Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hacking that I can't get rid of


  • This topic is locked This topic is locked
23 replies to this topic

#1 Andycostin

Andycostin

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 09 December 2014 - 06:47 AM

Hi, 

 

Hoping someone can assist me to find what is causing the constant browser redirects that I'm constantly getting. I've a dell laptop running windows 8.1 and Chrome and constantly get "Orangesoft" and other browser redirects that I cannot find the source of. I've tried looking at recently installed programs, but there's nothing other than those that I know are legit. 

 

Any assistance would be greatly appreciated!

 

Andy



BC AdBot (Login to Remove)

 


#2 Andycostin

Andycostin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 09 December 2014 - 07:04 AM

Redirects also include "www.boxesis.net" and "http://www.dlside.com/" (which has become more frequent in the past few days).



#3 Andycostin

Andycostin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 11 December 2014 - 05:21 AM

Any ideas? Really appreciate any assistance - it's doing my head in!



#4 Andycostin

Andycostin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 13 December 2014 - 03:26 AM

Anybody?



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 AM

Posted 14 December 2014 - 06:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559160 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 Andycostin

Andycostin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 14 December 2014 - 05:07 PM

Hi, 

 

Thanks for the response! Greatly appreciate any assistance you can give me. Below is the output of FRST(64) as my computer is running Windows 8.1 and unable to run DDS. I also have the windows install discs if required.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Andrew (administrator) on ANDYS-PC on 15-12-2014 08:54:58
Running from C:\Users\Andrew\Downloads
Loaded Profile: Andrew (Available profiles: Andrew)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Flexera Software LLC.) C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe
(Flexera Software LLC.) C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe
(Siemens PLM Software Inc.) C:\Program Files\Siemens\PLMLicenseServer\ugslmd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(BitTorrent Inc.) C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Users\Andrew\AppData\Local\Viber\Viber.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] => "C:\ProgramData\cisF024.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cis83D9.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\C2MP\CodecUACManager.exe [58648 2014-09-28] ()
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [uTorrent] => C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2014-12-11] (BitTorrent Inc.)
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [Viber] => C:\Users\Andrew\AppData\Local\Viber\Viber.exe [936656 2014-09-02] ()
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\RunOnce: [Adobe Speed Launcher] => 1418593262
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://search.gboxapp.com/
CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-28] (Comodo Security Solutions, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Siemens PLM License Server; C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe [1830736 2013-01-18] (Flexera Software LLC.)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-07-17] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 AST FLEXnet License Server; C:\Program Files (x86)\AVL\tools\licensemanager\v11.10-ast2\bin\bin.ia32-unknown-winnt_i11\lmadmin\lmadmin.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-02] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-19] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-09-14] (Disc Soft Ltd)
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-09-14] (Duplex Secure Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [97792 2011-09-22] (WIBU-SYSTEMS AG)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
U4 CmdAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 08:55 - 2014-12-15 08:55 - 00000165 ____H () C:\Users\Andrew\Desktop\~$POW0021K (Autosaved).xlsx
2014-12-15 08:41 - 2014-12-15 08:41 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds (2).com
2014-12-15 08:30 - 2014-12-15 08:31 - 00145582 _____ () C:\Users\Andrew\Desktop\POW0021K (Autosaved).xlsx
2014-12-15 08:29 - 2014-12-15 08:29 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds (1).com
2014-12-15 08:27 - 2014-12-15 08:27 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-12-11 21:29 - 2014-10-31 10:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-11 21:29 - 2014-10-31 10:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-11 21:28 - 2014-11-10 13:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-11 21:28 - 2014-11-10 12:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 21:28 - 2014-11-01 10:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-11 21:28 - 2014-11-01 10:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-11 21:18 - 2014-11-22 14:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 21:18 - 2014-11-22 13:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 21:18 - 2014-11-07 15:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 21:18 - 2014-11-07 14:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 21:18 - 2014-10-13 13:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-11 21:18 - 2014-10-13 13:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-11 21:18 - 2014-10-13 13:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-11 21:18 - 2014-10-13 13:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-11 21:17 - 2014-11-22 13:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 21:17 - 2014-11-22 13:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 21:17 - 2014-11-22 13:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-11 21:17 - 2014-11-22 13:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 21:17 - 2014-11-22 13:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-11 21:17 - 2014-11-22 13:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 21:17 - 2014-11-22 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 21:17 - 2014-11-22 13:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 21:17 - 2014-11-22 13:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-11 21:17 - 2014-11-22 13:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-11 21:17 - 2014-11-22 13:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 21:17 - 2014-11-22 13:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 21:17 - 2014-11-22 13:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 21:17 - 2014-11-22 12:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-11 21:17 - 2014-11-22 12:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-11 21:17 - 2014-11-22 12:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-11 21:17 - 2014-11-22 12:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 21:17 - 2014-11-22 12:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 21:17 - 2014-11-22 12:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 21:17 - 2014-11-22 12:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 21:17 - 2014-11-22 12:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 21:17 - 2014-11-22 12:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 21:17 - 2014-11-22 12:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-11 21:17 - 2014-11-22 12:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 21:17 - 2014-11-22 12:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 21:17 - 2014-11-22 12:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-11 21:17 - 2014-11-22 12:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 21:17 - 2014-11-22 12:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-11 21:17 - 2014-11-22 12:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 21:17 - 2014-11-22 12:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 21:17 - 2014-11-22 12:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 21:17 - 2014-11-22 12:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 21:17 - 2014-11-22 12:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 21:17 - 2014-11-22 12:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 21:17 - 2014-11-22 12:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 21:17 - 2014-11-22 11:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 21:17 - 2014-11-22 11:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 22:39 - 2014-12-09 22:41 - 00028021 _____ () C:\Users\Andrew\Downloads\Addition.txt
2014-12-09 22:39 - 2014-12-09 22:39 - 01295360 _____ () C:\Users\Andrew\Downloads\zoek.exe
2014-12-09 22:38 - 2014-12-15 08:54 - 00017650 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-12-09 22:37 - 2014-12-15 08:55 - 00000000 ____D () C:\FRST
2014-12-09 22:35 - 2014-12-09 22:36 - 02119680 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-12-09 22:34 - 2014-12-09 22:34 - 00619044 _____ () C:\Users\Andrew\Downloads\ESETPoweliksCleaner.exe_20141209.223424.7260.log
2014-12-09 22:33 - 2014-12-09 22:34 - 00186568 _____ (ESET) C:\Users\Andrew\Downloads\ESETPoweliksCleaner.exe
2014-12-09 22:11 - 2014-12-09 22:11 - 00056562 _____ () C:\Users\Andrew\Downloads\P1010239.jpeg
2014-12-09 21:48 - 2014-12-09 21:50 - 05601243 _____ (Swearware) C:\Users\Andrew\Downloads\ComboFix.exe
2014-12-09 21:44 - 2014-12-09 21:45 - 02166272 _____ () C:\Users\Andrew\Downloads\adwcleaner_4.105.exe
2014-12-08 21:18 - 2014-12-08 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-12-08 21:18 - 2014-12-08 21:23 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-12-08 21:10 - 2014-12-08 21:17 - 16513448 _____ (Anvisoft) C:\Users\Andrew\Downloads\csbsetup.exe
2014-12-08 20:46 - 2014-12-08 21:24 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-07 18:30 - 2014-12-07 18:31 - 00000000 ____D () C:\Users\Andrew\Downloads\Sment
2014-12-01 17:06 - 2014-12-01 17:06 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-12-01 17:06 - 2014-12-01 17:06 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-12-01 16:46 - 2014-12-07 18:03 - 00018162 _____ () C:\Users\Andrew\Desktop\Thankyous.xlsx
2014-11-30 17:44 - 2014-11-30 17:44 - 00018643 _____ () C:\Users\Andrew\Downloads\+-demonoid.ph-+_Al_Green_The_Very_Best_Of_Al_Green_(2001)_DHZ_Inc_Release_7455741.1196.TORRENT
2014-11-30 17:03 - 2014-11-30 17:03 - 00015669 _____ () C:\Users\Andrew\Downloads\_=demonoid.ph=_-Very_Best_of_Al_Green_7455741.1196.TORRENT
2014-11-30 17:00 - 2014-11-30 17:00 - 01015160 _____ () C:\Users\Andrew\Downloads\Al Green - Greatest Hits (1975) 1995 Re-Release [Mp3 320] TNT Vi.exe
2014-11-30 12:57 - 2014-11-30 12:57 - 00698223 _____ () C:\Users\Andrew\Downloads\SWH-less-700l-v22.xlsx
2014-11-24 11:23 - 2014-11-24 12:38 - 00000000 ____D () C:\AVL
2014-11-24 10:23 - 2014-11-24 10:51 - 00000311 _____ () C:\Users\Andrew\jobstate
2014-11-24 10:01 - 2014-11-24 10:01 - 00000264 _____ () C:\Users\Andrew\Downloads\download
2014-11-23 20:26 - 2014-11-23 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2014-11-23 20:25 - 2014-11-23 20:26 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-11-23 20:25 - 2014-11-23 20:25 - 31894592 _____ (Media Player - Codec Pack) C:\Users\Andrew\Downloads\media.player.codec.pack.v4.3.4.setup(1).exe
2014-11-23 20:23 - 2014-11-23 20:23 - 00231600 _____ (Download.com) C:\Users\Andrew\Downloads\media.player.codec.pack.v4.3.4.setup.exe
2014-11-23 20:16 - 2014-11-23 20:16 - 00371016 _____ () C:\Users\Andrew\Downloads\SoftonicDownloader_for_mkv-player.exe
2014-11-23 19:58 - 2014-11-24 11:49 - 00001655 _____ () C:\Users\Public\Desktop\AVL AST v2014.lnk
2014-11-23 19:57 - 2014-11-23 19:57 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2014-11-23 19:18 - 2014-11-23 19:18 - 00000000 ____D () C:\Program Files (x86)\FlexMergeModule
2014-11-23 15:30 - 2014-11-23 15:30 - 00005437 ____H () C:\Users\Andrew\.fs.xml
2014-11-23 15:29 - 2014-11-23 15:29 - 00000218 _____ () C:\Users\Andrew\AppData\Local\recently-used.xbel
2014-11-23 15:20 - 2014-11-23 15:20 - 00153919 _____ () C:\Users\Andrew\Downloads\[rutracker.org].t4767525.torrent
2014-11-23 15:19 - 2014-11-23 15:19 - 00022562 _____ () C:\Users\Andrew\Downloads\AVL_Suite_2014_0_(Workspace_Suite_2014_0)_x86_x64-(demonoid.ph).TORRENT
2014-11-23 15:18 - 2014-11-24 10:39 - 00000000 ____D () C:\Users\Andrew\.matplotlib
2014-11-23 15:17 - 2014-11-24 10:27 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Python-Eggs
2014-11-23 15:16 - 2014-11-24 10:27 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AVL
2014-11-23 11:34 - 2014-11-24 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVL
2014-11-23 11:34 - 2014-11-24 10:27 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\AVL
2014-11-23 11:34 - 2014-11-23 11:34 - 00001977 _____ () C:\Users\Public\Desktop\CRUISE M v2014.lnk
2014-11-23 11:34 - 2014-11-23 11:34 - 00000000 ____D () C:\ProgramData\AVL
2014-11-23 11:10 - 2014-12-01 17:01 - 00000000 ____D () C:\Program Files (x86)\AVL
2014-11-21 21:36 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CutePDF Writer
2014-11-21 21:33 - 2014-11-21 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-11-21 21:33 - 2014-11-21 21:33 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-11-21 21:33 - 2014-11-21 21:33 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-11-21 21:33 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\system32\cpwmon64.dll
2014-11-21 21:32 - 2014-11-21 21:32 - 02395080 _____ (Acro Software Inc. ) C:\Users\Andrew\Downloads\CuteWriter.exe
2014-11-21 13:07 - 2014-11-21 13:09 - 00000000 ____D () C:\Users\Andrew\Graphisoft
2014-11-21 13:07 - 2014-11-21 13:07 - 00000000 ____D () C:\Users\Andrew\Documents\BIMx
2014-11-21 13:07 - 2014-11-21 13:07 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Graphisoft
2014-11-21 13:07 - 2014-11-21 13:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Graphisoft
2014-11-21 13:06 - 2014-11-21 13:06 - 00001255 _____ () C:\Users\Public\Desktop\BIMx for ArchiCAD 16.lnk
2014-11-21 13:06 - 2014-11-21 13:06 - 00001072 _____ () C:\Users\Public\Desktop\ArchiCAD 16.lnk
2014-11-21 13:05 - 2014-11-21 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey
2014-11-21 13:05 - 2014-11-21 13:05 - 00000000 ____D () C:\Program Files (x86)\GRAPHISOFT
2014-11-21 13:05 - 2011-12-16 14:40 - 00471952 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WibuXpm4J64.dll
2014-11-21 13:05 - 2011-12-16 14:40 - 00375184 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WibuXpm4J32.dll
2014-11-21 13:05 - 2009-12-03 16:00 - 00430080 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\wibuKJni64.dll
2014-11-21 13:05 - 2009-12-03 16:00 - 00418304 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkExt64.dll
2014-11-21 13:05 - 2009-12-03 16:00 - 00344576 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\wibuKJni.dll
2014-11-21 13:05 - 2009-12-03 16:00 - 00333824 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkExt32.dll
2014-11-21 13:05 - 2009-12-03 16:00 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lde
2014-11-21 13:05 - 2009-12-03 16:00 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lde
2014-11-21 13:05 - 2009-12-03 16:00 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lfr
2014-11-21 13:05 - 2009-12-03 16:00 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.les
2014-11-21 13:05 - 2009-12-03 16:00 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lbr
2014-11-21 13:05 - 2009-12-03 16:00 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lfr
2014-11-21 13:05 - 2009-12-03 16:00 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.les
2014-11-21 13:05 - 2009-12-03 16:00 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lit
2014-11-21 13:05 - 2009-12-03 16:00 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lit
2014-11-21 13:05 - 2009-12-03 16:00 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.ljp
2014-11-21 13:05 - 2009-12-03 16:00 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.ljp
2014-11-21 13:05 - 2009-12-03 16:00 - 00020480 _____ () C:\Windows\SysWOW64\WkWin32.lhu
2014-11-21 13:05 - 2009-12-03 16:00 - 00020480 _____ () C:\Windows\system32\WkWin64.lhu
2014-11-21 13:05 - 2009-12-03 16:00 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lcn
2014-11-21 13:05 - 2009-12-03 16:00 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lcn
2014-11-21 13:05 - 2009-08-07 18:59 - 00016896 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\Drivers\Wibukey2_64.sys
2014-11-21 13:04 - 2014-11-21 13:04 - 00000000 ____D () C:\Program Files\WIBU-SYSTEMS
2014-11-21 13:04 - 2014-11-21 13:04 - 00000000 ____D () C:\Program Files (x86)\WIBU-SYSTEMS
2014-11-21 13:04 - 2014-11-21 13:04 - 00000000 ____D () C:\Program Files (x86)\WIBUKEY
2014-11-21 13:04 - 2011-09-22 15:00 - 00097792 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\Drivers\WibuKey64.sys
2014-11-21 13:04 - 2009-12-03 16:00 - 00169984 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.dll
2014-11-21 13:04 - 2009-12-03 16:00 - 00150528 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.dll
2014-11-21 13:03 - 2014-11-21 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-21 13:03 - 2014-11-21 13:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-21 12:45 - 2014-11-21 13:05 - 00008075 _____ () C:\Windows\vpd.properties
2014-11-21 12:38 - 2014-11-21 13:05 - 00000000 ____D () C:\Program Files\GRAPHISOFT
2014-11-21 12:38 - 2014-11-21 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRAPHISOFT
2014-11-21 12:34 - 2014-11-21 13:05 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Install.GS
2014-11-21 12:34 - 2014-10-31 21:39 - 00883624 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-11-21 12:34 - 2014-10-31 21:39 - 00806824 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-11-21 12:34 - 2014-10-31 21:39 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-21 12:34 - 2014-10-31 21:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-21 12:34 - 2014-10-31 21:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-20 18:46 - 2014-11-20 18:46 - 00477632 _____ () C:\Users\Andrew\Downloads\YourDownload.exe
2014-11-20 18:46 - 2014-11-20 18:46 - 00011888 _____ () C:\Users\Andrew\Downloads\[kickasstorrent.link]avl.cruise.m.2014c.x86.x64.torrent
2014-11-20 18:01 - 2014-11-10 10:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 18:01 - 2014-11-10 10:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 18:01 - 2014-11-10 10:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 18:01 - 2014-11-10 10:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 11:03 - 2014-11-18 11:03 - 00000470 _____ () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data (E).lnk
2014-11-17 09:20 - 2014-12-13 22:04 - 00000000 ____D () C:\Users\Andrew\Desktop\New folder
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 08:55 - 2014-06-14 10:12 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\uTorrent
2014-12-15 08:51 - 2014-06-13 22:22 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3598024770-3521703292-2498229946-1001
2014-12-15 08:51 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-15 08:50 - 2014-06-20 16:24 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Skype
2014-12-15 08:48 - 2014-06-13 21:06 - 01424780 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 08:47 - 2014-10-23 20:27 - 00000000 ___RD () C:\Users\Andrew\Dropbox
2014-12-15 08:47 - 2014-10-23 20:19 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Dropbox
2014-12-15 08:45 - 2014-10-23 20:27 - 00001070 _____ () C:\Users\Andrew\Desktop\Dropbox.lnk
2014-12-15 08:45 - 2014-10-23 20:24 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-15 08:41 - 2014-10-05 21:56 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\ViberPC
2014-12-15 08:40 - 2014-10-05 21:55 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Viber
2014-12-15 08:40 - 2014-06-13 22:22 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 08:40 - 2014-06-13 21:09 - 00000000 ___DO () C:\Users\Andrew\OneDrive
2014-12-15 08:33 - 2013-08-23 01:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 08:33 - 2013-08-23 00:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-15 08:32 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-12-15 08:32 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-15 08:32 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-15 08:32 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-12-15 08:32 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-15 08:27 - 2013-08-23 02:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-15 08:25 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-14 08:23 - 2014-06-14 09:59 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Adobe
2014-12-13 20:42 - 2014-06-13 22:23 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 19:34 - 2014-06-13 21:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Packages
2014-12-12 19:06 - 2014-07-06 18:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 18:17 - 2013-08-23 01:46 - 00040977 _____ () C:\Windows\setupact.log
2014-12-12 13:33 - 2014-06-13 22:52 - 00201728 ___SH () C:\Users\Andrew\Desktop\Thumbs.db
2014-12-12 07:30 - 2014-06-16 20:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 07:18 - 2014-06-16 20:58 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 18:15 - 2014-10-18 17:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-11 18:15 - 2014-06-20 16:23 - 00000000 ____D () C:\ProgramData\Skype
2014-12-08 21:26 - 2014-10-31 21:21 - 00000000 ____D () C:\AdwCleaner
2014-12-08 21:07 - 2014-03-18 19:16 - 00022570 _____ () C:\Windows\PFRO.log
2014-12-08 21:02 - 2014-03-19 02:26 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-08 20:43 - 2014-10-29 21:08 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-12-08 20:43 - 2014-10-29 21:04 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2014-12-08 20:42 - 2014-10-29 20:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-12-07 18:55 - 2014-06-14 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-12-07 18:55 - 2014-06-14 18:16 - 00000000 ____D () C:\Program Files\KMSpico
2014-12-07 18:31 - 2014-06-15 21:17 - 01345536 ___SH () C:\Users\Andrew\Downloads\Thumbs.db
2014-12-01 17:07 - 2014-10-07 22:15 - 00001060 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-12-01 17:06 - 2014-10-07 22:15 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-11-27 08:10 - 2014-09-13 08:43 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 08:10 - 2014-09-13 08:43 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 10:25 - 2013-08-12 23:19 - 00000000 ____D () C:\Licenses
2014-11-24 10:23 - 2014-06-13 21:06 - 00000000 ____D () C:\Users\Andrew
2014-11-23 21:44 - 2014-11-13 09:57 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\DassaultSystemes
2014-11-21 12:34 - 2014-10-31 21:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-18 19:38 - 2014-06-13 22:22 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 19:38 - 2014-06-13 22:22 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-18 19:38 - 2014-06-13 22:22 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 08:56 - 2014-09-17 10:05 - 00000000 ____D () C:\ProgramData\ChampionDeals
2014-11-15 19:37 - 2013-08-23 01:44 - 05125784 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\converter.exe
C:\Users\Andrew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy69cyb.dll
C:\Users\Andrew\AppData\Local\Temp\i4jdel0.exe
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-01 03:21
 
==================== End Of Log ============================

 

 

 

 

 

 

 

 

Addition Log (From about a week ago)

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014
Ran by Andrew at 2014-12-09 22:39:58
Running from C:\Users\Andrew\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArchiCAD 16 INT (HKLM\...\001FFF2FFF16FF00FF0701F01F02F000-R1) (Version: 16.0 - GRAPHISOFT)
AVL Workspace v2014 (HKLM-x32\...\AVL Workspace v2014) (Version: 2013.2.0.0 - AVL)
BeerSmith 2 (HKLM-x32\...\BeerSmith 2) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChairGun4 4.2.0 (HKLM-x32\...\{188B215B-4A33-4B83-9885-19A8CA93236F}_is1) (Version:  - Hawke Sport Optics)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dassault Systemes Software VC9 Prerequisites x86-x64 (HKLM\...\{F2F2DEA7-36AB-4E13-907C-D8BDE775EF97}) (Version: 9.1.2 - Dassault Systemes)
Dropbox (HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Media Player Codec Pack 4.3.4 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.4 - Media Player Codec Pack)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Siemens NX 9.0 (HKLM\...\{CAE1D783-E86C-4144-B0E3-8D2485019B11}) (Version: 9.0.0.19 - Siemens)
Siemens PLM License Server (HKLM\...\Siemens PLM License Server) (Version: 6.1.1.3 - Siemens Product Lifecycle Management Software Inc.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpyHunter (HKLM-x32\...\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}) (Version: 4.15.1.4270 - Enigma Software Group USA, LLC)
VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
Viber (HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3598024770-3521703292-2498229946-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3598024770-3521703292-2498229946-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3598024770-3521703292-2498229946-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3598024770-3521703292-2498229946-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3598024770-3521703292-2498229946-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3598024770-3521703292-2498229946-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3598024770-3521703292-2498229946-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3598024770-3521703292-2498229946-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3598024770-3521703292-2498229946-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3598024770-3521703292-2498229946-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
27-11-2014 19:49:36 Windows Update
05-12-2014 10:02:14 AA11
08-12-2014 09:41:09 Removed PlayMemories Home
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2014-06-14 17:42 - 00001952 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com 
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com 
127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com 
127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp 
127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com 
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com cmdls.adobe.com na1r.services.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com 
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {49CA734D-844E-4068-99A8-4AFE8524878B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6B1E72B3-FF40-49BC-875A-F7EBAF1AF7C6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7D97B678-4CA0-47AC-B015-0D53CBFE476E} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-11-02] (Enigma Software Group USA, LLC.)
Task: {81C99E0D-D8EF-48F2-AFB9-4BADCD546142} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cossiecostin@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {968A7E42-A573-4564-AD5E-43C461D9815E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9FC9F4E9-0855-4E5B-886B-F0BCCE8832D4} - \AutoPico Daily Restart No Task File <==== ATTENTION
Task: {B6811D3B-9974-4C19-B023-600B19EB0CAC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ANDYS-PC-Andrew Andys-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {CA249AC1-706C-43B1-986D-7956F1A09328} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-13] (Google Inc.)
Task: {CB9212C0-5F2D-4C50-BA3C-D4BABE94B977} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: {EE8E51BB-FD6E-4669-8C6E-4BDB10224EB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-13] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-04 03:22 - 2013-12-04 03:22 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-11-21 21:33 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-05-02 06:29 - 2014-05-02 06:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-04-08 15:18 - 2014-04-08 15:18 - 08889512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-25 19:40 - 2014-11-25 19:40 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-10-05 21:56 - 2014-09-02 15:22 - 00936656 _____ () C:\Users\Andrew\AppData\Local\Viber\Viber.exe
2014-09-28 13:12 - 2014-09-28 13:12 - 00048744 _____ () C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
2014-04-23 17:05 - 2014-04-23 17:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 17:04 - 2014-04-23 17:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-05 21:56 - 2014-09-02 15:22 - 43527680 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\libViber.dll
2014-10-05 21:56 - 2014-08-21 02:13 - 00769024 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\libGLESv2.dll
2014-10-05 21:56 - 2014-09-02 14:57 - 00092160 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\qfacebook.dll
2014-10-05 21:56 - 2014-09-02 14:57 - 00171008 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\libexif.dll
2014-10-05 21:56 - 2014-06-30 18:11 - 00047104 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\libEGL.dll
2014-10-05 21:56 - 2014-08-21 02:13 - 00875008 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\platforms\qwindows.dll
2014-10-05 21:56 - 2014-06-30 18:17 - 00021504 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\imageformats\qgif.dll
2014-10-05 21:56 - 2014-06-30 18:17 - 00020992 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\imageformats\qico.dll
2014-10-05 21:56 - 2014-06-30 18:17 - 00204800 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\imageformats\qjpeg.dll
2014-10-05 21:56 - 2014-06-30 18:20 - 00218112 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\imageformats\qmng.dll
2014-10-05 21:56 - 2014-06-30 18:18 - 00015872 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\imageformats\qsvg.dll
2014-10-05 21:56 - 2014-06-30 18:20 - 00015360 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\imageformats\qtga.dll
2014-10-05 21:56 - 2014-06-30 18:21 - 00307712 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\imageformats\qtiff.dll
2014-10-05 21:56 - 2014-06-30 18:20 - 00014848 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\imageformats\qwbmp.dll
2014-10-05 21:56 - 2014-06-30 18:17 - 00635392 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\sqldrivers\qsqlite.dll
2014-10-05 21:56 - 2014-06-30 18:18 - 00026624 _____ () C:\Users\Andrew\AppData\Local\Viber\4.3.0.1453\iconengines\qsvgicon.dll
2014-12-08 21:09 - 2014-12-08 21:09 - 00043008 _____ () c:\users\andrew\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpimtv54.dll
2013-08-24 06:01 - 2013-08-24 06:01 - 25100288 _____ () C:\Users\Andrew\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-01 20:08 - 2014-06-01 20:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-11-27 21:44 - 2014-11-25 17:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 21:44 - 2014-11-25 17:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 21:44 - 2014-11-25 17:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 21:44 - 2014-11-25 17:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-27 21:44 - 2014-11-25 17:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Andrew\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3598024770-3521703292-2498229946-500 - Administrator - Disabled)
Andrew (S-1-5-21-3598024770-3521703292-2498229946-1001 - Administrator - Enabled) => C:\Users\Andrew
Guest (S-1-5-21-3598024770-3521703292-2498229946-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3598024770-3521703292-2498229946-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/09/2014 00:41:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6953
 
Error: (12/09/2014 00:41:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6953
 
Error: (12/09/2014 00:41:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/09/2014 00:41:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5875
 
Error: (12/09/2014 00:41:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5875
 
Error: (12/09/2014 00:41:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/09/2014 00:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4750
 
Error: (12/09/2014 00:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4750
 
Error: (12/09/2014 00:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/09/2014 00:41:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3593
 
 
System errors:
=============
Error: (12/08/2014 09:23:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Anvi Cloud System Booster Speed Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (12/08/2014 09:07:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AST FLEXnet License Server service failed to start due to the following error: 
%%2
 
Error: (12/08/2014 09:07:02 PM) (Source: DCOM) (EventID: 10010) (User: ANDYS-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (12/08/2014 08:56:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AST FLEXnet License Server service failed to start due to the following error: 
%%2
 
Error: (12/08/2014 08:55:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1069
 
Error: (12/08/2014 08:55:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (12/08/2014 08:55:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/08/2014 08:55:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (12/08/2014 08:55:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/08/2014 08:54:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Dragon Update Service service terminated unexpectedly. It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (12/09/2014 00:41:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6953
 
Error: (12/09/2014 00:41:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6953
 
Error: (12/09/2014 00:41:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/09/2014 00:41:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5875
 
Error: (12/09/2014 00:41:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5875
 
Error: (12/09/2014 00:41:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/09/2014 00:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4750
 
Error: (12/09/2014 00:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4750
 
Error: (12/09/2014 00:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/09/2014 00:41:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3593
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-09 12:13:36.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-07 09:09:52.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-13 08:43:09.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 08:16:11.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 22:59:31.077
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 22:24:28.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 22:19:21.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 21:54:16.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 20:59:08.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 20:24:07.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3720QM CPU @ 2.60GHz
Percentage of memory in use: 32%
Total physical RAM: 16267.75 MB
Available physical RAM: 10986.2 MB
Total Pagefile: 18699.75 MB
Available Pagefile: 12059.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:146.48 GB) (Free:46.52 GB) NTFS
Drive d: (SSD) (Fixed) (Total:119.24 GB) (Free:62.64 GB) NTFS
Drive e: (Data) (Fixed) (Total:552.05 GB) (Free:310.5 GB) NTFS
Drive f: (KAWASAKI) (CDROM) (Total:0.07 GB) (Free:0 GB) UDF
Drive g: (CDROM) (CDROM) (Total:3.78 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 78288616)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=552.1 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 1AB9A60B)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:04 AM

Posted 14 December 2014 - 08:50 PM

Hello 

Andycostin

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

 

Things to includ ein your next reply:

AdwCleaner log

Emsisoft log

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Andycostin

Andycostin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 15 December 2014 - 02:40 PM

Thanks Firemanit

 

As asked, here's the ADWCleaner log

 

# AdwCleaner v4.105 - Report created 15/12/2014 at 17:03:40
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Andrew - ANDYS-PC
# Running from : C:\Users\Andrew\Downloads\adwcleaner_4.105.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\AdTrustMedia
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Comodo Dragon v36.1.1.21
 
 
*************************
 
AdwCleaner[R0].txt - [4895 octets] - [31/10/2014 21:22:31]
AdwCleaner[R1].txt - [1019 octets] - [31/10/2014 22:44:25]
AdwCleaner[R2].txt - [1080 octets] - [31/10/2014 22:53:24]
AdwCleaner[R3].txt - [2482 octets] - [08/12/2014 20:46:40]
AdwCleaner[R4].txt - [1124 octets] - [08/12/2014 21:03:56]
AdwCleaner[R5].txt - [1244 octets] - [08/12/2014 21:24:07]
AdwCleaner[R6].txt - [1351 octets] - [15/12/2014 12:56:11]
AdwCleaner[S0].txt - [4822 octets] - [31/10/2014 21:26:21]
AdwCleaner[S1].txt - [2528 octets] - [08/12/2014 20:54:38]
AdwCleaner[S2].txt - [1186 octets] - [08/12/2014 21:06:58]
AdwCleaner[S3].txt - [1274 octets] - [15/12/2014 17:03:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1334 octets] ##########
 
 

 

Not sure how much of a difference I have yet, as it's only just finished running the scan and quarantine. 

 

Will take note while I use it today and provide some feedback later on today.

 

Thanks again!

Andy



#9 Andycostin

Andycostin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 15 December 2014 - 02:45 PM

 
And the Emsisoft Log

Emsisoft Emergency Kit - Version 9.0
Last update: 15/12/2014 5:14:38 PM
User account: ANDYS-PC\Andrew

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 15/12/2014 5:15:23 PM
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}  detected: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}  detected: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}  detected: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}  detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}  detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}  detected: Application.Win32.InstallAd (A)
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll  detected: Riskware.Win32.CrackTool (A)
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll  detected: Riskware.Win32.CrackTool (A)
C:\ProgramData\Comodo\Cis\Quarantine\data\{89D1FFDB-1AB4-4ECE-8CCA-73CC888415AB}  detected: Application.InstallAd (A)
C:\Users\Andrew\Downloads\Al Green - Greatest Hits (1975) 1995 Re-Release [Mp3 320] TNT Vi.exe  detected: Gen:Variant.Adware.Mplug.21 (B)
C:\Users\Andrew\Downloads\DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen.zip -> DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen.exe -> (NSIS o) -> lzma_solid_nsis0001  detected: Gen:Variant.Kazy.493012 (B)
C:\Users\Andrew\Downloads\DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen.zip -> DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen.exe -> (NSIS o) -> lzma_solid_nsis0002  detected: Gen:Variant.Kazy.493012 (B)
C:\Users\Andrew\Downloads\DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen\DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen.exe -> (NSIS o) -> lzma_solid_nsis0001  detected: Gen:Variant.Kazy.493012 (B)
C:\Users\Andrew\Downloads\DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen\DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen.exe -> (NSIS o) -> lzma_solid_nsis0002  detected: Gen:Variant.Kazy.493012 (B)
C:\Users\Andrew\Downloads\DTLite4491-0356.exe  detected: Application.Win32.InstallAd (A)
C:\Users\Andrew\Downloads\YourDownload.exe  detected: Application.Win32.AdClick (A)
C:\Users\Andrew\Downloads\zoek.exe  detected: Trojan.Generic.12298096 (B)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsb6494.exe  detected: Application.Win32.InstallTool (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsg3E98.exe  detected: Application.Win32.InstallTool (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsgC03\SpSetup.exe  detected: Application.Toolbar (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsq40F9.exe  detected: Application.Win32.InstallTool (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsq6232.exe  detected: Application.Win32.InstallTool (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsx2409.exe  detected: Application.Win32.InstallTool (A)
C:\Windows.old\Users\Andrew Costin\Downloads\cbsidlm-cbsi188-Gmail_for_Windows-ORG-10387185.exe  detected: Application.Win32.AppInstall (A)
C:\Windows.old\Users\Andrew Costin\Downloads\cbsidlm-cbsi188-Md5sum-ORG-10521061 (1).exe  detected: Application.Win32.AppInstall (A)
C:\Windows.old\Users\Andrew Costin\Downloads\cbsidlm-cbsi188-Md5sum-ORG-10521061.exe  detected: Application.Win32.AppInstall (A)
E:\Downloads\Adobe Illustrator CS6 Crack .DLL Files RELOADED\64-bit (x64)\amtlib.dll  detected: Riskware.Win32.CrackTool (A)
E:\Downloads\CATIA_V5-6R2012_P3_GA_Win32_SSQ\Crack\DSLS_32bit_SSQ\DS_License_Server_32bit_SSQ\DSLS_32bit_SSQ.msi -> (Embedded CAB) -> F_1aa8465ced8487e927791215b1884761  detected: Backdoor.Generic.717326 (B)
E:\Software\Adobe Illustrator CS6\DLL FILE\64bit\amtlib.dll  detected: Riskware.Win32.CrackTool (A)

Scanned 579789
Found 29

Scan end: 15/12/2014 10:49:24 PM
Scan time: 5:34:01

E:\Software\Adobe Illustrator CS6\DLL FILE\64bit\amtlib.dll Quarantined Riskware.Win32.CrackTool (A)
E:\Downloads\CATIA_V5-6R2012_P3_GA_Win32_SSQ\Crack\DSLS_32bit_SSQ\DS_License_Server_32bit_SSQ\DSLS_32bit_SSQ.msi Quarantined Backdoor.Generic.717326 (B)
E:\Downloads\Adobe Illustrator CS6 Crack .DLL Files RELOADED\64-bit (x64)\amtlib.dll Quarantined Riskware.Win32.CrackTool (A)
C:\Windows.old\Users\Andrew Costin\Downloads\cbsidlm-cbsi188-Md5sum-ORG-10521061.exe Quarantined Application.Win32.AppInstall (A)
C:\Windows.old\Users\Andrew Costin\Downloads\cbsidlm-cbsi188-Md5sum-ORG-10521061 (1).exe Quarantined Application.Win32.AppInstall (A)
C:\Windows.old\Users\Andrew Costin\Downloads\cbsidlm-cbsi188-Gmail_for_Windows-ORG-10387185.exe Quarantined Application.Win32.AppInstall (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsx2409.exe Quarantined Application.Win32.InstallTool (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsq6232.exe Quarantined Application.Win32.InstallTool (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsq40F9.exe Quarantined Application.Win32.InstallTool (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsgC03\SpSetup.exe Quarantined Application.Toolbar (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsg3E98.exe Quarantined Application.Win32.InstallTool (A)
C:\Windows.old\Users\Andrew Costin\AppData\Local\Temp\nsb6494.exe Quarantined Application.Win32.InstallTool (A)
C:\Users\Andrew\Downloads\zoek.exe Quarantined Trojan.Generic.12298096 (B)
C:\Users\Andrew\Downloads\YourDownload.exe Quarantined Application.Win32.AdClick (A)
C:\Users\Andrew\Downloads\DTLite4491-0356.exe Quarantined Application.Win32.InstallAd (A)
C:\Users\Andrew\Downloads\DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen\DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen.exe Quarantined Gen:Variant.Kazy.493012 (B)
C:\Users\Andrew\Downloads\DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen.zip Quarantined Gen:Variant.Kazy.493012 (B)
C:\Users\Andrew\Downloads\Al Green - Greatest Hits (1975) 1995 Re-Release [Mp3 320] TNT Vi.exe Quarantined Gen:Variant.Adware.Mplug.21 (B)
C:\ProgramData\Comodo\Cis\Quarantine\data\{89D1FFDB-1AB4-4ECE-8CCA-73CC888415AB} Quarantined Application.InstallAd (A)
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll Quarantined Riskware.Win32.CrackTool (A)
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll Quarantined Riskware.Win32.CrackTool (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} Quarantined Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} Quarantined Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Quarantined Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Quarantined Application.AdGenie (A)

Quarantined 25



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:04 AM

Posted 15 December 2014 - 04:01 PM

Is the machine still redirecting?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Andycostin

Andycostin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 16 December 2014 - 01:06 AM

So, I just got home and have been using my computer for about 10 mins and it doesn't seem to have improved. There is still some definite redirecting that is going on. 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:04 AM

Posted 16 December 2014 - 07:47 PM

Can you tell me which browser this is occurring? IS this Occurring in all browsers?  Firefox, Chrome, IE?

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Andycostin

Andycostin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 17 December 2014 - 01:19 AM

This has been occuring whilst using Chrome. I don't really use any other browsers, but I will try using IE tonight and see if it still occurs. 

 

Here's the FRST.TXT 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Andrew (administrator) on ANDYS-PC on 17-12-2014 17:16:00
Running from C:\Users\Andrew\Downloads
Loaded Profile: Andrew (Available profiles: Andrew)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Flexera Software LLC.) C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe
(Flexera Software LLC.) C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(BitTorrent Inc.) C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Users\Andrew\AppData\Local\Viber\Viber.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Dropbox, Inc.) C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Emsisoft GmbH) C:\EEK\bin\a2emergencykit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\BeerSmith2\BeerSmith2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-web-app-host_31bf3856ad364e35_6.3.9600.17031_none_23811926a2dc1743\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Siemens PLM Software Inc.) C:\Program Files\Siemens\PLMLicenseServer\ugslmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] => "C:\ProgramData\cisF024.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cis83D9.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\C2MP\CodecUACManager.exe [58648 2014-09-28] ()
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [uTorrent] => C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2014-12-11] (BitTorrent Inc.)
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [Viber] => C:\Users\Andrew\AppData\Local\Viber\Viber.exe [936656 2014-09-02] ()
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\...\RunOnce: [Adobe Speed Launcher] => 1418624785
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-3598024770-3521703292-2498229946-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrew\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://search.gboxapp.com/
CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-12-16]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-28] (Comodo Security Solutions, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Siemens PLM License Server; C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe [1830736 2013-01-18] (Flexera Software LLC.)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-07-17] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 AST FLEXnet License Server; C:\Program Files (x86)\AVL\tools\licensemanager\v11.10-ast2\bin\bin.ia32-unknown-winnt_i11\lmadmin\lmadmin.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-12-15] (Emsisoft GmbH)
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-02] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-19] (Microsoft Corporation)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-15] (Emsisoft GmbH)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-09-14] (Disc Soft Ltd)
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-09-14] (Duplex Secure Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [97792 2011-09-22] (WIBU-SYSTEMS AG)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
U4 CmdAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 17:15 - 2014-12-17 17:15 - 00000000 ____D () C:\Users\Andrew\Downloads\FRST-OlderVersion
2014-12-16 16:17 - 2014-12-16 16:17 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\webex
2014-12-16 16:16 - 2014-12-16 16:16 - 00631744 _____ (Cisco WebEx LLC) C:\Users\Andrew\Downloads\Cisco_WebEx_Add-On.exe
2014-12-16 16:16 - 2014-12-16 16:16 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Mozilla
2014-12-16 16:16 - 2014-12-16 16:16 - 00000000 ____D () C:\Users\Andrew\AppData\Local\WebEx
2014-12-16 16:16 - 2014-12-16 16:16 - 00000000 ____D () C:\ProgramData\WebEx
2014-12-16 16:06 - 2014-10-31 09:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 16:06 - 2014-10-31 09:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-15 17:11 - 2014-12-15 17:11 - 00000755 _____ () C:\Users\Andrew\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-15 17:10 - 2014-12-15 17:12 - 00000000 ____D () C:\EEK
2014-12-15 16:41 - 2014-12-15 17:00 - 161891600 _____ () C:\Users\Andrew\Downloads\EmsisoftEmergencyKit.exe
2014-12-15 08:41 - 2014-12-15 08:41 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds (2).com
2014-12-15 08:30 - 2014-12-15 08:31 - 00145582 _____ () C:\Users\Andrew\Desktop\POW0021K (Autosaved).xlsx
2014-12-15 08:29 - 2014-12-15 08:29 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds (1).com
2014-12-15 08:27 - 2014-12-15 08:27 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-12-11 21:29 - 2014-10-31 10:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-11 21:29 - 2014-10-31 10:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-11 21:28 - 2014-11-10 13:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-11 21:28 - 2014-11-10 12:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 21:28 - 2014-11-01 10:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-11 21:28 - 2014-11-01 10:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-11 21:18 - 2014-11-22 14:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 21:18 - 2014-11-22 13:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 21:18 - 2014-11-07 15:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 21:18 - 2014-11-07 14:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 21:18 - 2014-10-13 13:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-11 21:18 - 2014-10-13 13:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-11 21:18 - 2014-10-13 13:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-11 21:18 - 2014-10-13 13:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-11 21:17 - 2014-11-22 13:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 21:17 - 2014-11-22 13:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 21:17 - 2014-11-22 13:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-11 21:17 - 2014-11-22 13:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 21:17 - 2014-11-22 13:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-11 21:17 - 2014-11-22 13:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 21:17 - 2014-11-22 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 21:17 - 2014-11-22 13:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 21:17 - 2014-11-22 13:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-11 21:17 - 2014-11-22 13:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-11 21:17 - 2014-11-22 13:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 21:17 - 2014-11-22 13:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 21:17 - 2014-11-22 13:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 21:17 - 2014-11-22 12:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-11 21:17 - 2014-11-22 12:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-11 21:17 - 2014-11-22 12:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-11 21:17 - 2014-11-22 12:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 21:17 - 2014-11-22 12:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 21:17 - 2014-11-22 12:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 21:17 - 2014-11-22 12:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 21:17 - 2014-11-22 12:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 21:17 - 2014-11-22 12:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 21:17 - 2014-11-22 12:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-11 21:17 - 2014-11-22 12:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 21:17 - 2014-11-22 12:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 21:17 - 2014-11-22 12:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-11 21:17 - 2014-11-22 12:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 21:17 - 2014-11-22 12:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-11 21:17 - 2014-11-22 12:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 21:17 - 2014-11-22 12:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 21:17 - 2014-11-22 12:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 21:17 - 2014-11-22 12:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 21:17 - 2014-11-22 12:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 21:17 - 2014-11-22 12:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 21:17 - 2014-11-22 12:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 21:17 - 2014-11-22 11:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 21:17 - 2014-11-22 11:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 22:39 - 2014-12-09 22:41 - 00028021 _____ () C:\Users\Andrew\Downloads\Addition.txt
2014-12-09 22:38 - 2014-12-17 17:16 - 00019510 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-12-09 22:37 - 2014-12-17 17:16 - 00000000 ____D () C:\FRST
2014-12-09 22:35 - 2014-12-17 17:15 - 02119168 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-12-09 22:34 - 2014-12-09 22:34 - 00619044 _____ () C:\Users\Andrew\Downloads\ESETPoweliksCleaner.exe_20141209.223424.7260.log
2014-12-09 22:33 - 2014-12-09 22:34 - 00186568 _____ (ESET) C:\Users\Andrew\Downloads\ESETPoweliksCleaner.exe
2014-12-09 22:11 - 2014-12-09 22:11 - 00056562 _____ () C:\Users\Andrew\Downloads\P1010239.jpeg
2014-12-09 21:48 - 2014-12-09 21:50 - 05601243 _____ (Swearware) C:\Users\Andrew\Downloads\ComboFix.exe
2014-12-09 21:44 - 2014-12-09 21:45 - 02166272 _____ () C:\Users\Andrew\Downloads\adwcleaner_4.105.exe
2014-12-08 21:18 - 2014-12-08 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-12-08 21:18 - 2014-12-08 21:23 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-12-08 21:10 - 2014-12-08 21:17 - 16513448 _____ (Anvisoft) C:\Users\Andrew\Downloads\csbsetup.exe
2014-12-08 20:46 - 2014-12-08 21:24 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-07 18:30 - 2014-12-07 18:31 - 00000000 ____D () C:\Users\Andrew\Downloads\Sment
2014-12-01 17:06 - 2014-12-01 17:06 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-12-01 17:06 - 2014-12-01 17:06 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-12-01 16:46 - 2014-12-07 18:03 - 00018162 _____ () C:\Users\Andrew\Desktop\Thankyous.xlsx
2014-11-30 17:44 - 2014-11-30 17:44 - 00018643 _____ () C:\Users\Andrew\Downloads\+-demonoid.ph-+_Al_Green_The_Very_Best_Of_Al_Green_(2001)_DHZ_Inc_Release_7455741.1196.TORRENT
2014-11-30 17:03 - 2014-11-30 17:03 - 00015669 _____ () C:\Users\Andrew\Downloads\_=demonoid.ph=_-Very_Best_of_Al_Green_7455741.1196.TORRENT
2014-11-30 12:57 - 2014-11-30 12:57 - 00698223 _____ () C:\Users\Andrew\Downloads\SWH-less-700l-v22.xlsx
2014-11-24 11:23 - 2014-11-24 12:38 - 00000000 ____D () C:\AVL
2014-11-24 10:23 - 2014-11-24 10:51 - 00000311 _____ () C:\Users\Andrew\jobstate
2014-11-24 10:01 - 2014-11-24 10:01 - 00000264 _____ () C:\Users\Andrew\Downloads\download
2014-11-23 20:26 - 2014-11-23 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2014-11-23 20:25 - 2014-11-23 20:26 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-11-23 20:25 - 2014-11-23 20:25 - 31894592 _____ (Media Player - Codec Pack) C:\Users\Andrew\Downloads\media.player.codec.pack.v4.3.4.setup(1).exe
2014-11-23 20:23 - 2014-11-23 20:23 - 00231600 _____ (Download.com) C:\Users\Andrew\Downloads\media.player.codec.pack.v4.3.4.setup.exe
2014-11-23 20:16 - 2014-11-23 20:16 - 00371016 _____ () C:\Users\Andrew\Downloads\SoftonicDownloader_for_mkv-player.exe
2014-11-23 19:58 - 2014-11-24 11:49 - 00001655 _____ () C:\Users\Public\Desktop\AVL AST v2014.lnk
2014-11-23 19:57 - 2014-11-23 19:57 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2014-11-23 19:18 - 2014-11-23 19:18 - 00000000 ____D () C:\Program Files (x86)\FlexMergeModule
2014-11-23 15:30 - 2014-11-23 15:30 - 00005437 ____H () C:\Users\Andrew\.fs.xml
2014-11-23 15:29 - 2014-11-23 15:29 - 00000218 _____ () C:\Users\Andrew\AppData\Local\recently-used.xbel
2014-11-23 15:20 - 2014-11-23 15:20 - 00153919 _____ () C:\Users\Andrew\Downloads\[rutracker.org].t4767525.torrent
2014-11-23 15:19 - 2014-11-23 15:19 - 00022562 _____ () C:\Users\Andrew\Downloads\AVL_Suite_2014_0_(Workspace_Suite_2014_0)_x86_x64-(demonoid.ph).TORRENT
2014-11-23 15:18 - 2014-11-24 10:39 - 00000000 ____D () C:\Users\Andrew\.matplotlib
2014-11-23 15:17 - 2014-11-24 10:27 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Python-Eggs
2014-11-23 15:16 - 2014-11-24 10:27 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AVL
2014-11-23 11:34 - 2014-11-24 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVL
2014-11-23 11:34 - 2014-11-24 10:27 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\AVL
2014-11-23 11:34 - 2014-11-23 11:34 - 00001977 _____ () C:\Users\Public\Desktop\CRUISE M v2014.lnk
2014-11-23 11:34 - 2014-11-23 11:34 - 00000000 ____D () C:\ProgramData\AVL
2014-11-23 11:10 - 2014-12-01 17:01 - 00000000 ____D () C:\Program Files (x86)\AVL
2014-11-21 21:36 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CutePDF Writer
2014-11-21 21:33 - 2014-11-21 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-11-21 21:33 - 2014-11-21 21:33 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-11-21 21:33 - 2014-11-21 21:33 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-11-21 21:33 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\system32\cpwmon64.dll
2014-11-21 21:32 - 2014-11-21 21:32 - 02395080 _____ (Acro Software Inc. ) C:\Users\Andrew\Downloads\CuteWriter.exe
2014-11-21 13:07 - 2014-11-21 13:09 - 00000000 ____D () C:\Users\Andrew\Graphisoft
2014-11-21 13:07 - 2014-11-21 13:07 - 00000000 ____D () C:\Users\Andrew\Documents\BIMx
2014-11-21 13:07 - 2014-11-21 13:07 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Graphisoft
2014-11-21 13:07 - 2014-11-21 13:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Graphisoft
2014-11-21 13:06 - 2014-11-21 13:06 - 00001255 _____ () C:\Users\Public\Desktop\BIMx for ArchiCAD 16.lnk
2014-11-21 13:06 - 2014-11-21 13:06 - 00001072 _____ () C:\Users\Public\Desktop\ArchiCAD 16.lnk
2014-11-21 13:05 - 2014-11-21 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey
2014-11-21 13:05 - 2014-11-21 13:05 - 00000000 ____D () C:\Program Files (x86)\GRAPHISOFT
2014-11-21 13:05 - 2011-12-16 14:40 - 00471952 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WibuXpm4J64.dll
2014-11-21 13:05 - 2011-12-16 14:40 - 00375184 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WibuXpm4J32.dll
2014-11-21 13:05 - 2009-12-03 16:00 - 00430080 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\wibuKJni64.dll
2014-11-21 13:05 - 2009-12-03 16:00 - 00418304 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkExt64.dll
2014-11-21 13:05 - 2009-12-03 16:00 - 00344576 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\wibuKJni.dll
2014-11-21 13:05 - 2009-12-03 16:00 - 00333824 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkExt32.dll
2014-11-21 13:05 - 2009-12-03 16:00 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lde
2014-11-21 13:05 - 2009-12-03 16:00 - 00022528 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lde
2014-11-21 13:05 - 2009-12-03 16:00 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lfr
2014-11-21 13:05 - 2009-12-03 16:00 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.les
2014-11-21 13:05 - 2009-12-03 16:00 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lbr
2014-11-21 13:05 - 2009-12-03 16:00 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lfr
2014-11-21 13:05 - 2009-12-03 16:00 - 00022016 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.les
2014-11-21 13:05 - 2009-12-03 16:00 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lit
2014-11-21 13:05 - 2009-12-03 16:00 - 00021504 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lit
2014-11-21 13:05 - 2009-12-03 16:00 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.ljp
2014-11-21 13:05 - 2009-12-03 16:00 - 00020992 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.ljp
2014-11-21 13:05 - 2009-12-03 16:00 - 00020480 _____ () C:\Windows\SysWOW64\WkWin32.lhu
2014-11-21 13:05 - 2009-12-03 16:00 - 00020480 _____ () C:\Windows\system32\WkWin64.lhu
2014-11-21 13:05 - 2009-12-03 16:00 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lcn
2014-11-21 13:05 - 2009-12-03 16:00 - 00015360 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lcn
2014-11-21 13:05 - 2009-08-07 18:59 - 00016896 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\Drivers\Wibukey2_64.sys
2014-11-21 13:04 - 2014-11-21 13:04 - 00000000 ____D () C:\Program Files\WIBU-SYSTEMS
2014-11-21 13:04 - 2014-11-21 13:04 - 00000000 ____D () C:\Program Files (x86)\WIBU-SYSTEMS
2014-11-21 13:04 - 2014-11-21 13:04 - 00000000 ____D () C:\Program Files (x86)\WIBUKEY
2014-11-21 13:04 - 2011-09-22 15:00 - 00097792 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\Drivers\WibuKey64.sys
2014-11-21 13:04 - 2009-12-03 16:00 - 00169984 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.dll
2014-11-21 13:04 - 2009-12-03 16:00 - 00150528 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.dll
2014-11-21 13:03 - 2014-11-21 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-21 13:03 - 2014-11-21 13:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-21 12:45 - 2014-11-21 13:05 - 00008075 _____ () C:\Windows\vpd.properties
2014-11-21 12:38 - 2014-11-21 13:05 - 00000000 ____D () C:\Program Files\GRAPHISOFT
2014-11-21 12:38 - 2014-11-21 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRAPHISOFT
2014-11-21 12:34 - 2014-11-21 13:05 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Install.GS
2014-11-21 12:34 - 2014-10-31 21:39 - 00883624 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-11-21 12:34 - 2014-10-31 21:39 - 00806824 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-11-21 12:34 - 2014-10-31 21:39 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-21 12:34 - 2014-10-31 21:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-21 12:34 - 2014-10-31 21:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-20 18:46 - 2014-11-20 18:46 - 00011888 _____ () C:\Users\Andrew\Downloads\[kickasstorrent.link]avl.cruise.m.2014c.x86.x64.torrent
2014-11-20 18:01 - 2014-11-10 10:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 18:01 - 2014-11-10 10:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 18:01 - 2014-11-10 10:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 18:01 - 2014-11-10 10:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 11:03 - 2014-11-18 11:03 - 00000470 _____ () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data (E).lnk
2014-11-17 09:20 - 2014-12-13 22:04 - 00000000 ____D () C:\Users\Andrew\Desktop\New folder
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 17:13 - 2014-06-14 10:12 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\uTorrent
2014-12-17 17:13 - 2014-06-13 21:06 - 02056638 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 17:11 - 2014-06-20 16:24 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Skype
2014-12-16 22:02 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-16 19:43 - 2014-06-13 22:22 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-16 19:38 - 2014-06-13 22:56 - 00000000 ____D () C:\Users\Andrew\Documents\BeerSmith2
2014-12-16 16:32 - 2013-08-23 02:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-16 16:04 - 2013-08-23 01:46 - 00041080 _____ () C:\Windows\setupact.log
2014-12-16 06:35 - 2014-11-11 10:43 - 00000000 ____D () C:\Users\Andrew\Downloads\DS_CATIA_V5_6R2012_SP4_HF16_Update_x86_x64_ISO_SSQ_keygen
2014-12-16 05:19 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\rescache
2014-12-16 02:00 - 2014-06-14 09:59 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Adobe
2014-12-15 17:07 - 2014-10-05 21:56 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\ViberPC
2014-12-15 17:07 - 2014-06-13 21:09 - 00000000 ___DO () C:\Users\Andrew\OneDrive
2014-12-15 17:06 - 2014-10-23 20:27 - 00000000 ___RD () C:\Users\Andrew\Dropbox
2014-12-15 17:06 - 2014-10-23 20:19 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Dropbox
2014-12-15 17:06 - 2014-10-05 21:55 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Viber
2014-12-15 17:04 - 2014-03-18 19:16 - 00022884 _____ () C:\Windows\PFRO.log
2014-12-15 17:04 - 2013-08-23 01:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 17:04 - 2013-08-23 00:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-15 17:03 - 2014-10-31 21:21 - 00000000 ____D () C:\AdwCleaner
2014-12-15 09:00 - 2014-06-13 22:22 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3598024770-3521703292-2498229946-1001
2014-12-15 08:51 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-15 08:45 - 2014-10-23 20:27 - 00001070 _____ () C:\Users\Andrew\Desktop\Dropbox.lnk
2014-12-15 08:45 - 2014-10-23 20:24 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-15 08:32 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-12-15 08:32 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-15 08:32 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-15 08:32 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-12-15 08:32 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-13 20:42 - 2014-06-13 22:23 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 19:34 - 2014-06-13 21:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Packages
2014-12-12 19:06 - 2014-07-06 18:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 13:33 - 2014-06-13 22:52 - 00201728 ___SH () C:\Users\Andrew\Desktop\Thumbs.db
2014-12-12 07:30 - 2014-06-16 20:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 07:18 - 2014-06-16 20:58 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 18:15 - 2014-10-18 17:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-11 18:15 - 2014-06-20 16:23 - 00000000 ____D () C:\ProgramData\Skype
2014-12-08 21:02 - 2014-03-19 02:26 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-08 20:43 - 2014-10-29 21:08 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-12-08 20:43 - 2014-10-29 21:04 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2014-12-08 20:42 - 2014-10-29 20:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-12-07 18:55 - 2014-06-14 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-12-07 18:55 - 2014-06-14 18:16 - 00000000 ____D () C:\Program Files\KMSpico
2014-12-07 18:31 - 2014-06-15 21:17 - 01345536 ___SH () C:\Users\Andrew\Downloads\Thumbs.db
2014-12-01 17:07 - 2014-10-07 22:15 - 00001060 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-12-01 17:06 - 2014-10-07 22:15 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-11-27 08:10 - 2014-09-13 08:43 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 08:10 - 2014-09-13 08:43 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 10:25 - 2013-08-12 23:19 - 00000000 ____D () C:\Licenses
2014-11-24 10:23 - 2014-06-13 21:06 - 00000000 ____D () C:\Users\Andrew
2014-11-23 21:44 - 2014-11-13 09:57 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\DassaultSystemes
2014-11-21 12:34 - 2014-10-31 21:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-18 19:38 - 2014-06-13 22:22 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 19:38 - 2014-06-13 22:22 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-18 19:38 - 2014-06-13 22:22 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\converter.exe
C:\Users\Andrew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpscofd6.dll
C:\Users\Andrew\AppData\Local\Temp\i4jdel0.exe
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-01 03:21
 
==================== End Of Log ============================


#14 Andycostin

Andycostin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 17 December 2014 - 06:12 AM

After using IE for a fair bit tonight, it doesn't appear that it's occurring on IE. It's hard as it is a sporadic problem on Chrome, doesn't always occur repeatedly, but sometimes just occurs constantly. 



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:04 AM

Posted 17 December 2014 - 04:11 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   4.62KB   4 downloads

 

 

We need to Reset Chrome.

http://malwaretips.com/blogs/reset-chrome-settings/

 

 

Let me know how things are after all this has been done.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users