Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have a Virus/trojan somewhere in my system


  • This topic is locked This topic is locked
116 replies to this topic

#16 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 PM

Posted 27 December 2014 - 04:58 AM

You never posted the full logs.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


BC AdBot (Login to Remove)

 


#17 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 27 December 2014 - 07:16 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/27/2014
Scan Time: 6:56:55 AM
Logfile: scan.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.27.04
Rootkit Database: v2014.12.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dimitri

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373225
Time Elapsed: 9 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\247620.Uninstall\uninstaller.exe, Quarantined, [bf1184e39ae29a9c976e1ae6d032e31d],
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\282923.Uninstall\uninstaller.exe, Quarantined, [6d637cebbbc1280eee1702fe24de11ef],
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\8567403.Uninstall\uninstaller.exe, Quarantined, [923e32355527bc7a9372c7390002e020],
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\is1242154493\572880_stp\uninstaller.exe, Quarantined, [e0f0c6a1027ae35359ac35cb768c639d],
PUP.Optional.OutBrowse, C:\Users\Dimitri\Downloads\microsoft-security-essentials.exe, Quarantined, [0cc4095e6b11bf77fe4db04d43be27d9],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 12/27/2014 6:56:21 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Starting,
Protection, 12/27/2014 6:56:21 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Started,
Protection, 12/27/2014 6:56:21 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/27/2014 6:56:40 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Started,
Update, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Scheduler, Malware Database, 2014.12.27.1, 2014.12.27.4,
Protection, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Protection, Refresh, Starting,
Protection, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12/27/2014 6:56:59 AM, SYSTEM, DIMITRI-PC, Protection, Refresh, Success,
Protection, 12/27/2014 6:56:59 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/27/2014 6:56:59 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Started,
Scan, 12/27/2014 7:08:46 AM, SYSTEM, DIMITRI-PC, Manual, Start:12/27/2014 6:56:55 AM, Duration:9 min 49 sec, Threat Scan, Completed, 0 Malware Detections, 5 Non-Malware Detections,
Protection, 12/27/2014 7:10:50 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Starting,
Protection, 12/27/2014 7:10:50 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Started,
Protection, 12/27/2014 7:10:50 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/27/2014 7:10:58 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Started,

(end)

 



#18 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 27 December 2014 - 07:19 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 12/27/2014 6:56:21 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Starting,
Protection, 12/27/2014 6:56:21 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Started,
Protection, 12/27/2014 6:56:21 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/27/2014 6:56:40 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Started,
Update, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Scheduler, Malware Database, 2014.12.27.1, 2014.12.27.4,
Protection, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Protection, Refresh, Starting,
Protection, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12/27/2014 6:56:59 AM, SYSTEM, DIMITRI-PC, Protection, Refresh, Success,
Protection, 12/27/2014 6:56:59 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/27/2014 6:56:59 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Started,
Scan, 12/27/2014 7:08:46 AM, SYSTEM, DIMITRI-PC, Manual, Start:12/27/2014 6:56:55 AM, Duration:9 min 49 sec, Threat Scan, Completed, 0 Malware Detections, 5 Non-Malware Detections,
Protection, 12/27/2014 7:10:50 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Starting,
Protection, 12/27/2014 7:10:50 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Started,
Protection, 12/27/2014 7:10:50 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/27/2014 7:10:58 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Started,

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/27/2014
Scan Time: 6:56:55 AM
Logfile: scan.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.27.04
Rootkit Database: v2014.12.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dimitri

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373225
Time Elapsed: 9 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\247620.Uninstall\uninstaller.exe, Quarantined, [bf1184e39ae29a9c976e1ae6d032e31d],
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\282923.Uninstall\uninstaller.exe, Quarantined, [6d637cebbbc1280eee1702fe24de11ef],
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\8567403.Uninstall\uninstaller.exe, Quarantined, [923e32355527bc7a9372c7390002e020],
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\is1242154493\572880_stp\uninstaller.exe, Quarantined, [e0f0c6a1027ae35359ac35cb768c639d],
PUP.Optional.OutBrowse, C:\Users\Dimitri\Downloads\microsoft-security-essentials.exe, Quarantined, [0cc4095e6b11bf77fe4db04d43be27d9],

Physical Sectors: 0
(No malicious items detected)

(end)



#19 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 27 December 2014 - 07:25 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dimitri on Sat 12/27/2014 at  7:22:51.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders



#20 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 27 December 2014 - 07:27 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dimitri on Sat 12/27/2014 at  7:22:51.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders



#21 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 PM

Posted 27 December 2014 - 08:19 AM

What are you doing?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#22 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 27 December 2014 - 01:29 PM

isn't this the log from the Junk ware program?



#23 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 27 December 2014 - 01:31 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dimitri on Sat 12/27/2014 at  7:22:51.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/27/2014 at  7:24:07.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#24 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 27 December 2014 - 01:33 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Dimitri (administrator) on DIMITRI-PC on 27-12-2014 07:26:02
Running from C:\Users\Dimitri\Desktop
Loaded Profile: Dimitri (Available profiles: Dimitri & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe



#25 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 PM

Posted 28 December 2014 - 07:12 AM

Why do you never post the full logs?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#26 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 28 December 2014 - 07:38 AM

I paist and copy the full log I will try it again...



#27 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 28 December 2014 - 07:40 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/26/2014
Scan Time: 4:43:38 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.26.11
Rootkit Database: v2014.12.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dimitri

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373825
Time Elapsed: 9 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\247620.Uninstall\uninstaller.exe, No Action By User, [5ee6a4c283f984b2dbdf14eb44bdfc04],
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\282923.Uninstall\uninstaller.exe, No Action By User, [c4802f37cfaddc5ac2f85ba4ba47a65a],
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\8567403.Uninstall\uninstaller.exe, No Action By User, [98ac69fd56262511803a06f971908e72],
PUP.Optional.InstallCore, C:\Users\Dimitri\AppData\Local\Temp\is1242154493\572880_stp\uninstaller.exe, No Action By User, [7fc5d0960775fa3c8b2f69962fd2d030],
PUP.Optional.OutBrowse, C:\Users\Dimitri\Downloads\microsoft-security-essentials.exe, No Action By User, [1a2ac0a694e8e353370af10c10f1966a],

Physical Sectors: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 12/27/2014 6:56:21 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Starting,
Protection, 12/27/2014 6:56:21 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Started,
Protection, 12/27/2014 6:56:21 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/27/2014 6:56:40 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Started,
Update, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Scheduler, Malware Database, 2014.12.27.1, 2014.12.27.4,
Protection, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Protection, Refresh, Starting,
Protection, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12/27/2014 6:56:54 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12/27/2014 6:56:59 AM, SYSTEM, DIMITRI-PC, Protection, Refresh, Success,
Protection, 12/27/2014 6:56:59 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/27/2014 6:56:59 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Started,
Scan, 12/27/2014 7:08:46 AM, SYSTEM, DIMITRI-PC, Manual, Start:12/27/2014 6:56:55 AM, Duration:9 min 49 sec, Threat Scan, Completed, 0 Malware Detections, 5 Non-Malware Detections,
Protection, 12/27/2014 7:10:50 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Starting,
Protection, 12/27/2014 7:10:50 AM, SYSTEM, DIMITRI-PC, Protection, Malware Protection, Started,
Protection, 12/27/2014 7:10:50 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/27/2014 7:10:58 AM, SYSTEM, DIMITRI-PC, Protection, Malicious Website Protection, Started,

(end)



#28 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 28 December 2014 - 07:42 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dimitri on Sat 12/27/2014 at  7:22:51.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/27/2014 at  7:24:07.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Dimitri (administrator) on DIMITRI-PC on 27-12-2014 07:26:02
Running from C:\Users\Dimitri\Desktop
Loaded Profile: Dimitri (Available profiles: Dimitri & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-06-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-06-11] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-301776078-2128303718-2253808840-1001\...\Run: [CTRegRun] => C:\Windows\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd )
HKU\S-1-5-21-301776078-2128303718-2253808840-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-301776078-2128303718-2253808840-1001\...\Run: [Logitech Vid] => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
HKU\S-1-5-21-301776078-2128303718-2253808840-1001\...\MountPoints2: {a74166e4-b5f9-11e3-b015-806e6f6e6963} - D:\AutoRun\demo32.exe Demo.dbd
HKU\S-1-5-18\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk /k:C *
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-301776078-2128303718-2253808840-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-301776078-2128303718-2253808840-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=iedef
HKU\S-1-5-21-301776078-2128303718-2253808840-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-301776078-2128303718-2253808840-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=iedef
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
ShellExecuteHooks-x32: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dimitri\AppData\Roaming\Mozilla\Firefox\Profiles\1lwi67si.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Dimitri\AppData\Roaming\Mozilla\Firefox\Profiles\1lwi67si.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
FF Extension: No Name - E:\ Root\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Dimitri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dimitri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-30]
CHR Extension: (Google Drive) - C:\Users\Dimitri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dimitri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (YouTube) - C:\Users\Dimitri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Google Search) - C:\Users\Dimitri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (avast! Online Security) - C:\Users\Dimitri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-05]
CHR Extension: (Google Wallet) - C:\Users\Dimitri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Gmail) - C:\Users\Dimitri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-03-28] (Adobe Systems) [File not signed]
S4 DFServ; C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [1070080 2010-02-08] (Faronics Corporation) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [X]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S2 UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [X]
S2 Update solteratop; "C:\Program Files (x86)\solteratop\updatesolteratop.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-03-11] (C-Media Inc)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151296 2007-04-12] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700200 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142120 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681256 2007-04-10] (Creative Technology Ltd)
R0 DeepFrz; C:\Windows\System32\Drivers\DeepFrz.sys [227096 2010-02-08] (Faronics Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [22224 2007-03-22] (EldoS Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 COMMONFX; system32\drivers\COMMONFX.SYS [X]
S3 COMMONFX.SYS; \SystemRoot\System32\drivers\COMMONFX.SYS [X]
S3 CTAUDFX; system32\drivers\CTAUDFX.SYS [X]
S3 CTAUDFX.SYS; \SystemRoot\System32\drivers\CTAUDFX.SYS [X]
S3 CTERFXFX; system32\drivers\CTERFXFX.SYS [X]
S3 CTERFXFX.SYS; \SystemRoot\System32\drivers\CTERFXFX.SYS [X]
S3 ctgame; system32\DRIVERS\ctgame.sys [X]
S3 cthda; system32\drivers\cthda.sys [X]
S3 CTSBLFX; system32\drivers\CTSBLFX.SYS [X]
S3 CTSBLFX.SYS; \SystemRoot\System32\drivers\CTSBLFX.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 07:24 - 2014-12-27 07:24 - 00000635 _____ () C:\Users\Dimitri\Desktop\JRT.txt
2014-12-27 07:14 - 2014-12-27 07:14 - 00001759 _____ () C:\Users\Dimitri\Desktop\scan.txt
2014-12-27 07:13 - 2014-12-27 07:13 - 00001790 _____ () C:\Users\Dimitri\Desktop\Quarantine.txt
2014-12-27 06:56 - 2014-12-27 06:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\3C317FD4.sys
2014-12-26 20:35 - 2014-12-26 20:35 - 00015946 _____ () C:\Users\Dimitri\Desktop\Addition.txt
2014-12-26 20:34 - 2014-12-27 07:26 - 00014165 _____ () C:\Users\Dimitri\Desktop\FRST.txt
2014-12-26 20:29 - 2014-12-26 20:29 - 00000000 ____D () C:\Windows\ERUNT
2014-12-26 17:04 - 2014-12-26 17:04 - 01707646 _____ (Thisisu) C:\Users\Dimitri\Downloads\JRT.exe
2014-12-26 17:04 - 2014-12-26 17:04 - 01707646 _____ (Thisisu) C:\Users\Dimitri\Desktop\JRT.exe
2014-12-26 16:59 - 2014-12-26 16:59 - 00001790 _____ () C:\Users\Dimitri\Desktop\malware.txt
2014-12-26 16:29 - 2014-12-26 16:31 - 00000000 ____D () C:\AdwCleaner
2014-12-26 16:28 - 2014-12-26 16:28 - 02173952 _____ () C:\Users\Dimitri\Desktop\AdwCleaner.exe
2014-12-26 07:58 - 2014-12-26 07:58 - 00000000 ____D () C:\Users\Dimitri\Downloads\FRST-OlderVersion
2014-12-25 20:10 - 2014-12-26 08:07 - 00038056 _____ () C:\Users\Dimitri\Downloads\FRST.txt
2014-12-25 20:10 - 2014-12-25 20:10 - 00018753 _____ () C:\Users\Dimitri\Downloads\Addition.txt
2014-12-25 20:09 - 2014-12-27 07:26 - 00000000 ____D () C:\FRST
2014-12-25 20:01 - 2014-12-26 07:58 - 02122752 _____ (Farbar) C:\Users\Dimitri\Desktop\FRST64.exe
2014-12-25 19:25 - 2014-12-25 19:25 - 00001176 _____ () C:\Users\Public\Desktop\QPS3318UVE_USA_SetO_1.00.lnk
2014-12-25 19:25 - 2014-12-25 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPS3318UVE_USA_SetO_1.00
2014-12-25 19:25 - 2014-12-25 19:25 - 00000000 ____D () C:\Program Files (x86)\QPS3318UVE_USA_SetO_1.00
2014-12-25 19:25 - 2000-04-03 17:52 - 00103744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomm32.ocx
2014-12-25 19:25 - 2000-01-10 12:00 - 00088336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gapi32.dll
2014-12-25 19:25 - 1998-07-07 00:00 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCCHS.DLL
2014-12-25 19:25 - 1998-07-07 00:00 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGCHS.DLL
2014-12-25 19:25 - 1998-07-07 00:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTCHS.DLL
2014-12-25 19:25 - 1998-07-07 00:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCHS.DLL
2014-12-25 19:25 - 1998-04-24 00:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RCHTXCHS.DLL
2014-12-25 19:23 - 2014-12-25 19:23 - 00000000 ____D () C:\Users\Dimitri\Downloads\QPS3318UVE_USA_Setup_1.00
2014-12-25 19:20 - 2014-12-25 19:21 - 07332648 _____ () C:\Users\Dimitri\Downloads\QPS3318UVE_USA_Setup_1.00.zip
2014-12-25 08:57 - 2014-12-25 08:57 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 12:17 - 2014-12-24 19:13 - 951359745 _____ () C:\Users\Dimitri\Downloads\3105_BMW_na.wmv.mp4
2014-12-22 07:34 - 2014-12-22 07:34 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-22 07:34 - 2014-12-22 07:34 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-22 07:34 - 2014-12-22 07:34 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-22 07:34 - 2014-12-22 07:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-21 10:13 - 2014-12-21 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-21 10:13 - 2014-12-21 10:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-21 10:09 - 2014-12-21 10:09 - 00000000 ____D () C:\ProgramData\Sun
2014-12-21 10:08 - 2014-12-21 10:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-20 20:24 - 2014-12-20 20:31 - 00000247 _____ () C:\Windows\system32\2014-12-21-01-24-00.052-aswFe.exe-4652.log
2014-12-20 17:20 - 2014-12-20 17:20 - 00000000 ____D () C:\Users\Dimitri\AppData\Roaming\AVAST Software
2014-12-20 17:17 - 2014-12-20 17:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-20 17:17 - 2014-12-20 17:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-19 23:26 - 2014-12-19 23:26 - 00001053 _____ () C:\Users\Dimitri\Desktop\Eusing Free Registry Cleaner.lnk
2014-12-19 23:26 - 2014-12-19 23:26 - 00001053 _____ () C:\Users\Administrator\Desktop\Eusing Free Registry Cleaner.lnk
2014-12-19 23:26 - 2014-12-19 23:26 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
2014-12-19 23:26 - 2014-12-19 23:26 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Eusing
2014-12-19 23:25 - 2014-12-19 23:25 - 00982988 _____ () C:\Users\Administrator\Downloads\EFRCSetup.exe
2014-12-19 23:20 - 2014-12-19 23:20 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2014-12-19 22:43 - 2014-12-19 22:44 - 00000000 ____D () C:\Windows\system32\config\backup
2014-12-19 20:07 - 2014-12-19 20:07 - 00000247 _____ () C:\Windows\system32\2014-12-20-01-07-01.003-aswFe.exe-4488.log
2014-12-19 20:02 - 2014-12-19 20:06 - 00000247 _____ () C:\Windows\system32\2014-12-20-01-02-49.041-aswFe.exe-4992.log
2014-12-19 20:02 - 2014-12-19 20:02 - 00000197 _____ () C:\Windows\system32\2014-12-20-01-02-45.089-AvastVBoxSVC.exe-1240.log
2014-12-19 19:56 - 2014-12-19 19:57 - 00000247 _____ () C:\Windows\system32\2014-12-20-00-56-59.035-aswFe.exe-3596.log
2014-12-19 19:51 - 2014-12-19 19:56 - 00000247 _____ () C:\Windows\system32\2014-12-20-00-51-52.044-aswFe.exe-4908.log
2014-12-19 19:51 - 2014-12-19 19:51 - 00000197 _____ () C:\Windows\system32\2014-12-20-00-51-49.016-AvastVBoxSVC.exe-4324.log
2014-12-19 10:30 - 2014-12-19 10:30 - 00000247 _____ () C:\Windows\system32\2014-12-19-15-30-11.054-aswFe.exe-4496.log
2014-12-19 10:26 - 2014-12-19 10:30 - 00000247 _____ () C:\Windows\system32\2014-12-19-15-26-49.061-aswFe.exe-7044.log
2014-12-19 10:26 - 2014-12-19 10:26 - 00000197 _____ () C:\Windows\system32\2014-12-19-15-26-44.028-AvastVBoxSVC.exe-1792.log
2014-12-19 10:16 - 2014-12-19 10:16 - 00000197 _____ () C:\Windows\system32\2014-12-19-15-16-13.067-AvastVBoxSVC.exe-5068.log
2014-12-18 07:28 - 2014-12-18 07:28 - 00000197 _____ () C:\Windows\system32\2014-12-18-12-28-08.038-AvastVBoxSVC.exe-4128.log
2014-12-17 19:09 - 2014-12-17 19:09 - 00000197 _____ () C:\Windows\system32\2014-12-18-00-09-50.091-AvastVBoxSVC.exe-2612.log
2014-12-17 17:21 - 2014-12-17 17:21 - 00000197 _____ () C:\Windows\system32\2014-12-17-22-21-26.031-AvastVBoxSVC.exe-4420.log
2014-12-17 09:05 - 2014-12-17 09:05 - 00000197 _____ () C:\Windows\system32\2014-12-17-14-05-11.017-AvastVBoxSVC.exe-3012.log
2014-12-17 09:02 - 2014-12-21 18:00 - 00000000 ____D () C:\Windows\Minidump
2014-12-17 09:02 - 2014-12-17 09:02 - 1017425985 _____ () C:\Windows\MEMORY.DMP
2014-12-17 09:02 - 2014-12-17 09:02 - 00274240 _____ () C:\Windows\Minidump\121714-20529-01.dmp
2014-12-17 07:16 - 2014-12-17 07:16 - 00000247 _____ () C:\Windows\system32\2014-12-17-12-16-34.056-aswFe.exe-5652.log
2014-12-17 07:12 - 2014-12-17 07:16 - 00000247 _____ () C:\Windows\system32\2014-12-17-12-12-43.042-aswFe.exe-6396.log
2014-12-17 07:12 - 2014-12-17 07:12 - 00000197 _____ () C:\Windows\system32\2014-12-17-12-12-40.020-AvastVBoxSVC.exe-4552.log
2014-12-17 07:04 - 2014-12-21 18:02 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-17 07:04 - 2014-12-21 18:00 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-10 05:13 - 2014-12-10 05:13 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 20:27 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 20:27 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 20:27 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-09 20:27 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-09 20:27 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-09 20:27 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-09 20:27 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-09 20:27 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-09 20:27 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-09 20:27 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 19:53 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 19:53 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 19:53 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 19:53 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 19:53 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 19:53 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 19:53 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 19:53 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 19:53 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 19:53 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 19:53 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 19:53 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 19:53 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 19:53 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 19:53 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 19:53 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 19:53 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 19:53 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 19:53 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 19:53 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 19:53 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 19:53 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 19:53 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 19:53 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 19:53 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 19:53 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 19:53 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 19:53 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 19:53 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 19:53 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 19:53 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 19:53 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 19:53 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 19:53 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 19:53 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 19:53 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 19:53 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 19:53 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 19:53 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 19:53 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 19:53 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 19:53 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 19:53 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 19:53 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 19:53 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 19:53 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 19:53 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 19:53 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 19:53 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 19:53 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 19:53 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 19:53 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 19:53 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 19:53 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 19:53 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 19:53 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 19:53 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 19:53 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 19:53 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 19:52 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 19:52 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 19:52 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 19:52 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 19:52 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 19:52 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 19:52 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 19:52 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 19:50 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 19:50 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 19:50 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 19:50 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 19:50 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 19:50 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 19:50 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 19:50 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 19:50 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 19:50 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 19:50 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 19:50 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 19:50 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 19:50 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 07:17 - 2009-07-13 23:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 07:17 - 2009-07-13 23:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 07:14 - 2014-04-04 16:26 - 01551940 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 07:11 - 2014-06-26 04:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 07:10 - 2014-04-18 13:02 - 00627784 _____ () C:\Windows\PFRO.log
2014-12-27 07:10 - 2014-04-04 19:10 - 00063776 _____ () C:\Windows\setupact.log
2014-12-27 07:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 07:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-12-26 19:44 - 2014-10-08 16:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-25 18:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-25 11:55 - 2014-05-20 18:57 - 00000000 ____D () C:\Users\Administrator
2014-12-25 11:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-25 08:56 - 2014-03-27 14:02 - 00000000 ____D () C:\Users\Dimitri
2014-12-22 07:00 - 2014-03-28 12:18 - 00000000 ____D () C:\FILEBOY
2014-12-22 06:52 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 10:22 - 2014-04-05 05:57 - 00000000 ___DC () C:\Users\Dimitri\AppData\Local\MigWiz
2014-12-20 15:00 - 2014-04-04 17:14 - 00328664 _____ () C:\Windows\dferror.log
2014-12-20 01:48 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-20 01:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-19 23:31 - 2014-08-07 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-12-19 23:31 - 2014-07-19 12:15 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-12-19 23:30 - 2014-08-07 10:42 - 00011447 _____ () C:\Windows\LDPINST.LOG
2014-12-19 23:30 - 2014-07-19 12:15 - 00021868 _____ () C:\Windows\system32\lvcoinst.log
2014-12-19 23:27 - 2011-04-12 03:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-19 23:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-12-19 22:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-18 15:23 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-18 15:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-16 16:11 - 2014-03-28 12:27 - 00000000 ____D () C:\Padsore
2014-12-16 07:43 - 2014-03-28 12:20 - 00000000 ____D () C:\freedom
2014-12-14 08:08 - 2014-10-14 14:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 08:08 - 2014-10-14 14:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 14:39 - 2014-10-14 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 15:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 05:36 - 2014-03-30 17:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 05:13 - 2014-05-06 12:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-09 20:29 - 2014-04-06 05:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 20:28 - 2014-04-06 05:43 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 16:44 - 2014-10-08 16:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 16:44 - 2014-03-27 14:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 16:44 - 2014-03-27 14:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-04 16:23 - 2014-06-26 04:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 16:23 - 2014-06-26 04:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-04 16:23 - 2014-03-28 18:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-03 13:21 - 2014-03-28 13:08 - 00000000 ____D () C:\Users\Dimitri\AppData\Roaming\vlc

Some content of TEMP:
====================
C:\Users\Dimitri\AppData\Local\Temp\15893uninstall.exe
C:\Users\Dimitri\AppData\Local\Temp\51819uninstall.exe
C:\Users\Dimitri\AppData\Local\Temp\ExPromo.exe
C:\Users\Dimitri\AppData\Local\Temp\Quarantine.exe
C:\Users\Dimitri\AppData\Local\Temp\Sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 08:17

==================== End Of Log ================



#29 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 28 December 2014 - 07:45 AM

these are the 4 complete logs as they were reported.... Malware txt and Quintene .txt

JRT.txt  And FRST.txt



#30 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 PM

Posted 28 December 2014 - 08:41 AM

Yes, but why did you posted the last times (except this one) only part of the logs?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users