD26}\mpengine.dll
2014-11-29 02:08:48    --------    d-----w-    C:\Windows\SysWow64\vbox
2014-11-29 02:08:48    --------    d-----w-    C:\Windows\System32\vbox
2014-11-28 05:04:00    129600    ----a-w-    C:\Windows\System32\drivers\rzpnk.sys
2014-11-28 05:03:45    37184    ----a-w-    C:\Windows\System32\drivers\rzpmgrk.sys
2014-11-28 04:59:02    43152    ----a-w-    C:\Windows\avastSS.scr
2014-11-20 08:23:06    9728    ----a-w-    C:\Windows\SysWow64\RzStats.IPC.dll
2014-11-11 12:29:26    14147584    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-11 12:28:46    --------    d-----w-    C:\Program Files (x86)\LastPass
2014-11-11 12:28:42    --------    d-----w-    C:\Users\owner\AppData\Roaming\Local
2014-11-08 07:56:54    --------    d-----w-    C:\Program Files (x86)\Infogrames
2014-11-08 07:39:27    --------    d-----w-    C:\Users\owner\AppData\Local\CrashDumps
2014-11-08 07:31:08    --------    d-----w-    C:\Program Files (x86)\Hasbro Interactive
2014-11-08 07:30:13    306688    ----a-w-    C:\Windows\IsUninst.exe
2014-11-06 05:23:02    77656    ----a-w-    C:\Windows\System32\XAPOFX1_5.dll
2014-11-06 05:23:02    74072    ----a-w-    C:\Windows\SysWow64\XAPOFX1_5.dll
2014-11-06 05:23:02    527192    ----a-w-    C:\Windows\SysWow64\XAudio2_7.dll
2014-11-06 05:23:02    518488    ----a-w-    C:\Windows\System32\XAudio2_7.dll
2014-11-06 05:23:01    2526056    ----a-w-    C:\Windows\System32\D3DCompiler_43.dll
2014-11-06 05:23:01    239960    ----a-w-    C:\Windows\SysWow64\xactengine3_7.dll
2014-11-06 05:23:01    176984    ----a-w-    C:\Windows\System32\xactengine3_7.dll
2014-11-06 05:23:00    1907552    ----a-w-    C:\Windows\System32\d3dcsx_43.dll
2014-11-06 05:23:00    1868128    ----a-w-    C:\Windows\SysWow64\d3dcsx_43.dll
2014-11-06 05:20:38    --------    d--h--w-    C:\Windows\msdownld.tmp
2014-11-06 05:20:38    --------    d-----w-    C:\Windows\SysWow64\directx
2014-11-06 05:19:56    --------    d-----w-    C:\Program Files (x86)\RivaTuner Statistics Server
2014-11-06 05:18:42    --------    d-----w-    C:\Program Files (x86)\MSI Afterburner
2014-11-06 05:17:39    29444696    ----a-w-    C:\Program Files (x86)\MSIAfterburnerSetup301.exe
2014-11-06 04:40:53    601432    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-11-05 06:17:40    9735256    ----a-w-    C:\Windows\SysWow64\nvcuda.dll
2014-11-05 06:17:40    9697640    ----a-w-    C:\Windows\SysWow64\nvopencl.dll
2014-11-05 06:17:40    1876296    ----a-w-    C:\Windows\System32\nvdispco6434460.dll
2014-11-05 06:17:40    1539272    ----a-w-    C:\Windows\System32\nvdispgenco6434460.dll
.
==================== Find3M  ====================
.
2014-12-01 04:10:17    37624    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-11-28 04:59:22    1050432    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-11-28 04:59:04    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-11-28 04:59:04    83280    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-28 04:59:04    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-11-28 04:59:04    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-11-28 04:59:04    267632    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-11-28 04:59:04    116728    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-11-28 04:54:43    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-28 04:51:06    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-28 04:51:06    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-24 21:04:56    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-30 02:10:34    2558792    ----a-w-    C:\Windows\System32\nvsvcr.dll
2014-10-20 02:40:31    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-16 16:54:03    1876296    ----a-w-    C:\Windows\System32\nvdispco6434448.dll
2014-10-16 16:54:03    1539272    ----a-w-    C:\Windows\System32\nvdispgenco6434448.dll
2014-10-09 09:07:10    89088    ----a-w-    C:\Windows\SysWow64\rzdevinfo.dll
2014-10-01 18:11:26    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-01 18:11:16    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 18:11:12    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-30 05:32:42    901632    ----a-w-    C:\Windows\SysWow64\rzdevicedll.dll
2014-09-30 05:32:36    419840    ----a-w-    C:\Windows\SysWow64\rzaudiodll.dll
2014-09-17 02:13:36    2193560    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-09-17 02:13:36    1291280    ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
2014-09-17 02:12:40    2799784    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-09-17 02:12:39    1715224    ----a-w-    C:\Windows\System32\nvspbridge64.dll
2014-09-13 23:48:03    1876296    ----a-w-    C:\Windows\System32\nvdispco6434411.dll
2014-09-13 23:48:03    1539272    ----a-w-    C:\Windows\System32\nvdispgenco6434411.dll
2014-09-11 06:57:10    78848    ----a-w-    C:\Windows\SysWow64\rzvirtualdev.dll
2014-09-11 06:57:08    155136    ----a-w-    C:\Windows\SysWow64\rztouchdll.dll
2014-09-11 06:57:02    117248    ----a-w-    C:\Windows\SysWow64\rzdisplaydll.dll
2014-09-05 03:27:52    160424    ----a-w-    C:\Windows\System32\drivers\rzudd.sys
2014-09-04 19:14:38    38048    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-09-04 19:14:38    34976    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2014-09-04 19:14:38    32416    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
.
============= FINISH: 21:27:58.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 05 December 2014 - 11:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/558206 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Jake Rothermel

Jake Rothermel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 06 December 2014 - 11:40 PM

I tried deleting the Pum.dns through Roguekiller, which replaced it, but when I restarted my computer and ran the scan again, the same pum.dns was found.

-I do have my original windows cd.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.71.2
Run by owner at 21:33:40 on 2014-12-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8162.4864 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [RazerGameBooster] C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: LastPass - C:\Users\owner\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\owner\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{1BA2A7EE-149E-42B3-B7ED-12390B0FA0BE} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7328C51A-4570-4447-81AA-E491AB208E62} : DHCPNameServer = 192.168.1.254
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\wic4cwx4.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-14 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-14 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-5-14 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-5-14 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-14 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-14 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-14 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-27 50344]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-9-6 2443960]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-27 1148744]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-7-31 169432]
R2 lxdi_device;lxdi_device;C:\Windows\System32\lxdicoms.exe -service --> C:\Windows\System32\lxdicoms.exe -service [?]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2012-7-31 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2012-7-31 19439944]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-5-15 105448]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2014-11-27 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-11-27 129600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-5 413128]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-27 271752]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2014-3-7 138456]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2014-3-7 424664]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-27 4012248]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-27 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-9-27 38048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-4-22 901848]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-9-4 160424]
S1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2014-5-13 74432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-10-31 183488]
S3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2013-6-25 134656]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 254016]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-4-24 203344]
S3 GunBod;GunBod;C:\Program Files (x86)\SoftnyxGame\GunboundIS\avital\gunbod64.sys [2014-6-9 86352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-18 46568]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-14 129752]
S3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-11-11 32344]
S3 NTIOLib_1_0_1;NTIOLib_1_0_1;C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [2014-4-22 14136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2011-8-11 694376]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-5-13 129472]
S3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2013-6-25 38016]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-1 1255736]
S4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2014-7-10 65657]
.
=============== Created Last 30 ================
.
2014-11-30 10:24:03    11632448    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7627BE77-DB68-4FE5-9F1B-5D635A3CCD26}\mpengine.dll
2014-11-29 02:08:48    --------    d-----w-    C:\Windows\SysWow64\vbox
2014-11-29 02:08:48    --------    d-----w-    C:\Windows\System32\vbox
2014-11-28 05:04:00    129600    ----a-w-    C:\Windows\System32\drivers\rzpnk.sys
2014-11-28 05:03:45    37184    ----a-w-    C:\Windows\System32\drivers\rzpmgrk.sys
2014-11-28 04:59:02    43152    ----a-w-    C:\Windows\avastSS.scr
2014-11-20 08:23:06    9728    ----a-w-    C:\Windows\SysWow64\RzStats.IPC.dll
2014-11-11 12:29:26    14147584    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-11 12:28:46    --------    d-----w-    C:\Program Files (x86)\LastPass
2014-11-11 12:28:42    --------    d-----w-    C:\Users\owner\AppData\Roaming\Local
2014-11-08 07:56:54    --------    d-----w-    C:\Program Files (x86)\Infogrames
2014-11-08 07:39:27    --------    d-----w-    C:\Users\owner\AppData\Local\CrashDumps
2014-11-08 07:31:08    --------    d-----w-    C:\Program Files (x86)\Hasbro Interactive
2014-11-08 07:30:13    306688    ----a-w-    C:\Windows\IsUninst.exe
.
==================== Find3M  ====================
.
2014-12-07 04:22:27    37624    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-12-06 12:01:01    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-28 04:59:22    1050432    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-11-28 04:59:04    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-11-28 04:59:04    83280    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-28 04:59:04    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-11-28 04:59:04    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-11-28 04:59:04    267632    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-11-28 04:59:04    116728    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-11-28 04:51:06    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-28 04:51:06    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-24 21:04:56    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-11-21 13:14:22    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-11-21 13:14:12    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 13:14:08    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-10-30 04:53:26    1876296    ----a-w-    C:\Windows\System32\nvdispco6434460.dll
2014-10-30 04:53:26    1539272    ----a-w-    C:\Windows\System32\nvdispgenco6434460.dll
2014-10-30 02:10:34    2558792    ----a-w-    C:\Windows\System32\nvsvcr.dll
2014-10-20 02:40:31    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-16 16:54:03    1876296    ----a-w-    C:\Windows\System32\nvdispco6434448.dll
2014-10-16 16:54:03    1539272    ----a-w-    C:\Windows\System32\nvdispgenco6434448.dll
2014-10-09 09:07:10    89088    ----a-w-    C:\Windows\SysWow64\rzdevinfo.dll
2014-09-30 05:32:42    901632    ----a-w-    C:\Windows\SysWow64\rzdevicedll.dll
2014-09-30 05:32:36    419840    ----a-w-    C:\Windows\SysWow64\rzaudiodll.dll
2014-09-17 02:13:36    2193560    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-09-17 02:13:36    1291280    ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
2014-09-17 02:12:40    2799784    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-09-17 02:12:39    1715224    ----a-w-    C:\Windows\System32\nvspbridge64.dll
2014-09-13 23:48:03    1876296    ----a-w-    C:\Windows\System32\nvdispco6434411.dll
2014-09-13 23:48:03    1539272    ----a-w-    C:\Windows\System32\nvdispgenco6434411.dll
2014-09-11 06:57:10    78848    ----a-w-    C:\Windows\SysWow64\rzvirtualdev.dll
2014-09-11 06:57:08    155136    ----a-w-    C:\Windows\SysWow64\rztouchdll.dll
2014-09-11 06:57:02    117248    ----a-w-    C:\Windows\SysWow64\rzdisplaydll.dll
2014-06-10 06:05:23    29444696    ----a-w-    C:\Program Files (x86)\MSIAfterburnerSetup301.exe
.
============= FINISH: 21:34:02.16 ===============
 



#4 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:11 PM

Posted 06 December 2014 - 11:44 PM

Hi Jake,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Locate the RogueKiller log and include it in your next reply.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Save this file, do not delete it at this time.

=========================

In your next post please provide the following:

  • aswMBR.txt
  • RogueKiller log
  • What symptoms are you experincing

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#5 Jake Rothermel

Jake Rothermel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 07 December 2014 - 02:51 AM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-06 23:37:46
-----------------------------
23:37:46.170    OS Version: Windows x64 6.1.7601 Service Pack 1
23:37:46.170    Number of processors: 6 586 0x200
23:37:46.171    ComputerName: OWNER-PC  UserName: owner
23:37:48.689    Initialize success
23:37:48.694    VM: initialized successfully
23:37:48.697    VM: Amd CPU supported virtualized
23:37:51.566    AVAST engine defs: 14120601
23:38:11.690    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
23:38:11.695    Disk 0 Vendor: WDC_WD7500AVCS-63ZLB0 01.01B01 Size: 715404MB BusType: 3
23:38:11.794    Disk 0 MBR read successfully
23:38:11.796    Disk 0 MBR scan
23:38:11.799    Disk 0 Windows 7 default MBR code
23:38:11.806    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:38:11.810    Disk 0 default boot code
23:38:11.816    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       715302 MB offset 206848
23:38:11.827    Disk 0 scanning C:\Windows\system32\drivers
23:38:19.465    Service scanning
23:38:36.539    Modules scanning
23:38:36.556    Disk 0 trace - called modules:
23:38:36.787    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:38:36.798    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077a5060]
23:38:36.808    3 CLASSPNP.SYS[fffff8800188943f] -> nt!IofCallDriver -> [0xfffffa8006827520]
23:38:36.819    5 ACPI.sys[fffff88000f2b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006829060]
23:38:39.089    AVAST engine scan C:\Windows
23:38:42.085    AVAST engine scan C:\Windows\system32
23:40:44.366    AVAST engine scan C:\Windows\system32\drivers
23:40:55.461    AVAST engine scan C:\Users\owner
23:47:18.073    AVAST engine scan C:\ProgramData
23:49:04.369    Disk 0 statistics 5496583/0/0 @ 5.43 MB/s
23:49:04.379    Scan finished successfully
23:50:36.123    Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
23:50:36.127    The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

 

 

 

 

 

RogueKiller:

 

 

 

RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Administrator]
Mode : Scan -- Date : 12/07/2014  00:28:03

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] RzStats.Manager.exe -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[-] -> Killed [TermProc]
[Suspicious.Path] RzCefRenderProcess.exe -- C:\Users\owner\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPU-Z (\??\C:\Users\owner\AppData\Local\Temp\GPU-Z.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\owner\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPU-Z (\??\C:\Users\owner\AppData\Local\Temp\GPU-Z.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\owner\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPU-Z (\??\C:\Users\owner\AppData\Local\Temp\GPU-Z.sys) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500AVCS-63ZLB0 ATA Device +++++
--- User ---
[MBR] 0487167853bde2a0d94e755ab5f86af7
[BSP] 486babdf373c81e264c4c477ca3f6438 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 715302 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_10272014_220119.log - RKreport_DEL_10272014_220129.log - RKreport_DEL_10272014_221205.log - RKreport_DEL_10272014_230542.log
RKreport_DEL_11272014_221313.log - RKreport_DEL_12062014_052437.log - RKreport_SCN_10272014_215618.log - RKreport_SCN_10272014_220445.log
RKreport_SCN_10272014_220806.log - RKreport_SCN_10272014_221549.log - RKreport_SCN_10272014_224033.log - RKreport_SCN_10272014_230857.log
RKreport_SCN_10282014_000338.log - RKreport_SCN_11272014_220801.log - RKreport_SCN_11302014_204547.log - RKreport_SCN_11302014_211519.log
RKreport_SCN_12062014_052356.log - RKreport_SCN_12062014_202559.log - RKreport_SCN_12062014_212756.log
 

 

 

 

I really can't tell if I'm experiencing any symptoms or not.



#6 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:11 PM

Posted 07 December 2014 - 10:24 AM

Hi Jake,

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png
  • Please click by the introduction screen on the Next button to continue.
MBAMAnti-Rootkit2update_zpsf85fca28.png
  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
MBAMAnti-Rootkitupdatecomplete_zpscf9f4c
  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png
  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
MBAMAnti-Rootkitscan-results_zps9f0fdf8e
  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================

In your next post please provide the following:
  • checkup.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • system-log.txt
  • mbar-log-year-month-day (hour-minute-second).txt

Edited by OCD, 07 December 2014 - 10:28 AM.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#7 Jake Rothermel

Jake Rothermel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 10 December 2014 - 07:09 AM

 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71  
 Adobe Flash Player 15.0.0.246  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
 Google Chrome (39.0.2171.65)
 Google Chrome (39.0.2171.71)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast ng ngservice.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v4.105 - Report created 10/12/2014 at 04:26:28
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.71

[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1100 octets] - [10/12/2014 04:19:34]
AdwCleaner[R1].txt - [1161 octets] - [10/12/2014 04:23:27]
AdwCleaner[S0].txt - [1380 octets] - [10/12/2014 04:26:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1440 octets] ##########

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by owner on Wed 12/10/2014 at  4:35:27.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\wic4cwx4.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/10/2014 at  4:39:59.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17107

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 8558632960, free: 4616032256

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17107

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 8558632960, free: 5951193088

Downloaded database version: v2014.12.10.05
Downloaded database version: v2014.12.08.03
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     12/10/2014 04:45:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Windows\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rzudd.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\rzpmgrk.sys
\??\C:\Windows\system32\drivers\rzpnk.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\Wldap32.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\ole32.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80077c8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa80067fe060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80077c8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80077c8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80077c8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006801520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80067fe060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AD135906

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1464938496

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

 

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.10.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
owner :: OWNER-PC [administrator]

12/10/2014 4:45:35 AM
mbar-log-2014-12-10 (04-45-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 321826
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


 



#8 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:11 PM

Posted 10 December 2014 - 10:39 AM

Hi Jake Rothermel,

These entries are not malicious. They are placed there by Cox Communications which I would assume is your ISP. We can remove them but they will most likely repopulate.

bullseye_zpse9eaf36e.gif Re-run RogueKiller
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan.
  • After the scan has completed click on the Registry tab
  • Place a check mark next to each of the following entries:
    • [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]
      [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]
      [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]
      [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]
      [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]
      [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]
  • Remove the check mark from all other entries listed
  • Click the Delete button
  • Click the Report button, save the report to your desktop
=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • RKreport log
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#9 Jake Rothermel

Jake Rothermel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 11 December 2014 - 02:11 AM

RogueKiller V10.0.9.0 (x64) [Dec  8 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Administrator]
Mode : Delete -- Date : 12/11/2014  00:02:04

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPU-Z (\??\C:\Users\owner\AppData\Local\Temp\GPU-Z.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPU-Z (\??\C:\Users\owner\AppData\Local\Temp\GPU-Z.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPU-Z (\??\C:\Users\owner\AppData\Local\Temp\GPU-Z.sys) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{14CEB84A-6C84-427B-AD38-534A840D4718} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500AVCS-63ZLB0 ATA Device +++++
--- User ---
[MBR] 0487167853bde2a0d94e755ab5f86af7
[BSP] 486babdf373c81e264c4c477ca3f6438 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 715302 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_10272014_220119.log - RKreport_DEL_10272014_220129.log - RKreport_DEL_10272014_221205.log - RKreport_DEL_10272014_230542.log
RKreport_DEL_11272014_221313.log - RKreport_DEL_12062014_052437.log - RKreport_SCN_10272014_215618.log - RKreport_SCN_10272014_220445.log
RKreport_SCN_10272014_220806.log - RKreport_SCN_10272014_221549.log - RKreport_SCN_10272014_224033.log - RKreport_SCN_10272014_230857.log
RKreport_SCN_10282014_000338.log - RKreport_SCN_11272014_220801.log - RKreport_SCN_11302014_204547.log - RKreport_SCN_11302014_211519.log
RKreport_SCN_12062014_052356.log - RKreport_SCN_12062014_202559.log - RKreport_SCN_12062014_212756.log - RKreport_SCN_12072014_002803.log
RKreport_SCN_12102014_234959.log

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 01
Ran by owner (administrator) on OWNER-PC on 11-12-2014 00:06:45
Running from C:\Users\owner\Desktop
Loaded Profile: owner (Available profiles: owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
( ) C:\Windows\System32\lxdicoms.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Motorola Mobility Inc.) C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\spotify.exe
() C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\owner\Desktop\RogueKillerX64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-09] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-27] (AVAST Software)
HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-455525917-3591099317-176409280-1000\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-455525917-3591099317-176409280-1000\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2105 2014-07-10] ()
HKU\S-1-5-21-455525917-3591099317-176409280-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-455525917-3591099317-176409280-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-455525917-3591099317-176409280-1000\...\MountPoints2: {bc43a809-0891-11e4-beb3-d43d7e35b47d} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-455525917-3591099317-176409280-1000\...\MountPoints2: {bc43aa85-0891-11e4-beb3-d43d7e35b47d} - E:\MotoCastSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-455525917-3591099317-176409280-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-455525917-3591099317-176409280-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\wic4cwx4.default
FF DefaultSearchEngine: Google
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll No File
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\wic4cwx4.default\Extensions\support@lastpass.com [2014-11-11]
FF Extension: NoScript - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\wic4cwx4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-30]
FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\wic4cwx4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-14]

Chrome:
=======
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-01]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-01]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-01]
CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-01]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-27] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-30] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 lxdi_device; C:\Windows\system32\lxdicoms.exe [876976 2007-06-11] ( )
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
S3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-27] ()
S3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [134656 2013-06-25] (SteelSeries Corporation) [File not signed]
S3 GunBod; C:\Program Files (x86)\SoftnyxGame\GunboundIS\avital\gunbod64.sys [86352 2014-06-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-06-25] (SteelSeries Corporation) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-12-10] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-27] (Avast Software)
S3 GPU-Z; \??\C:\Users\owner\AppData\Local\Temp\GPU-Z.sys [X]
S3 ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 NTIOLib_MSISMB_CC; \??\C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [X]
S3 WinRing0_1_2_0; \??\E:\Testing\RealTemp_370\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 00:06 - 2014-12-11 00:07 - 00020813 _____ () C:\Users\owner\Desktop\FRST.txt
2014-12-11 00:05 - 2014-12-11 00:05 - 00000280 _____ () C:\Windows\system32\2014-12-11-07-05-14.065-aswFe.exe-9024.log
2014-12-11 00:04 - 2014-12-11 00:06 - 00000000 ____D () C:\FRST
2014-12-11 00:03 - 2014-12-11 00:03 - 02119680 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2014-12-11 00:02 - 2014-12-11 00:02 - 00003739 _____ () C:\Users\owner\Desktop\RKreport_DEL_12112014_000204.log
2014-12-10 23:44 - 2014-12-10 23:45 - 18315864 _____ () C:\Users\owner\Desktop\RogueKillerX64.exe
2014-12-10 18:41 - 2014-12-10 18:41 - 00000197 _____ () C:\Windows\system32\2014-12-11-01-41-31.061-AvastVBoxSVC.exe-4808.log
2014-12-10 04:45 - 2014-12-10 05:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-10 04:40 - 2014-12-10 04:39 - 00000835 _____ () C:\Users\owner\Desktop\JRT.txt
2014-12-10 04:35 - 2014-12-10 04:35 - 00000000 ____D () C:\Windows\ERUNT
2014-12-10 04:31 - 2014-12-10 04:31 - 00000197 _____ () C:\Windows\system32\2014-12-10-11-31-25.099-AvastVBoxSVC.exe-3976.log
2014-12-10 04:26 - 2014-12-10 04:26 - 00000931 _____ () C:\Users\owner\Desktop\checkup- Newest.txt
2014-12-10 04:18 - 2014-12-10 04:26 - 00000000 ____D () C:\AdwCleaner
2014-12-09 21:51 - 2014-12-10 23:34 - 00000000 ____D () C:\Users\owner\Documents\Access Chapter 4
2014-12-09 21:23 - 2014-12-09 21:23 - 00000197 _____ () C:\Windows\system32\2014-12-10-04-23-45.060-AvastVBoxSVC.exe-4820.log
2014-12-09 04:32 - 2014-12-10 05:01 - 00000000 ____D () C:\Users\owner\Desktop\mbar
2014-12-09 04:31 - 2014-12-09 04:31 - 16448208 _____ (Malwarebytes Corp.) C:\Users\owner\Desktop\mbar-1.08.2.1001.exe
2014-12-09 04:30 - 2014-12-09 04:30 - 01707646 _____ (Thisisu) C:\Users\owner\Desktop\JRT.exe
2014-12-09 04:29 - 2014-12-09 04:30 - 02166272 _____ () C:\Users\owner\Desktop\AdwCleaner.exe
2014-12-09 04:26 - 2014-12-09 04:26 - 00852487 _____ () C:\Users\owner\Desktop\SecurityCheck.exe
2014-12-09 00:09 - 2014-12-09 00:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 20:56 - 2014-12-10 23:17 - 00000000 ____D () C:\Users\owner\Documents\acc04_student_data_files_RTM
2014-12-08 20:56 - 2014-12-08 20:56 - 01861269 _____ () C:\Users\owner\Downloads\acc04_student_data_files_RTM.zip
2014-12-06 23:50 - 2014-12-06 23:50 - 00002152 _____ () C:\Users\owner\Desktop\aswMBR.txt
2014-12-06 23:50 - 2014-12-06 23:50 - 00000512 _____ () C:\Users\owner\Desktop\MBR.dat
2014-12-06 23:31 - 2014-12-06 23:31 - 00000197 _____ () C:\Windows\system32\2014-12-07-06-31-51.022-AvastVBoxSVC.exe-3568.log
2014-12-06 22:53 - 2014-12-06 22:53 - 05198336 _____ (AVAST Software) C:\Users\owner\Desktop\aswMBR.exe
2014-12-06 20:58 - 2014-12-06 20:58 - 00000197 _____ () C:\Windows\system32\2014-12-07-03-58-21.031-AvastVBoxSVC.exe-3196.log
2014-12-06 20:18 - 2014-12-06 20:19 - 00000197 _____ () C:\Windows\system32\2014-12-07-03-18-54.013-AvastVBoxSVC.exe-3188.log
2014-12-05 18:13 - 2014-12-05 18:13 - 00000197 _____ () C:\Windows\system32\2014-12-06-01-13-26.003-AvastVBoxSVC.exe-4780.log
2014-12-03 15:39 - 2014-12-03 15:39 - 00000197 _____ () C:\Windows\system32\2014-12-03-22-39-29.018-AvastVBoxSVC.exe-2340.log
2014-12-02 19:25 - 2014-12-02 19:25 - 00000197 _____ () C:\Windows\system32\2014-12-03-02-25-02.033-AvastVBoxSVC.exe-4372.log
2014-12-01 22:19 - 2014-12-01 22:19 - 00000247 _____ () C:\Windows\system32\2014-12-02-05-19-32.095-aswFe.exe-1436.log
2014-12-01 22:07 - 2014-12-01 22:19 - 00000247 _____ () C:\Windows\system32\2014-12-02-05-07-37.098-aswFe.exe-3228.log
2014-12-01 22:07 - 2014-12-01 22:07 - 00000197 _____ () C:\Windows\system32\2014-12-02-05-07-30.041-AvastVBoxSVC.exe-2908.log
2014-11-30 21:23 - 2014-11-30 21:23 - 00688992 ____R (Swearware) C:\Users\owner\Desktop\dds.com
2014-11-30 21:05 - 2014-11-30 21:05 - 00000197 _____ () C:\Windows\system32\2014-12-01-04-05-21.069-AvastVBoxSVC.exe-3220.log
2014-11-30 14:38 - 2014-11-30 14:38 - 00000197 _____ () C:\Windows\system32\2014-11-30-21-38-20.046-AvastVBoxSVC.exe-2036.log
2014-11-29 18:58 - 2014-11-29 18:58 - 00000197 _____ () C:\Windows\system32\2014-11-30-01-58-01.088-AvastVBoxSVC.exe-4128.log
2014-11-28 19:28 - 2014-11-28 19:29 - 00000247 _____ () C:\Windows\system32\2014-11-29-02-28-59.082-aswFe.exe-5240.log
2014-11-28 19:18 - 2014-11-28 19:28 - 00000247 _____ () C:\Windows\system32\2014-11-29-02-18-24.025-aswFe.exe-6928.log
2014-11-28 19:18 - 2014-11-28 19:18 - 00000197 _____ () C:\Windows\system32\2014-11-29-02-18-17.090-AvastVBoxSVC.exe-5444.log
2014-11-28 19:08 - 2014-11-28 19:08 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-28 19:08 - 2014-11-28 19:08 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-27 22:04 - 2014-11-17 14:37 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2014-11-27 22:03 - 2014-10-31 15:27 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-11-27 21:59 - 2014-11-27 21:59 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-27 21:59 - 2014-11-27 21:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-27 21:59 - 2014-11-27 21:59 - 00001969 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-27 21:55 - 2014-12-06 05:10 - 00000000 ____D () C:\Users\owner\Desktop\RK_Quarantine
2014-11-25 15:23 - 2014-11-25 15:28 - 00917505 _____ () C:\Users\owner\Downloads\acc03_MS13Results.accdb
2014-11-24 02:14 - 2014-11-24 02:17 - 00000000 ____D () C:\Users\owner\Documents\WoW Backups
2014-11-20 01:23 - 2014-11-20 01:23 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-11-19 22:13 - 2014-11-25 16:56 - 00000000 ____D () C:\Users\owner\Documents\Access Chapter 3
2014-11-19 22:02 - 2014-11-25 16:29 - 00000000 ____D () C:\Users\owner\Documents\acc03_student_data_files_RTM
2014-11-19 22:02 - 2014-11-19 22:02 - 01444947 _____ () C:\Users\owner\Downloads\acc03_student_data_files_RTM.zip
2014-11-15 18:36 - 2014-11-16 18:52 - 00002518 ____N () C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2014-11-15 00:58 - 2014-11-15 00:58 - 00000000 ____D () C:\Users\owner\Desktop\Old SavedVariables
2014-11-15 00:29 - 2014-11-15 00:29 - 00001403 _____ () C:\Users\owner\Desktop\World of Warcraft Public Test.lnk
2014-11-15 00:29 - 2014-11-15 00:29 - 00001295 _____ () C:\Users\owner\Desktop\World of Warcraft.lnk
2014-11-12 21:33 - 2014-11-12 23:21 - 00000000 ____D () C:\Users\owner\Documents\Access Chapter 2
2014-11-12 21:26 - 2014-11-12 22:59 - 00000000 ____D () C:\Users\owner\Documents\acc02_student_data_files_RTM
2014-11-12 21:25 - 2014-11-12 21:25 - 00965352 _____ () C:\Users\owner\Downloads\acc02_student_data_files_RTM.zip
2014-11-11 05:28 - 2014-11-11 05:29 - 00000000 ____D () C:\Program Files (x86)\LastPass
2014-11-11 05:28 - 2014-11-11 05:28 - 14147584 _____ () C:\Users\owner\Downloads\lastpass_x64.exe
2014-11-11 05:28 - 2014-11-11 05:28 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2014-11-11 05:28 - 2014-11-11 05:28 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2014-11-11 05:28 - 2014-11-11 05:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 23:51 - 2014-05-13 16:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 23:46 - 2014-10-27 21:50 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-10 23:45 - 2014-09-06 20:55 - 00004972 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for owner-PC-owner owner-PC
2014-12-10 23:45 - 2014-02-01 10:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-10 22:20 - 2012-07-31 22:18 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE30BDB1-4C5C-49E6-A15D-3EFF09FEAC5B}
2014-12-10 21:26 - 2012-08-01 00:20 - 01505707 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 20:10 - 2014-05-27 22:08 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Spotify
2014-12-10 19:40 - 2014-05-27 22:09 - 00000000 ____D () C:\Users\owner\AppData\Local\Spotify
2014-12-10 18:48 - 2009-07-13 21:45 - 00029968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 18:48 - 2009-07-13 21:45 - 00029968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 18:40 - 2014-07-10 18:29 - 00000000 ____D () C:\Users\owner\.gstreamer-0.10
2014-12-10 18:40 - 2014-07-10 18:25 - 00000000 ____D () C:\Users\owner\AppData\Roaming\MotoCast
2014-12-10 18:40 - 2014-05-14 15:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-10 18:39 - 2014-07-10 18:28 - 00000000 ____D () C:\Temp
2014-12-10 18:39 - 2014-04-24 01:26 - 00052273 _____ () C:\Windows\setupact.log
2014-12-10 18:39 - 2014-02-01 10:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-10 18:39 - 2012-07-31 22:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-10 18:39 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 04:45 - 2014-05-14 15:12 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-10 04:43 - 2014-05-14 15:12 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-10 04:28 - 2014-05-13 00:16 - 00032010 _____ () C:\Windows\PFRO.log
2014-12-10 04:28 - 2014-05-12 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 22:51 - 2014-05-13 16:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 22:51 - 2014-05-13 16:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 22:51 - 2014-05-13 16:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 21:25 - 2014-09-06 22:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-08 20:54 - 2014-08-03 14:52 - 00000024 _____ () C:\Users\owner\random.dat
2014-12-08 20:53 - 2014-08-03 14:52 - 00000044 _____ () C:\Users\owner\jagex_cl_oldschool_LIVE.dat
2014-12-06 22:51 - 2014-05-12 20:15 - 00000000 ____D () C:\Users\owner\AppData\Local\Battle.net
2014-12-06 22:00 - 2014-06-02 02:28 - 00000000 ____D () C:\Users\owner\AppData\Local\Deployment
2014-12-06 21:44 - 2014-05-12 20:15 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-12-06 21:43 - 2014-05-12 21:49 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2014-12-06 21:41 - 2014-05-12 20:15 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-06 05:00 - 2014-05-14 15:12 - 00001156 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-06 05:00 - 2014-05-14 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 05:00 - 2014-05-14 15:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-28 19:08 - 2014-04-24 01:43 - 00113464 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-28 19:07 - 2014-05-13 20:00 - 00000000 ____D () C:\Users\owner\AppData\Local\Razer
2014-11-28 19:04 - 2009-07-13 21:45 - 00462480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-27 22:04 - 2014-05-13 19:59 - 00000000 ____D () C:\ProgramData\Razer
2014-11-27 22:03 - 2014-05-13 19:59 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-27 22:03 - 2014-04-24 01:49 - 00183406 _____ () C:\Windows\DPINST.LOG
2014-11-27 22:02 - 2014-05-13 20:23 - 00001941 _____ () C:\Users\owner\Desktop\Razer Synapse 2.0.lnk
2014-11-27 21:59 - 2014-05-14 15:58 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-27 21:59 - 2014-05-14 15:58 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-27 21:59 - 2014-05-14 15:58 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-27 21:59 - 2014-05-14 15:58 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-27 21:59 - 2014-05-14 15:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-27 21:59 - 2014-05-14 15:58 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-27 21:59 - 2014-05-14 15:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-27 21:59 - 2014-05-14 15:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-24 14:04 - 2010-11-20 20:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 06:14 - 2014-05-14 15:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-05-14 15:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-21 01:11 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-19 22:08 - 2014-09-06 18:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-18 23:51 - 2014-11-08 00:39 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2014-11-16 18:52 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-15 00:29 - 2014-08-02 17:12 - 00154624 ___SH () C:\Users\owner\Desktop\Thumbs.db
2014-11-14 17:39 - 2014-02-01 10:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 17:39 - 2014-02-01 10:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 21:30 - 2014-05-27 22:09 - 00001805 _____ () C:\Users\owner\Desktop\Spotify.lnk

Files to move or delete:
====================
C:\Users\owner\jagex_cl_oldschool_LIVE.dat
C:\Users\owner\random.dat


Some content of TEMP:
====================
C:\Users\owner\AppData\Local\Temp\dllnt_dump.dll
C:\Users\owner\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\owner\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\owner\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\MotoCast_Installer_2.0.31.exe
C:\Users\owner\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\owner\AppData\Local\Temp\ntdll_dump.dll
C:\Users\owner\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\owner\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\owner\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\owner\AppData\Local\Temp\nvStInst.exe
C:\Users\owner\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\owner\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 02:27

==================== End Of Log ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 01
Ran by owner at 2014-12-11 00:07:17
Running from C:\Users\owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.16.0 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Axis and Allies (HKLM-x32\...\Axis and Allies) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version:  - Stunlock Studios)
C:\Program Files (x86)\Criterion Studios\Redline Racer (HKLM-x32\...\Redline Racer) (Version:  - )
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
CPUID CPU-Z 1.65.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Curse Client (HKU\S-1-5-21-455525917-3591099317-176409280-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Geneforge 4 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GunboundIS (HKLM-x32\...\GunboundIS_is1) (Version:  - Softnyx co.,ltd.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-455525917-3591099317-176409280-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NyxLauncherIS (HKLM-x32\...\NyxLauncherIS_is1) (Version:  - Softnyx co.,ltd.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-455525917-3591099317-176409280-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Test Drive 6 (HKLM-x32\...\Test Drive 6) (Version:  - Infogrames)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Guns: Gun Disassembly (HKLM-x32\...\Steam App 262410) (Version:  - Noble Empire Corp.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-455525917-3591099317-176409280-1000_Classes\CLSID\{29945a3f-64ff-4ed8-930c-d7a3911e0e93}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-455525917-3591099317-176409280-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-455525917-3591099317-176409280-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-455525917-3591099317-176409280-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-455525917-3591099317-176409280-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-455525917-3591099317-176409280-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

11-11-2014 06:42:09 Windows Update
16-11-2014 21:01:51 Windows Update
28-11-2014 04:57:40 avast! antivirus system restore point
30-11-2014 10:22:42 Windows Update
09-12-2014 01:23:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EF94D0A-6D19-4312-9B21-29671A09E7B2} - System32\Tasks\{4B300BAE-16BB-435A-9337-21A5AC9F16BE} => C:\Program Files (x86)\Criterion Studios\Redline Racer\rlr_D3d.exe
Task: {11D20EA3-96A9-4BFA-B6BB-61D9A72B4BD5} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {1D180BF2-925C-4EBE-8E0A-04B270CC4A45} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {21248D8D-5383-4EAF-8429-50654007B34B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {370A1FA7-96D8-4995-921A-E40B3B136A65} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {3C8E7795-73DF-4B18-9F9F-7A1A673828C8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for owner-PC-owner owner-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {40F412D6-ED62-402E-AEF6-4434317CF3EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: {730BB1A2-1B92-4928-AB1B-3F27BA346A49} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {84C03806-66D0-467F-A20A-E7AC3D282222} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {8D3AEC1F-4D10-4FE9-AC3C-44A5154EBA34} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-27] (AVAST Software)
Task: {B40FB2AB-B505-4681-A05A-B29AB16B2D80} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {C23D90D7-DD2E-48EE-B06E-3419C2F465D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: {ED5C9ED9-D75B-4A01-9C3B-6F871FB6059E} - System32\Tasks\{280531A6-00FD-4C9C-ADF6-E1E416CA5D34} => C:\Program Files (x86)\Criterion Studios\Redline Racer\rlr_D3d.exe
Task: {F8C5BD00-7D20-49D8-AA87-6D7E83572783} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {FFE55C09-6284-4C94-88A9-C59B27C3BB3D} - System32\Tasks\{68AEB545-B329-4429-9AC7-BA37313D5B5B} => C:\Program Files (x86)\Criterion Studios\Redline Racer\rlr_D3d.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-31 22:52 - 2014-05-19 18:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-19 22:07 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-12 21:25 - 2007-03-15 20:11 - 00138240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdidrpp.dll
2014-09-06 18:18 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00240056 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
2014-10-31 15:27 - 2014-10-31 15:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-11-27 21:58 - 2014-11-27 21:58 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-27 21:58 - 2014-11-27 21:58 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-05-27 22:09 - 2014-12-10 19:40 - 00374840 _____ () C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-12-10 23:44 - 2014-12-10 23:45 - 18315864 _____ () C:\Users\owner\Desktop\RogueKillerX64.exe
2014-11-27 21:58 - 2014-11-27 21:58 - 02535240 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.DLL
2014-11-27 21:58 - 2014-11-27 21:58 - 00677656 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2014-11-27 21:58 - 2014-11-27 21:58 - 00031296 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxSharedClipboard.DLL
2014-11-27 21:58 - 2014-11-27 21:58 - 00048296 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDragAndDropSvc.DLL
2014-11-27 21:58 - 2014-11-27 21:58 - 00047784 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxGuestControlSvc.DLL
2014-11-27 21:58 - 2014-11-27 21:58 - 01533568 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDD.DLL
2014-11-27 21:58 - 2014-11-27 21:58 - 00203832 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDD2.dll
2014-11-27 21:58 - 2014-11-27 21:58 - 00042128 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxSharedFolders.DLL
2014-12-10 02:20 - 2014-12-10 02:20 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14121000\algo.dll
2014-11-27 21:58 - 2014-11-27 21:58 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-10 18:40 - 2014-12-10 18:40 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14121001\algo.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 21:37 - 2012-09-07 21:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2013-10-31 08:05 - 2013-10-31 08:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-05-15 17:28 - 2012-11-20 13:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dll
2014-05-15 17:28 - 2013-11-12 06:57 - 00098304 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll
2014-12-10 18:40 - 2014-12-10 18:40 - 00205824 ____N () C:\Users\owner\AppData\Local\Temp\WindowsAPI.dll6415907103074630205.lib
2014-07-10 18:29 - 2014-07-10 18:29 - 00509440 _____ () C:\Users\owner\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
2014-11-27 21:59 - 2014-11-27 21:59 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00699392 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 01396736 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libxml2-2.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00085504 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\z.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00030208 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00471552 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00253440 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00109568 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00053760 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00014848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00038400 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00018944 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00048640 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00126976 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00038912 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00017920 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00248352 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00014848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00123947 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00015360 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00133120 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00098304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00078848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00052224 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00019456 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00032256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00029184 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00123904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00041984 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00212480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00011776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00016896 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00086016 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00091136 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00073216 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00026624 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00187904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00069120 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00331264 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00023552 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libogg-0.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 01694208 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00122880 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 02009600 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00033280 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00036864 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00088064 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 01376256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 01563136 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00363008 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00531968 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00119296 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00075776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00029696 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00018944 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00037888 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00032256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00034304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00035840 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00276480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstisomp4.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00069632 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00059904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00276992 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00019456 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00207872 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00047616 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00150528 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00039936 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00024576 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00015360 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00025088 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00132608 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00029184 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00190976 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libpng14-14.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00035328 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00011264 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstshift.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00054784 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00051712 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00061952 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00059904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00032768 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00024576 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00075776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00034304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00053760 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00162304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 01520128 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00050688 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00196608 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00042496 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
2012-10-19 12:46 - 2012-10-19 12:46 - 00013312 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
2012-07-31 22:00 - 2013-12-09 23:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-05-27 22:09 - 2014-12-10 19:40 - 36966968 _____ () C:\Users\owner\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-30 15:28 - 2014-12-10 19:40 - 00867896 _____ () C:\Users\owner\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-05-27 22:09 - 2014-12-10 19:40 - 00886840 _____ () C:\Users\owner\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-05-27 22:09 - 2014-12-10 19:40 - 00108600 _____ () C:\Users\owner\AppData\Roaming\Spotify\Data\libegl.dll
2014-12-09 22:51 - 2014-12-09 22:51 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
2014-12-09 00:09 - 2014-12-09 00:09 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-11 05:29 - 2014-11-11 05:29 - 01020928 _____ () C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\wic4cwx4.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Spotify => "C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-455525917-3591099317-176409280-500 - Administrator - Disabled)
Guest (S-1-5-21-455525917-3591099317-176409280-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-455525917-3591099317-176409280-1002 - Limited - Enabled)
owner (S-1-5-21-455525917-3591099317-176409280-1000 - Administrator - Enabled) => C:\Users\owner

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2014 06:41:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/11/2014 00:05:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/10/2014 07:35:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (12/10/2014 07:28:45 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (12/10/2014 06:41:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RzFilter


Microsoft Office Sessions:
=========================
Error: (12/10/2014 06:41:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 54%
Total physical RAM: 8162.15 MB
Available physical RAM: 3753.04 MB
Total Pagefile: 16322.48 MB
Available Pagefile: 12517.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:552.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AD135906)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#10 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:11 PM

Posted 11 December 2014 - 10:32 AM

Hi Jake Rothermel,

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
C:\Users\owner\jagex_cl_oldschool_LIVE.dat
C:\Users\owner\random.dat
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#11 Jake Rothermel

Jake Rothermel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 December 2014 - 04:43 AM

Neither MalwareBytes nor ESET found any threats.  Computer has run fine from the start and still is, and I haven't really noticed any symptoms

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2014 01
Ran by owner at 2014-12-11 22:18:24 Run:1
Running from C:\Users\owner\Desktop
Loaded Profile: owner (Available profiles: owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
C:\Users\owner\jagex_cl_oldschool_LIVE.dat
C:\Users\owner\random.dat
EmptyTemp:
End
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => Key deleted successfully.
C:\Users\owner\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\owner\random.dat => Moved successfully.
EmptyTemp: => Removed 2.6 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/12/2014
Scan Time: 1:08:01 AM
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.12.02
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320308
Time Elapsed: 7 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#12 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:11 PM

Posted 12 December 2014 - 09:28 PM

Hi Jake Rothermel,

Your logs appear to be clean. :thumbup2:

We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif Remove Disinfection Tools

  • Download Delfix
  • Tick the following boxes:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    Delfix_zpsbce6c60b.gif
  • Click Run
  • Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =


With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate windows and frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware

CryptoPrevent_zps7ddc3ebd.jpg

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Green should be good to go
  • Yellow for caution
  • Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

  • Windows XP:
    Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
    If you are running Windows XP, please take the time to read the information provided at these links.
  • Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
  • Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#13 Jake Rothermel

Jake Rothermel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 13 December 2014 - 05:44 PM

Thank you very much for helping me, all seems to be going well!



#14 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:11 PM

Posted 13 December 2014 - 09:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users