Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible FUD RAT On My Laptop(Hacker keeps accessing my Paypal)


  • This topic is locked This topic is locked
22 replies to this topic

#1 mikedeliani

mikedeliani

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 29 December 2014 - 02:16 PM

Hello,

 

I have a possible FUD RAT on my laptop. The hacker seems to be able to continue to get access to my Paypal account whenever I change the password.  I even tried to change it on my other computer and he still got access last night.   Any help would be AMAZING in trying to identify the RAT and what .exe is infected on my computer. Hopefully, once I identity it, I can then move onto the next steps of removing it.   Now, here is my DDS and Attach txt file logs(Let me know if you need me to post anything else):

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by JaywanInc at 14:03:22 on 2014-12-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6019.1694 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\NOTEPAD.EXE
C:\Users\JaywanInc\Desktop\twit_follower\TwitFollower.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Users\JaywanInc\AppData\Roaming\Follow Liker\folikr.exe
C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe
C:\Users\JaywanInc\AppData\Roaming\Follow Liker\vfolikr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = hxxp://dell13.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [Google Update] "C:\Users\JaywanInc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Users\JaywanInc\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\JAYWAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KOOBIT~1.LNK - C:\Program Files (x86)\KooBits 4.0\KooBits 4.0.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F631E243-65C1-4341-8576-0134A3A1828B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F631E243-65C1-4341-8576-0134A3A1828B}\13530383 : DHCPNameServer = 208.90.222.2 208.90.223.2
TCP: Interfaces\{F631E243-65C1-4341-8576-0134A3A1828B}\2484E44444753363131373936363 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F631E243-65C1-4341-8576-0134A3A1828B}\2556E61696373716E63656F57455543545 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{F631E243-65C1-4341-8576-0134A3A1828B}\730323 : DHCPNameServer = 208.90.222.2 208.90.223.2
TCP: Interfaces\{F631E243-65C1-4341-8576-0134A3A1828B}\8416D6D6F636B6022456163686 : DHCPNameServer = 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JaywanInc\AppData\Roaming\Mozilla\Firefox\Profiles\dwtr06ei.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=219247&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=
FF - prefs.js: network.proxy.ftp - 204.228.129.46
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 204.228.129.46
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 204.228.129.46
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 204.228.129.46
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\JaywanInc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Users\JaywanInc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\JaywanInc\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-12-29 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-12-29 267632]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-7-24 652344]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-7-24 28216]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-24 20464]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-12-29 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-12-29 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-12-29 436624]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-7-24 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-2-13 770528]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-12-29 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2014-12-29 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-12-29 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-29 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-6-1 1014128]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-6-1 1104240]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-7-24 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-24 165760]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-7-24 201872]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2013-7-24 1695040]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-10 4799760]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-24 364416]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-29 270728]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-2-8 3386608]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-29 4012248]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-6-1 1304944]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
R3 FOLIKRSV;FOLIKRSV;C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe [2014-5-14 8180224]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-7-24 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-24 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-24 792560]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-10-9 25528]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2013-7-24 315536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-24 726160]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-7-24 32136]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\drivers\usb3Hub.sys [2012-10-9 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\drivers\xHCIPort.sys [2012-10-9 188896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-24 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-10-9 35256]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-2-8 273136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-16 1255736]
.
=============== Created Last 30 ================
.
2014-12-29 18:53:06 -------- d-----w- C:\FRST
2014-12-29 14:39:14 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-29 14:22:26 1180529 ----a-w- C:\Windows\unins000.exe
2014-12-29 14:18:28 -------- d-----w- C:\Windows\SysWow64\vbox
2014-12-29 14:18:28 -------- d-----w- C:\Windows\System32\vbox
2014-12-29 14:11:24 -------- d-----w- C:\Users\JaywanInc\AppData\Roaming\AVAST Software
2014-12-29 14:09:28 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-12-29 14:09:26 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-12-29 14:09:22 83280 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2014-12-29 14:09:22 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-12-29 14:09:21 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-12-29 14:09:21 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-12-29 14:09:15 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-12-29 14:09:14 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-12-29 14:09:04 43152 ----a-w- C:\Windows\avastSS.scr
2014-12-29 14:06:05 -------- d-----w- C:\Program Files\AVAST Software
2014-12-29 14:05:10 -------- d-----w- C:\ProgramData\AVAST Software
2014-12-29 14:03:29 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D81D0760-7180-4870-9823-CE3826025BF6}\offreg.dll
2014-12-29 12:04:22 -------- d-----w- C:\Users\JaywanInc\AppData\Roaming\Avg_Update_1014av
2014-12-29 12:03:04 -------- d-----w- C:\ProgramData\Avg_Update_1014av
2014-12-29 11:56:30 -------- d-----w- C:\Users\JaywanInc\AppData\Roaming\TuneUp Software
2014-12-29 11:44:30 -------- d--h--w- C:\ProgramData\Common Files
2014-12-29 11:44:30 -------- d-----w- C:\Users\JaywanInc\AppData\Local\MFAData
2014-12-29 11:44:30 -------- d-----w- C:\Users\JaywanInc\AppData\Local\Avg2014
2014-12-29 11:44:30 -------- d-----w- C:\ProgramData\MFAData
2014-12-28 19:29:56 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-28 19:29:54 135384 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-28 19:29:29 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-28 15:07:19 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-28 14:54:36 -------- d-----w- C:\Users\JaywanInc\AppData\Roaming\TaiG
2014-12-26 18:20:33 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D81D0760-7180-4870-9823-CE3826025BF6}\mpengine.dll
2014-12-24 21:09:08 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-24 21:01:36 67933 ----a-w- C:\ProgramData\1419454886.bdinstall.bin
2014-12-24 21:00:50 283806 ----a-w- C:\ProgramData\1419454806.bdinstall.bin
2014-12-24 21:00:49 -------- d-----w- C:\Program Files\Bitdefender
2014-12-24 21:00:21 0 ----a-w- C:\Windows\System32\BDSandBoxUISkin32.dll
2014-12-24 21:00:21 0 ----a-w- C:\Windows\System32\BDSandBoxUISkin.dll
2014-12-24 21:00:21 0 ----a-w- C:\Windows\System32\BDSandBoxUH.dll
2014-12-24 21:00:21 -------- d-----w- C:\ProgramData\Bitdefender
2014-12-24 21:00:05 -------- d-----w- C:\Users\JaywanInc\AppData\Roaming\QuickScan
2014-12-24 20:59:54 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2014-12-24 20:40:41 285208 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-12-18 10:47:07 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 10:47:07 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-10 08:31:43 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 08:05:00 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 08:05:00 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-09 13:55:48 94320 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-12-03 18:06:20 188304 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-12-01 20:44:02 -------- d-----w- C:\Program Files\paint.net
2014-12-01 20:43:22 -------- d-----w- C:\Users\JaywanInc\AppData\Local\paint.net
.
==================== Find3M  ====================
.
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-24 19:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-12 12:47:26 17323696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
.
============= FINISH: 14:05:01.44 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 mikedeliani

mikedeliani
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 30 December 2014 - 10:54 AM

Anyone?  



#3 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:34 PM

Posted 31 December 2014 - 09:57 AM

hi,

 

If you still need help, pretty sure heres your RAT:

 

Go to jotti website, click on the browse button and upload this file to the site. After the scan is done post the URL (the http://....) in your reply

 

http://virusscan.jotti.org/en

 

file to upload:

 

C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe

 

If the files not visiable in explorer post back.


How Can I Reduce My Risk to Malware?


#4 mikedeliani

mikedeliani
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 31 December 2014 - 10:52 AM

Thank you ShelfLife for helping me.  :)

 

Here's the url for the scan:  http://virusscan.jotti.org/en/scanresult/d685bb8bea9a8f36e280f4e0e8d5f3d2c5728d79

 

Didn't find anything in that file it looks like.



#5 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:34 PM

Posted 31 December 2014 - 11:10 AM

Ok. Do you recognize these files as something you installed?

 

Go here:

 

http://www.bleepingcomputer.com/submit-malware.php?channel=67

 

Browse for the files on your machine one by one then click the upload button. I will check them out.

 

1)  C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe

 

2) C:\Users\JaywanInc\AppData\Roaming\Follow Liker\folikr.exe

 

 

 


How Can I Reduce My Risk to Malware?


#6 mikedeliani

mikedeliani
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 31 December 2014 - 11:27 AM

It won't let me send those files to you because it says the file size is larger than 5mb.   I do recognize these files though.  Those are from a program that I purchased. I use that software 24/7. 



#7 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:34 PM

Posted 31 December 2014 - 12:33 PM

ok. As long as you know what they are because I couldnt find any info on those .exe and thats not a good sign. Get a copy of FRST and post its log and we will go from there:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).

    When the tool opens click Yes to disclaimer.

    Press the Scan button.

    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#8 mikedeliani

mikedeliani
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 31 December 2014 - 01:32 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by JaywanInc (administrator) on JAYWANINC-PC on 31-12-2014 13:26:45
Running from C:\Users\JaywanInc\Desktop
Loaded Profile: JaywanInc (Available profiles: JaywanInc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\JaywanInc\Desktop\twit_follower\TwitFollower.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-29] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [3858600 2013-01-29] (Plex, Inc.)
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Run: [Google Update] => C:\Users\JaywanInc\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-03] (Google Inc.)
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\JaywanInc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KooBits 4.lnk
ShortcutTarget: KooBits 4.lnk -> C:\Program Files (x86)\KooBits 4.0\KooBits 4.0.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3195229347-4273681978-1507811316-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3195229347-4273681978-1507811316-1000 -> DefaultScope {9A7590E0-38CE-4CF7-9DFE-0303DDC84DA8} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=219247&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3195229347-4273681978-1507811316-1000 -> {7C103748-7022-4425-BF43-81C32F30CDEB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3195229347-4273681978-1507811316-1000 -> {9A7590E0-38CE-4CF7-9DFE-0303DDC84DA8} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=219247&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3195229347-4273681978-1507811316-1000 -> {E12278F4-CFCB-421B-9AB4-EAA9DA07F646} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\JaywanInc\AppData\Roaming\Mozilla\Firefox\Profiles\dwtr06ei.default
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=
FF NetworkProxy: "backup.ftp", "190.198.160.189"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "190.198.160.189"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "190.198.160.189"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "204.228.129.46"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "204.228.129.46"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "204.228.129.46"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "204.228.129.46"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195229347-4273681978-1507811316-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\JaywanInc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3195229347-4273681978-1507811316-1000: @talk.google.com/O1DPlugin -> C:\Users\JaywanInc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3195229347-4273681978-1507811316-1000: @tools.google.com/Google Update;version=3 -> C:\Users\JaywanInc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3195229347-4273681978-1507811316-1000: @tools.google.com/Google Update;version=9 -> C:\Users\JaywanInc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JaywanInc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JaywanInc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: iMacros for Firefox - C:\Users\JaywanInc\AppData\Roaming\Mozilla\Firefox\Profiles\dwtr06ei.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-29]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\JaywanInc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\JaywanInc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-14]
CHR Extension: (Google Drive) - C:\Users\JaywanInc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JaywanInc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]
CHR Extension: (YouTube) - C:\Users\JaywanInc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-14]
CHR Extension: (Classic Games) - C:\Users\JaywanInc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2014-02-09]
CHR Extension: (Google Search) - C:\Users\JaywanInc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-14]
CHR Extension: (AdBlock) - C:\Users\JaywanInc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-15]
CHR Extension: (Google Wallet) - C:\Users\JaywanInc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\JaywanInc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-29] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-29] (Avast Software)
S3 FOLIKRSV; C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe [8180224 2012-07-02] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-29] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-29] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-12-29] (Avast Software)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
U0 SR; No ImagePath
U2 srservice; No ImagePath
U4 vsserv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 13:26 - 2014-12-31 13:27 - 00030978 _____ () C:\Users\JaywanInc\Desktop\FRST.txt
2014-12-31 12:53 - 2014-12-31 12:53 - 02123264 _____ (Farbar) C:\Users\JaywanInc\Desktop\FRST64.exe
2014-12-31 07:57 - 2014-12-31 07:57 - 00000280 _____ () C:\Windows\system32\2014-12-31-12-57-08.025-aswFe.exe-1004.log
2014-12-30 11:27 - 2014-12-30 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-29 18:19 - 2014-12-29 18:19 - 00000197 _____ () C:\Windows\system32\2014-12-29-23-19-44.054-AvastVBoxSVC.exe-3228.log
2014-12-29 18:16 - 2014-12-29 18:16 - 00283504 _____ () C:\Windows\Minidump\122914-31465-01.dmp
2014-12-29 14:05 - 2014-12-29 14:05 - 00030849 _____ () C:\Users\JaywanInc\Desktop\dds.txt
2014-12-29 14:05 - 2014-12-29 14:05 - 00007258 _____ () C:\Users\JaywanInc\Desktop\attach.txt
2014-12-29 14:02 - 2014-12-29 14:02 - 00688992 ____R (Swearware) C:\Users\JaywanInc\Desktop\dds.com
2014-12-29 13:53 - 2014-12-31 13:26 - 00000000 ____D () C:\FRST
2014-12-29 13:28 - 2014-12-29 13:28 - 00000247 _____ () C:\Windows\system32\2014-12-29-18-28-01.065-aswFe.exe-4848.log
2014-12-29 13:17 - 2014-12-29 13:27 - 00000247 _____ () C:\Windows\system32\2014-12-29-18-17-53.025-aswFe.exe-7616.log
2014-12-29 13:17 - 2014-12-29 13:17 - 00000197 _____ () C:\Windows\system32\2014-12-29-18-17-47.008-AvastVBoxSVC.exe-164.log
2014-12-29 09:39 - 2014-12-29 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-29 09:39 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-29 09:39 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-29 09:39 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-29 09:39 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-29 09:38 - 2014-12-29 09:39 - 00004079 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-29 09:22 - 2014-12-29 09:22 - 01180529 _____ () C:\Windows\unins000.exe
2014-12-29 09:22 - 2014-12-29 09:22 - 00001249 _____ () C:\Windows\unins000.dat
2014-12-29 09:18 - 2014-12-29 09:22 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-29 09:18 - 2014-12-29 09:22 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-29 09:11 - 2014-12-29 09:11 - 00000000 ____D () C:\Users\JaywanInc\AppData\Roaming\AVAST Software
2014-12-29 09:10 - 2014-12-29 09:10 - 00002024 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2014-12-29 09:10 - 2014-12-29 09:10 - 00001964 _____ () C:\Users\Public\Desktop\Avast Pro Antivirus.lnk
2014-12-29 09:10 - 2014-12-29 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-29 09:09 - 2014-12-29 09:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-29 09:09 - 2014-12-29 09:10 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-29 09:09 - 2014-12-29 09:10 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-29 09:09 - 2014-12-29 09:09 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-29 09:09 - 2014-12-29 09:09 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-29 09:09 - 2014-12-29 09:09 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-29 09:09 - 2014-12-29 09:09 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-29 09:09 - 2014-12-29 09:09 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-29 09:09 - 2014-12-29 09:09 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-29 09:09 - 2014-12-29 09:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-29 09:09 - 2014-12-29 09:09 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-29 09:09 - 2014-12-29 09:08 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-12-29 09:06 - 2014-12-29 09:06 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-29 09:05 - 2014-12-29 09:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-29 07:04 - 2014-12-29 07:04 - 00000000 ____D () C:\Users\JaywanInc\AppData\Roaming\Avg_Update_1014av
2014-12-29 07:03 - 2014-12-29 07:03 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2014-12-29 06:56 - 2014-12-29 06:56 - 00000000 ____D () C:\Users\JaywanInc\AppData\Roaming\TuneUp Software
2014-12-29 06:44 - 2014-12-29 09:24 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-29 06:44 - 2014-12-29 06:44 - 00000000 ____D () C:\Users\JaywanInc\AppData\Local\MFAData
2014-12-29 06:44 - 2014-12-29 06:44 - 00000000 ____D () C:\Users\JaywanInc\AppData\Local\Avg2014
2014-12-28 14:29 - 2014-12-28 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-28 10:07 - 2014-12-28 10:33 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-28 10:06 - 2014-12-28 10:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-28 09:54 - 2014-12-28 09:54 - 00000000 ____D () C:\Users\JaywanInc\AppData\Roaming\TaiG
2014-12-28 09:12 - 2014-12-28 09:12 - 00001941 _____ () C:\Users\Public\Desktop\Follow Liker (Twitter).lnk
2014-12-25 16:16 - 2014-12-25 16:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-12-25 09:50 - 2014-12-25 09:50 - 01846931 _____ () C:\Users\JaywanInc\AppData\Local\census.cache
2014-12-25 09:49 - 2014-12-25 09:49 - 00191596 _____ () C:\Users\JaywanInc\AppData\Local\ars.cache
2014-12-24 16:09 - 2014-12-28 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-24 16:00 - 2014-12-24 16:00 - 00000000 ____D () C:\Users\JaywanInc\AppData\Roaming\QuickScan
2014-12-24 16:00 - 2014-12-24 16:00 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-12-24 16:00 - 2014-12-24 16:00 - 00000000 ____D () C:\Program Files\Bitdefender
2014-12-24 16:00 - 2014-12-24 16:00 - 00000000 _____ () C:\Windows\system32\BDSandBoxUISkin32.dll
2014-12-24 16:00 - 2014-12-24 16:00 - 00000000 _____ () C:\Windows\system32\BDSandBoxUISkin.dll
2014-12-24 16:00 - 2014-12-24 16:00 - 00000000 _____ () C:\Windows\system32\BDSandBoxUH.dll
2014-12-24 15:59 - 2014-12-24 16:00 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-12-24 15:48 - 2014-12-24 15:48 - 00000010 _____ () C:\Users\JaywanInc\AppData\Local\sponge.last.runtime.cache
2014-12-24 15:40 - 2014-12-24 15:40 - 00000036 _____ () C:\Users\JaywanInc\AppData\Local\housecall.guid.cache
2014-12-24 15:40 - 2013-09-27 21:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-12-18 05:47 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 05:47 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 03:31 - 2014-12-10 03:31 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:05 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:05 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 00:44 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 00:44 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 00:44 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 00:44 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 00:44 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 00:44 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 00:44 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 00:44 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 00:44 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 00:44 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 00:44 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 00:44 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 00:44 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 00:44 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 00:44 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 00:44 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 00:44 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 00:44 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 00:44 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 00:44 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 00:44 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 00:44 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 00:44 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 00:44 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 00:44 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 00:44 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 00:44 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 00:44 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 00:44 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 00:44 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 00:44 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 00:44 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 00:44 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 00:44 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 00:44 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 00:44 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 00:44 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 00:44 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 00:44 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 00:44 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 00:44 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 00:44 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 00:44 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 00:44 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 00:44 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 00:44 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 00:44 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 00:44 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 00:44 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 00:44 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 00:44 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 00:44 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 00:44 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 00:44 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 00:44 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 00:44 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 00:44 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 00:44 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 00:44 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 00:44 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 00:44 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 00:44 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 00:44 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 00:44 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 00:44 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 00:44 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 00:44 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 00:44 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 00:44 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 00:44 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 00:44 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 00:44 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 00:44 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 00:44 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 00:44 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 00:44 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 00:44 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 00:44 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 00:44 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 08:55 - 2014-12-09 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-01 15:44 - 2014-12-01 15:44 - 00001190 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-12-01 15:44 - 2014-12-01 15:44 - 00001178 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-12-01 15:44 - 2014-12-01 15:44 - 00000000 ____D () C:\Program Files\paint.net
2014-12-01 15:43 - 2014-12-01 15:45 - 00000000 ____D () C:\Users\JaywanInc\AppData\Local\paint.net
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 13:24 - 2013-08-15 21:00 - 00000000 ____D () C:\Users\JaywanInc\AppData\Roaming\Skype
2014-12-31 13:13 - 2014-01-03 10:21 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195229347-4273681978-1507811316-1000UA.job
2014-12-31 12:50 - 2013-08-14 15:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 12:47 - 2013-07-24 03:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 12:26 - 2013-07-24 05:35 - 01305628 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 10:50 - 2013-08-14 15:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 07:57 - 2014-05-14 10:32 - 00000000 ____D () C:\Users\JaywanInc\AppData\Roaming\Follow Liker
2014-12-30 21:10 - 2013-08-14 15:57 - 00000000 ____D () C:\Users\JaywanInc\AppData\Roaming\uTorrent
2014-12-30 20:22 - 2013-08-14 15:59 - 00000000 ____D () C:\Users\JaywanInc\Desktop\NEW Movies
2014-12-30 18:22 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 18:22 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 16:13 - 2014-01-03 10:21 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195229347-4273681978-1507811316-1000Core.job
2014-12-30 13:26 - 2013-08-14 16:05 - 00001318 _____ () C:\Users\JaywanInc\Desktop\PW.txt
2014-12-30 12:13 - 2013-08-14 15:51 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-30 11:28 - 2013-09-10 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-30 11:27 - 2014-01-03 11:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-30 11:26 - 2014-01-03 14:35 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-30 11:16 - 2013-07-24 03:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-30 11:16 - 2013-07-24 03:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 11:16 - 2013-07-24 03:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-29 18:22 - 2009-07-14 00:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 18:18 - 2013-08-16 12:16 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-29 18:17 - 2013-07-24 04:25 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-29 18:17 - 2013-07-24 04:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-29 18:17 - 2013-07-24 04:10 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-29 18:16 - 2014-01-03 15:29 - 00000000 ____D () C:\Windows\Minidump
2014-12-29 18:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 18:16 - 2009-07-13 23:51 - 00044828 _____ () C:\Windows\setupact.log
2014-12-29 18:15 - 2014-01-03 15:29 - 830786078 _____ () C:\Windows\MEMORY.DMP
2014-12-29 18:15 - 2010-11-20 22:47 - 00184638 _____ () C:\Windows\PFRO.log
2014-12-29 09:39 - 2013-12-06 18:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-29 09:39 - 2013-12-06 18:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-29 09:32 - 2013-07-24 04:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-29 09:24 - 2013-08-14 15:43 - 00000000 ____D () C:\Users\JaywanInc
2014-12-29 08:38 - 2013-08-16 13:26 - 00000000 ____D () C:\ProgramData\Apple
2014-12-29 07:35 - 2013-08-14 16:03 - 00000000 ____D () C:\Users\JaywanInc\Desktop\twit_follower
2014-12-29 07:33 - 2014-05-14 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Follow Liker
2014-12-28 10:10 - 2013-08-16 12:16 - 00000000 ____D () C:\Users\JaywanInc\AppData\Roaming\Apple Computer
2014-12-28 10:10 - 2013-08-16 12:16 - 00000000 ____D () C:\Users\JaywanInc\AppData\Local\Apple Computer
2014-12-19 20:27 - 2013-10-10 02:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-19 20:27 - 2013-10-10 02:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-16 18:45 - 2014-09-21 11:19 - 00001963 _____ () C:\Users\JaywanInc\Desktop\JaywanIncTWEETS.txt
2014-12-14 03:01 - 2013-10-10 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 03:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 03:18 - 2013-11-01 16:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 03:52 - 2013-08-14 15:55 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 03:31 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:14 - 2014-06-24 12:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:12 - 2013-08-31 10:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:06 - 2013-08-31 10:58 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-01 14:34 - 2014-05-28 17:54 - 00000000 ____D () C:\Program Files (x86)\CuteFTP
 
Some content of TEMP:
====================
C:\Users\JaywanInc\AppData\Local\Temp\dateinj01.dll
C:\Users\JaywanInc\AppData\Local\Temp\folikr_update.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 01:44
 
==================== End Of Log ============================


#9 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:34 PM

Posted 31 December 2014 - 02:40 PM

Look in Firefox: Tools>Options>Advanced>Network tab>Settings

 

Did you manually add all those proxy settings you see? I hope so because if you didnt your "owned"

 

Do you use a proxy server?  All your web browsing is going through this IP: 204.228.129.46

 

Do you upload files somewhere via FTP?  Check out those IP's do you recognize them?


How Can I Reduce My Risk to Malware?


#10 mikedeliani

mikedeliani
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 31 December 2014 - 02:48 PM

Yes, I believe at some point I did use a proxy server in Firefox but not normally.  Also, my Firefox settings are set to NOT use a proxy. So, there's not any traffic going through a proxy I dont believe.

 

And yes, I do upload files to our website's ftp server.


Edited by mikedeliani, 31 December 2014 - 02:49 PM.


#11 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:34 PM

Posted 31 December 2014 - 05:02 PM

Ok. Lets get another download and see if it digs up anything:

 

Please download adwcleaner from here and save to your desktop.

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Note: The log can also be located at C: > AdwCleaner > AdwCleaner[S0].txt


How Can I Reduce My Risk to Malware?


#12 mikedeliani

mikedeliani
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 01 January 2015 - 01:04 PM

I can't get this program to work on my computer.  It scans but there is nothing to clean.



#13 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:34 PM

Posted 01 January 2015 - 06:51 PM

If theres nothing to clean then it didnt find anything that needs removing, which is good. Lets get another download to use:

 

Please download RogueKiller.exe and save to the desktop:

 

http://www.bleepingcomputer.com/download/roguekiller/

 

    Close all windows and browsers, disconnect any USB or external drives before running the tool.
    Right-click the program and select 'Run as Administrator'
    Wait for the prescan to complete and then press the Scan button.
    When the scan is done press the Report button. Dont fix anything yet.
    Please copy/paste the results in your next reply.
    File>Exit to close Roguekiller

Lets get this also:

 

Download Malwarebytes Anti-Rootkit to your desktop.  BETA

http://www.malwarebytes.org/antirootkit/

    Double-click the icon to start the tool.
    The archive will extract a folder named "mbar" to your desktop by default-unless changed
    Click in the introduction screen "next" to continue.
    Click in the following screen "Update" to obtain the latest malware definitions.
    Once the update is complete select "Next" and click "Scan".
    When the scan is finished and no malware has been found select "Exit".
    If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    Open the MBAR folder and copy/paste the contents of the following two text files in your next reply:

   1)  "mbar-log-{date} (xx-xx-xx).txt"
   2)  "system-log


Edited by shelf life, 01 January 2015 - 06:57 PM.
added stuff

How Can I Reduce My Risk to Malware?


#14 mikedeliani

mikedeliani
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 02 January 2015 - 09:07 AM

RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JaywanInc [Administrator]
Mode : Scan -- Date : 01/02/2015  09:05:46
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FOLIKRSV ("C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe" --defaults-file="C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\srv.ini" FOLIKRSV) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FOLIKRSV ("C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe" --defaults-file="C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\srv.ini" FOLIKRSV) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FOLIKRSV ("C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe" --defaults-file="C:\Users\JaywanInc\AppData\Roaming\Follow Liker\mdb\bin\srv.ini" FOLIKRSV) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3195229347-4273681978-1507811316-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3195229347-4273681978-1507811316-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] dwtr06ei.default : user_pref("network.proxy.http", "204.228.129.46"); -> Found
[PUM.Proxy][FIREFX:Config] dwtr06ei.default : user_pref("network.proxy.http_port", 8080); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA TOSHIBA MQ01ABF0 SCSI Disk Device +++++
--- User ---
[MBR] c83783c38085fad56bc4bb506c18d3f3
[BSP] 99535b00af9b43a8a32e2292ba36a083 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15542 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31911936 | Size: 461357 MB
User = LL1 ... OK
User = LL2 ... OK
 


#15 mikedeliani

mikedeliani
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 02 January 2015 - 10:22 AM

No Malware was detected with the MaylwareBytes scan






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users