Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe Update Virus and immense amounts of temporary files


  • This topic is locked This topic is locked
14 replies to this topic

#1 ihavanswer

ihavanswer

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:20 PM

Posted 03 January 2015 - 05:09 PM

Hello!

I keep getting a popup asking to update Adobe Flash player and I know it is fake.

I have scanned with JRT ADWCleaner Malwarebytes AVG and CCleaner (registry and files*).

I am unable to make this virus go away.  It also uses 100% of my cpu on and off every second-ish.

*When I scanned with CCleaner, I canceled it because it was "stuck" at 23% when I did this, it found about a gigabyte of system temporary files that were never there before, especially in that quantity.

I'm usually the one trying to help people but this time I am lost... :P

Please send help! :)

 

EDIT 1: Logs coming soon

 

EDIT 2: "My Computer" icon appeared on my desktop, links to "C:\Users\Ben\AppData\Roaming\ScanDisc.exe shortcut"

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.67.2
Run by Ben at 18:00:03 on 2015-01-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8168.5556 [GMT -5:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\AUDIODG.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\AutoKMS\AutoKMS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Avatron\Air Display\AVTHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NetDrive2\mounter.exe
C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\NetDrive2\nd2sp.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\windows\system32\taskeng.exe
C:\windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\rundll32.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\SysWOW64\dxdiag.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [MacsFanControl] "C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe" /minimized
uRun: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [f.lux] "C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [NetDrive2] "C:\PROGRA~1\NETDRI~1\NetDrive2.exe" -tray
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [KrakenLauncher] C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe /start
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MACSFA~1.LNK - C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{92784246-1315-4DFB-9FA1-2C3EAA53135D}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{92784246-1315-4DFB-9FA1-2C3EAA53135D}\74C656E6E675962756C6563737 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{92784246-1315-4DFB-9FA1-2C3EAA53135D}\74C656E6E675962756C6563737548747 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A9D5D9FD-F7E0-43EC-8994-B539AB9BF34A} : DHCPNameServer = 192.168.2.1 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: WB - C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\windows\System32\drivers\AppleHFS.sys [2011-6-29 72024]
R0 AppleMNT;AppleMNT;C:\windows\System32\drivers\AppleMNT.sys [2011-6-29 16216]
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-10-29 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 AVPCIFilter;Avatron PCI Bus Device Filter;C:\windows\System32\drivers\AVPCIFilter.sys [2013-12-4 36344]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-12-29 56208]
R0 vsock;vSockets Driver;C:\windows\System32\drivers\vsock.sys [2014-1-3 73296]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2012-9-4 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-10-24 237848]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-10-20 269080]
R1 RzFilter;RzFilter;C:\windows\System32\drivers\RzFilter.sys [2014-12-7 74432]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2014-9-15 239616]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\windows\System32\AppleOSSMgr.exe [2011-6-29 224640]
R2 AppleTimeSrv;Apple Time Service;C:\windows\System32\AppleTimeSrv.exe [2011-6-29 111488]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-11-7 1417160]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-11-7 3247120]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-11-7 289328]
R2 AVTHelper;AVTHelper;C:\Program Files\Avatron\Air Display\AVTHelper.exe [2013-12-4 237048]
R2 Dokan_NetDrive2;Dokan_NetDrive2;C:\Program Files\NetDrive2\dokan.sys [2014-11-18 117952]
R2 DokanMounter_Dokan_NetDrive2;DokanMounter_Dokan_NetDrive2;C:\Program Files\NetDrive2\mounter.exe [2014-11-12 28160]
R2 KeyAgent;KeyAgent;C:\windows\System32\drivers\KeyAgent.sys [2011-6-29 17752]
R2 KinoniSvc;Kinoni Service;C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [2013-2-26 525312]
R2 MacHALDriver;Mac HAL;C:\windows\System32\drivers\MacHALDriver.sys [2011-6-29 22872]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-2 1871160]
R2 notifierNetDrive2;NetDrive2 Notifier;C:\Program Files\NetDrive2\nd2sp.exe [2014-11-18 75112]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 rzpmgrk;rzpmgrk;C:\windows\System32\drivers\rzpmgrk.sys [2014-12-30 37184]
R2 rzpnk;rzpnk;C:\windows\System32\drivers\rzpnk.sys [2014-11-29 129600]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-7 4799760]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-10-9 905272]
R3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2010-11-21 9728]
R3 AirDisplay;Air Display Support;C:\windows\System32\drivers\AVVideoCard.sys [2013-12-4 15352]
R3 AirDisplayMirror;Air Display Mirror Support;C:\windows\System32\drivers\AVVideoCardMirror.sys [2013-12-4 15352]
R3 AirDisplayWDDM;AirDisplayWDDM;C:\windows\System32\drivers\AVWDDMMiniPort.sys [2013-12-4 48632]
R3 applebmt;Apple Wireless Mouse;C:\windows\System32\drivers\applebmt.sys [2013-4-1 52736]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\windows\System32\drivers\AppleBtBc.sys [2013-4-1 18944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 CirrusFilter;CS420xLowerFilter;C:\windows\System32\drivers\CS420x64.sys [2013-4-1 18432]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\windows\System32\drivers\IRFilter.sys [2013-4-1 18432]
R3 KeyMagic;USB Keyboard HID Filter;C:\windows\System32\drivers\KeyMagic.sys [2013-4-1 32256]
R3 KINONI_Wave;Kinoni Audio Source;C:\windows\System32\drivers\kinonivad.sys [2013-2-26 23040]
R3 kinonivd;Kinoni Video Source;C:\windows\System32\drivers\kinonivd.sys [2013-2-26 2782848]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-4-2 25816]
R3 RzDxgk;RzDxgk;C:\windows\System32\drivers\RzDxgk.sys [2014-12-7 129472]
R3 rzendpt;rzendpt;C:\windows\System32\drivers\rzendpt.sys [2014-9-4 39592]
R3 rzjstk;Razer Virtual Joystick Driver;C:\windows\System32\drivers\rzjstk.sys [2014-9-4 27816]
R3 rzkeypadendpt;Razer Keypad Endpoint;C:\windows\System32\drivers\rzkeypadendpt.sys [2014-9-4 33448]
R3 rzmpos;rzmpos;C:\windows\System32\drivers\rzmpos.sys [2014-9-4 35496]
R3 rzudd;Razer Mouse Driver;C:\windows\System32\drivers\rzudd.sys [2014-9-4 160424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-2 969016]
S2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-12-9 186048]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-1 2655768]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-4-2 63704]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 SilvrLnk;SilverLink (USB GraphLink) Cable;C:\windows\System32\drivers\silvrlnk.sys [2013-4-1 129536]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-4-3 1255736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2015-01-03 22:07:26 829952 ----a-w- C:\Users\Ben\AppData\Roaming\ScanDisc.exe
2015-01-03 22:07:26 288 ----a-w- C:\Users\Ben\AppData\Roaming\C4729784.reg
2015-01-03 19:52:49 -------- d-----w- C:\windows\ERUNT
2015-01-03 19:31:21 -------- d-----w- C:\AdwCleaner
2015-01-01 17:26:32 -------- d-----w- C:\Program Files\HitmanPro
2015-01-01 17:25:22 -------- d-----w- C:\ProgramData\HitmanPro
2015-01-01 05:15:56 -------- d-----w- C:\ProgramData\RayutIpaze
2014-12-30 22:52:08 37184 ----a-w- C:\windows\System32\drivers\rzpmgrk.sys
2014-12-23 20:53:21 215912 ----a-w- C:\windows\System32\NetDrive2.nd2np.dll
2014-12-23 20:53:21 186728 ----a-w- C:\windows\SysWow64\NetDrive2.nd2np.dll
2014-12-19 03:22:14 9728 ----a-w- C:\windows\SysWow64\RzStats.IPC.dll
2014-12-18 07:50:45 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-18 07:50:45 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-12-11 23:06:00 -------- d-----w- C:\Users\Ben\AppData\Roaming\MassTube
2014-12-11 23:05:59 -------- d-----w- C:\Programs
2014-12-11 08:39:52 -------- d-----w- C:\windows\System32\appraiser
2014-12-11 08:07:13 3209728 ----a-w- C:\windows\SysWow64\mf.dll
2014-12-11 08:07:12 4121600 ----a-w- C:\windows\System32\mf.dll
2014-12-10 21:02:28 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-10 21:02:28 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-10 21:02:28 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-10 21:02:28 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-12-10 21:02:28 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-12-10 21:02:27 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-10 21:02:27 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-10 21:02:26 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-07 18:44:37 74432 ----a-w- C:\windows\System32\drivers\RzFilter.sys
2014-12-07 18:44:35 129472 ----a-w- C:\windows\System32\drivers\RzDxgk.sys
2014-12-07 18:43:10 -------- d-----w- C:\windows\Razer Core
.
==================== Find3M  ====================
.
2015-01-03 20:18:07 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 11:14:22 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-19 01:47:50 1691816 ----a-w- C:\windows\System32\FM20.DLL
2014-11-17 21:37:21 129600 ----a-w- C:\windows\System32\drivers\rzpnk.sys
2014-11-11 10:27:16 80384 ----a-w- C:\windows\System32\RazerCoinstaller.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\windows\System32\charmap.exe
2014-10-30 02:03:36 123672 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2014-10-30 01:45:43 155136 ----a-w- C:\windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-24 15:20:06 237848 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2014-10-20 20:15:50 269080 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2014-10-18 02:05:23 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-10-09 09:07:10 89088 ----a-w- C:\windows\SysWow64\rzdevinfo.dll
.
============= FINISH: 18:02:15.81 ===============

Edited by ihavanswer, 03 January 2015 - 06:07 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:20 PM

Posted 08 January 2015 - 01:31 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 ihavanswer

ihavanswer
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:20 PM

Posted 08 January 2015 - 03:26 PM

Hello and thank you for responding. Logs after a brief update.  The "Adobe" popup has stopped coming up, but now there is a more serious problem.  Most of the time my CPU is running at 100%ish and ram is about 90% full.  If you notice in my addition log, my AVG security is disabled.  This is the only temporary fix that allows me to use my computer for the time being.  Also, I just noticed that while i type into this box, my window keeps being deselected and my cursor is not in the box.  Also, I did not clean the temporary files because while the CPU is running at 100ish (signifying that the virus is running) the temporary files are being created at a rapid pace.  It took hours last time for them all to be deleted and within hours i had 500ish new ones, so i ran the FRST scan...log time

 

EDIT 1: Now my UAC is blocking AdobeUpdate_##########.exe or something like that, using 100% of my cpu, and when i click "no on the UAC window, another one pops up in about 1/5th of a second for the same thing...

 

EDIT 2: AVG keeps quarantining things, so the UAC has stopped because that file was quarantined, but i know that i have the Eraem Vire Studaa 2021 virus hidden in a second copy (inactive) of the adobe virus.  It has only been mentioned on the forums twice in the past couple days, but is relatively new. The situation seems to be changing a lot every time i reboot my computer.

 

EDIT 3:  In researching the names of suspicious files on my computer and processes that were going crazy, i found many of the files linked back to the poweliks backdoor, which i scanned for using bleepingcomputer's manual, and it is indeed on my computer.  I did not run the removal because i am only supposed to do what you say while requesting help, but i am at the ready for the command to run the cleaner, just tell me when i can, please. :)

----------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Ben (administrator) on BEN-IMAC on 08-01-2015 15:13:38
Running from C:\Users\Ben\Desktop
Loaded Profile: Ben (Available profiles: Ben)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Avatron Software) C:\Program Files\Avatron\Air Display\AVTHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows ® Win 7 DDK provider) C:\Program Files\NetDrive2\mounter.exe
() C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Bdrive Inc.) C:\Program Files\NetDrive2\nd2sp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [1486128 2014-06-11] (Razer Inc)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [MacsFanControl] => C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe [1360384 2014-09-07] (CrystalIDEA Software)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [Google Update] => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-03] (Google Inc.)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [f.lux] => C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [NetDrive2] => C:\Program Files\NetDrive2\NetDrive2.exe [12223960 2014-12-20] (Bdrive Inc)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\MountPoints2: {2023891c-e3a0-11e3-b848-3451c9eee74a} - F:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacsFanControl.lnk
ShortcutTarget: MacsFanControl.lnk -> C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe (CrystalIDEA Software)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [1SecurityInfoIcons] -> {C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A} =>  No File
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1550224419-736723516-2154025555-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1550224419-736723516-2154025555-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @talk.google.com/O1DPlugin -> C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Ben\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ben\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-12-29]
 
Chrome: 
=======
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-01]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2013-12-07]
CHR Extension: (Razer) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbcjclholhnenkngiajifpenjnklokk [2014-12-02]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-01]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-01]
CHR Extension: (AdBlock) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-22]
CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-01]
CHR HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Chrome\Extension: [ahlgmchheelpdfhnjemdllikjjlafmio] - C:\Users\Ben\AppData\Local\CRE\ahlgmchheelpdfhnjemdllikjjlafmio.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ahlgmchheelpdfhnjemdllikjjlafmio] - C:\Users\Ben\AppData\Local\CRE\ahlgmchheelpdfhnjemdllikjjlafmio.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVTHelper; C:\Program Files\Avatron\Air Display\AVTHelper.exe [237048 2013-12-04] (Avatron Software)
R2 DokanMounter_Dokan_NetDrive2; C:\Program Files\NetDrive2\mounter.exe [28160 2014-11-12] (Windows ® Win 7 DDK provider) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 notifierNetDrive2; C:\Program Files\NetDrive2\nd2sp.exe [75112 2014-12-20] (Bdrive Inc.)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2014-08-14] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [15352 2013-12-04] (Windows ® Win 7 DDK provider)
R3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [15352 2013-12-04] (Windows ® Win 7 DDK provider)
R3 AirDisplayWDDM; C:\Windows\System32\DRIVERS\AVWDDMMiniPort.sys [48632 2013-12-04] (Windows ® Win 7 DDK provider)
R3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-03] (Apple Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R0 AVPCIFilter; C:\Windows\System32\DRIVERS\AVPCIFilter.sys [36344 2013-12-04] (Windows ® Win 7 DDK provider)
R2 Dokan_NetDrive2; C:\Program Files\NetDrive2\dokan.sys [117952 2014-07-03] (Windows ® Win 7 DDK provider)
R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows ® Win 7 DDK provider)
R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 RzDxgk; C:\windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R1 RzFilter; C:\windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-09-04] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [33448 2014-09-04] (Razer Inc)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15104 2012-10-15] (Headsoft)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 ElRawDisk; \??\C:\windows\system32\drivers\rsdrvx64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 15:13 - 2015-01-08 15:15 - 00023854 _____ () C:\Users\Ben\Desktop\FRST.txt
2015-01-08 15:12 - 2015-01-08 15:13 - 00000000 ____D () C:\FRST
2015-01-08 14:51 - 2015-01-08 14:51 - 02124288 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2015-01-08 14:50 - 2015-01-08 14:50 - 00448512 _____ (OldTimer Tools) C:\Users\Ben\Desktop\TFC.exe
2015-01-04 12:16 - 2015-01-08 14:46 - 00003490 _____ () C:\windows\System32\Tasks\AutoKMS
2015-01-04 10:05 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-01-04 10:05 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-01-04 10:05 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-01-04 10:05 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-01-03 22:37 - 2015-01-03 22:37 - 00004950 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Ben-IMAC-Ben Ben-IMAC
2015-01-03 18:18 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-01-03 18:18 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-03 18:18 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-03 18:18 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-01-03 18:18 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-01-03 18:18 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-01-03 18:18 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-01-03 18:18 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-01-03 18:18 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-01-03 18:18 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-01-03 18:18 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-03 18:18 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-01-03 18:18 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-01-03 18:18 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-01-03 18:18 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-01-03 18:18 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-01-03 18:18 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-01-03 18:18 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2015-01-03 18:17 - 2015-01-03 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-03 18:17 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-01-03 18:17 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2015-01-03 18:17 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-03 18:02 - 2015-01-03 18:02 - 00025196 _____ () C:\Users\Ben\Desktop\dds.txt
2015-01-03 18:02 - 2015-01-03 18:02 - 00015288 _____ () C:\Users\Ben\Desktop\ddsattach.txt
2015-01-03 18:00 - 2015-01-03 18:00 - 00117856 _____ () C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 17:59 - 2015-01-03 17:59 - 00688992 ____R (Swearware) C:\Users\Ben\Downloads\dds.com
2015-01-03 17:55 - 2015-01-04 12:09 - 00000280 _____ () C:\windows\setupact.log
2015-01-03 17:55 - 2015-01-03 18:23 - 00001324 _____ () C:\windows\PFRO.log
2015-01-03 17:55 - 2015-01-03 17:55 - 05071792 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-03 17:55 - 2015-01-03 17:55 - 00000000 _____ () C:\windows\setuperr.log
2015-01-03 17:07 - 2015-01-03 17:07 - 00001679 _____ () C:\Users\Ben\Desktop\Computer.lnk
2015-01-03 17:07 - 2015-01-03 17:07 - 00000288 _____ () C:\Users\Ben\AppData\Roaming\C4729784.reg
2015-01-03 17:07 - 2015-01-03 16:50 - 00829952 _____ (VMware, Inc.) C:\Users\Ben\AppData\Roaming\ScanDisc.exe
2015-01-03 15:54 - 2015-01-03 15:54 - 00000632 _____ () C:\Users\Ben\Documents\cc_20150103_155446.reg
2015-01-03 14:52 - 2015-01-03 14:52 - 00000000 ____D () C:\windows\ERUNT
2015-01-03 14:31 - 2015-01-03 14:37 - 00000000 ____D () C:\AdwCleaner
2015-01-01 13:11 - 2015-01-01 13:11 - 00020590 _____ () C:\windows\system32\.crusader
2015-01-01 12:26 - 2015-01-01 12:26 - 00001901 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-01 12:26 - 2015-01-01 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-01 12:26 - 2015-01-01 12:26 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-01 12:25 - 2015-01-01 13:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-01 11:46 - 2015-01-01 11:46 - 00000219 _____ () C:\Users\Ben\Desktop\Counter-Strike Source.url
2015-01-01 00:15 - 2015-01-03 15:48 - 00000000 ____D () C:\ProgramData\RayutIpaze
2014-12-31 18:17 - 2014-12-31 18:17 - 00000220 _____ () C:\Users\Ben\Desktop\Garry's Mod.url
2014-12-31 11:49 - 2014-12-31 11:49 - 00015872 _____ () C:\Users\Ben\AppData\Roaming\chatterer.fye
2014-12-30 17:52 - 2014-12-09 17:21 - 00037184 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpmgrk.sys
2014-12-23 15:53 - 2014-12-20 03:30 - 00215912 _____ (Bdrive Inc.) C:\windows\system32\NetDrive2.nd2np.dll
2014-12-23 15:53 - 2014-12-20 03:30 - 00186728 _____ (Bdrive Inc.) C:\windows\SysWOW64\NetDrive2.nd2np.dll
2014-12-20 23:54 - 2014-12-20 23:54 - 00000219 _____ () C:\Users\Ben\Desktop\Counter-Strike Global Offensive.url
2014-12-18 22:22 - 2014-12-18 22:22 - 00009728 _____ (Razer Inc.) C:\windows\SysWOW64\RzStats.IPC.dll
2014-12-18 02:50 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 02:50 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-11 18:43 - 2014-12-11 18:43 - 00000000 ____D () C:\Users\Ben\Documents\Any Video Converter
2014-12-11 18:18 - 2014-12-11 18:18 - 00001207 _____ () C:\Users\Ben\Desktop\Any Video Converter.lnk
2014-12-11 18:06 - 2014-12-11 18:09 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\MassTube
2014-12-11 18:06 - 2014-12-11 18:06 - 00000000 ____D () C:\Users\Ben\Documents\MassTube
2014-12-11 15:09 - 2014-12-20 20:48 - 00005694 _____ () C:\Users\Ben\Documents\cc_20141211_150937.reg
2014-12-11 03:39 - 2014-12-11 03:39 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-11 03:07 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-11 03:07 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 16:02 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 16:02 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-10 16:01 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 16:01 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 16:01 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 16:01 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 16:01 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 16:01 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 16:01 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 16:01 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 16:01 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 16:01 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 16:01 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 16:01 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 16:01 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 16:01 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 16:01 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 16:01 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 16:01 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 16:01 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 16:01 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 16:01 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 16:01 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 16:01 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 16:01 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 16:01 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 16:01 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 16:01 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 16:01 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 16:01 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 16:01 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 16:01 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 16:01 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 16:01 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 16:01 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 16:01 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 16:01 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 16:01 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 16:01 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 16:01 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 16:01 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 16:01 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 16:01 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 16:01 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 16:01 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 16:01 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 16:01 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 16:01 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 16:01 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 16:01 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 16:01 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 16:01 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 16:01 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 16:01 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 16:01 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 16:01 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 16:01 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 16:01 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 16:00 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 16:00 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 16:00 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 16:00 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 16:00 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 16:00 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 16:00 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 16:00 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 16:00 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 16:00 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 16:00 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 16:00 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 16:00 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 16:00 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 16:00 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 15:14 - 2014-03-20 15:17 - 00000000 ____D () C:\Users\Ben\AppData\Local\CrashDumps
2015-01-08 15:00 - 2013-04-01 21:00 - 01530670 _____ () C:\windows\WindowsUpdate.log
2015-01-08 14:56 - 2014-04-03 16:27 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1550224419-736723516-2154025555-1000UA.job
2015-01-08 14:53 - 2014-04-03 16:27 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1550224419-736723516-2154025555-1000Core.job
2015-01-08 14:52 - 2013-04-01 14:29 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 14:51 - 2013-04-01 14:40 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Skype
2015-01-08 14:46 - 2013-08-13 19:21 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 14:46 - 2013-04-01 14:29 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 14:46 - 2009-07-13 23:45 - 00031152 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 14:46 - 2009-07-13 23:45 - 00031152 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 14:45 - 2014-05-31 13:54 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Raptr
2015-01-06 14:58 - 2013-04-01 15:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-05 03:00 - 2013-04-22 15:15 - 00000000 ____D () C:\Users\Ben\AppData\Local\Adobe
2015-01-04 13:30 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-01-04 12:14 - 2013-04-03 19:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-04 12:10 - 2014-01-03 22:36 - 00000000 ____D () C:\ProgramData\VMware
2015-01-04 12:09 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-04 11:54 - 2014-01-03 22:50 - 00000000 ____D () C:\Users\Ben\Documents\Virtual Machines
2015-01-04 11:54 - 2014-01-03 22:39 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\VMware
2015-01-04 11:54 - 2014-01-03 22:39 - 00000000 ____D () C:\Users\Ben\AppData\Local\VMware
2015-01-04 00:31 - 2014-03-14 16:21 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\HexChat
2015-01-04 00:15 - 2013-05-19 14:35 - 00007625 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2015-01-03 21:49 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-03 21:32 - 2014-11-10 23:27 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-03 18:25 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-03 18:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-01-03 17:26 - 2013-09-20 15:31 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uTorrent
2015-01-03 17:26 - 2013-04-24 21:28 - 00000000 ____D () C:\windows\Minidump
2015-01-03 15:18 - 2014-04-02 21:44 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 11:46 - 2013-04-26 05:26 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-01 00:25 - 2014-03-30 13:28 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-31 22:30 - 2014-02-12 16:14 - 00000000 ____D () C:\Users\Ben\AppData\Local\Battle.net
2014-12-31 20:54 - 2014-02-12 16:14 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-31 20:50 - 2014-02-12 16:14 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Battle.net
2014-12-31 18:25 - 2013-05-05 15:54 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\.minecraft
2014-12-31 11:47 - 2014-02-05 17:22 - 00000000 ___RD () C:\Users\Ben\Dropbox
2014-12-31 11:47 - 2014-02-05 17:18 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Dropbox
2014-12-30 17:41 - 2014-11-18 19:38 - 00000000 ____D () C:\Program Files\NetDrive2
2014-12-23 15:53 - 2014-11-18 19:41 - 00000832 _____ () C:\Users\Public\Desktop\NetDrive2.lnk
2014-12-23 15:47 - 2014-11-18 19:42 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\NetDrive2
2014-12-20 21:09 - 2013-05-24 23:28 - 00000000 ____D () C:\Program Files (x86)\Heroes of Newerth
2014-12-20 00:54 - 2013-04-01 14:04 - 00000000 ____D () C:\Users\Ben\AppData\Local\VirtualStore
2014-12-18 15:24 - 2014-02-05 17:19 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 17:44 - 2014-06-15 20:49 - 00000000 ____D () C:\Users\Ben\Downloads\SAO Light Novels Vol. 1-13
2014-12-13 11:58 - 2014-11-12 23:02 - 00000000 ____D () C:\Users\Ben\AppData\Local\osu!
2014-12-13 10:18 - 2013-10-17 15:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-11 18:18 - 2013-09-23 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-12-11 18:17 - 2013-09-23 16:59 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\AnvSoft
2014-12-11 18:17 - 2013-09-23 16:59 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-12-11 15:07 - 2013-08-13 20:04 - 00000000 ____D () C:\Users\Ben\AppData\Local\TERA
2014-12-11 14:51 - 2014-03-11 15:06 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\TS3Client
2014-12-11 14:51 - 2013-04-17 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-12-11 14:33 - 2014-05-31 13:54 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-11 03:39 - 2014-05-07 02:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-11 03:39 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-11 03:23 - 2014-03-17 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 03:23 - 2014-03-17 13:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:21 - 2013-08-11 02:04 - 00000000 ____D () C:\windows\system32\MRT
2014-12-11 03:13 - 2013-04-17 13:48 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-10 15:32 - 2013-04-01 14:40 - 00000000 ____D () C:\ProgramData\Skype
2014-12-10 15:31 - 2014-10-15 13:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-09 19:22 - 2014-02-12 16:55 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-09 19:18 - 2013-04-27 15:22 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-12-09 14:46 - 2014-05-31 13:42 - 00000000 ____D () C:\AMD
2014-12-09 14:43 - 2014-11-29 10:35 - 00000000 ____D () C:\Program Files (x86)\Razer
 
Files to move or delete:
====================
C:\Users\Ben\jagex_cl_runescape_LIVE.dat
C:\Users\Ben\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\1871KrakenDevProps.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 13:23
 
==================== End Of Log ============================

Attached Files


Edited by ihavanswer, 08 January 2015 - 04:58 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:20 PM

Posted 09 January 2015 - 08:07 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [1SecurityInfoIcons] -> {C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1550224419-736723516-2154025555-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1550224419-736723516-2154025555-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Chrome\Extension: [ahlgmchheelpdfhnjemdllikjjlafmio] - C:\Users\Ben\AppData\Local\CRE\ahlgmchheelpdfhnjemdllikjjlafmio.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ahlgmchheelpdfhnjemdllikjjlafmio] - C:\Users\Ben\AppData\Local\CRE\ahlgmchheelpdfhnjemdllikjjlafmio.crx [Not Found]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 ElRawDisk; \??\C:\windows\system32\drivers\rsdrvx64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===


Please run the Farbar tool one more time and post a fresh FRST log.

How is the computer running now?

#5 ihavanswer

ihavanswer
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:20 PM

Posted 09 January 2015 - 03:16 PM

It seems to be fixed but we will still need to scan for other viruses now that the backdoor is closed.

 

FIXLOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Ben at 2015-01-09 14:57:24 Run:1
Running from C:\Users\Ben\Desktop
Loaded Profile: Ben (Available profiles: Ben)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [1SecurityInfoIcons] -> {C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1550224419-736723516-2154025555-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1550224419-736723516-2154025555-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Chrome\Extension: [ahlgmchheelpdfhnjemdllikjjlafmio] - C:\Users\Ben\AppData\Local\CRE\ahlgmchheelpdfhnjemdllikjjlafmio.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ahlgmchheelpdfhnjemdllikjjlafmio] - C:\Users\Ben\AppData\Local\CRE\ahlgmchheelpdfhnjemdllikjjlafmio.crx [Not Found]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 ElRawDisk; \??\C:\windows\system32\drivers\rsdrvx64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB" => Key deleted successfully.
"HKU\S-1-5-21-1550224419-736723516-2154025555-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully.
"HKU\S-1-5-21-1550224419-736723516-2154025555-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecurityInfoIcons" => Key deleted successfully.
HKCR\CLSID\{C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1550224419-736723516-2154025555-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKU\S-1-5-21-1550224419-736723516-2154025555-1000\SOFTWARE\Google\Chrome\Extensions\ahlgmchheelpdfhnjemdllikjjlafmio" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ahlgmchheelpdfhnjemdllikjjlafmio" => Key deleted successfully.
cpuz136 => Service deleted successfully.
EagleX64 => Service deleted successfully.
ElRawDisk => Service deleted successfully.
GPUZ => Service deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:57:32 ====


#6 ihavanswer

ihavanswer
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:20 PM

Posted 09 January 2015 - 03:19 PM

and FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Ben (administrator) on BEN-IMAC on 09-01-2015 15:05:08
Running from C:\Users\Ben\Desktop
Loaded Profile: Ben (Available profiles: Ben)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\AutoKMS\AutoKMS.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Avatron Software) C:\Program Files\Avatron\Air Display\AVTHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows ® Win 7 DDK provider) C:\Program Files\NetDrive2\mounter.exe
() C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Bdrive Inc.) C:\Program Files\NetDrive2\nd2sp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(CrystalIDEA Software) C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Flux Software LLC) C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Flux Software LLC) C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [1486128 2014-06-11] (Razer Inc)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [MacsFanControl] => C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe [1360384 2014-09-07] (CrystalIDEA Software)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [Google Update] => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-03] (Google Inc.)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [f.lux] => C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [NetDrive2] => C:\Program Files\NetDrive2\NetDrive2.exe [12223960 2014-12-20] (Bdrive Inc)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [himnamm] => rundll32 "C:\Users\Ben\AppData\Local\himnamm.dll",himnamm <===== ATTENTION
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\MountPoints2: {2023891c-e3a0-11e3-b848-3451c9eee74a} - F:\TLBootstrap_WPP.exe
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacsFanControl.lnk
ShortcutTarget: MacsFanControl.lnk -> C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe (CrystalIDEA Software)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @talk.google.com/O1DPlugin -> C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Ben\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ben\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-12-29]
 
Chrome: 
=======
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-01]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2013-12-07]
CHR Extension: (Razer) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbcjclholhnenkngiajifpenjnklokk [2014-12-02]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-01]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-01]
CHR Extension: (AdBlock) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVTHelper; C:\Program Files\Avatron\Air Display\AVTHelper.exe [237048 2013-12-04] (Avatron Software)
R2 DokanMounter_Dokan_NetDrive2; C:\Program Files\NetDrive2\mounter.exe [28160 2014-11-12] (Windows ® Win 7 DDK provider) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 notifierNetDrive2; C:\Program Files\NetDrive2\nd2sp.exe [75112 2014-12-20] (Bdrive Inc.)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2014-08-14] ()
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [15352 2013-12-04] (Windows ® Win 7 DDK provider)
R3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [15352 2013-12-04] (Windows ® Win 7 DDK provider)
R3 AirDisplayWDDM; C:\Windows\System32\DRIVERS\AVWDDMMiniPort.sys [48632 2013-12-04] (Windows ® Win 7 DDK provider)
R3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-03] (Apple Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R0 AVPCIFilter; C:\Windows\System32\DRIVERS\AVPCIFilter.sys [36344 2013-12-04] (Windows ® Win 7 DDK provider)
R2 Dokan_NetDrive2; C:\Program Files\NetDrive2\dokan.sys [117952 2014-07-03] (Windows ® Win 7 DDK provider)
R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows ® Win 7 DDK provider)
R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 RzDxgk; C:\windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R1 RzFilter; C:\windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-09-04] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [33448 2014-09-04] (Razer Inc)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15104 2012-10-15] (Headsoft)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 16:55 - 2015-01-08 16:55 - 00504750 _____ () C:\Users\Ben\Desktop\ESETPoweliksCleaner.exe_20150108.165505.10764.log
2015-01-08 16:54 - 2015-01-08 16:54 - 00186568 _____ (ESET) C:\Users\Ben\Desktop\ESETPoweliksCleaner.exe
2015-01-08 16:01 - 2015-01-08 16:01 - 00003490 _____ () C:\windows\System32\Tasks\AutoKMS
2015-01-08 15:44 - 2015-01-09 15:00 - 00000788 _____ () C:\windows\Tasks\Security Center Update - 2962292213.job
2015-01-08 15:44 - 2015-01-08 15:58 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Ywabxe
2015-01-08 15:44 - 2015-01-08 15:47 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Local Store
2015-01-08 15:44 - 2015-01-08 15:44 - 00003792 _____ () C:\windows\System32\Tasks\Security Center Update - 2962292213
2015-01-08 15:42 - 2015-01-08 15:42 - 00000000 ____D () C:\ProgramData\lbyme
2015-01-08 15:16 - 2015-01-08 15:17 - 00048100 _____ () C:\Users\Ben\Desktop\Addition.txt
2015-01-08 15:13 - 2015-01-09 15:06 - 00022958 _____ () C:\Users\Ben\Desktop\FRST.txt
2015-01-08 15:12 - 2015-01-09 15:06 - 00000000 ____D () C:\FRST
2015-01-08 14:51 - 2015-01-08 14:51 - 02124288 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2015-01-08 14:50 - 2015-01-08 14:50 - 00448512 _____ (OldTimer Tools) C:\Users\Ben\Desktop\TFC.exe
2015-01-04 10:05 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-01-04 10:05 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-01-04 10:05 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-01-04 10:05 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-01-03 22:37 - 2015-01-03 22:37 - 00004950 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Ben-IMAC-Ben Ben-IMAC
2015-01-03 18:18 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-01-03 18:18 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-03 18:18 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-03 18:18 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-01-03 18:18 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-01-03 18:18 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-01-03 18:18 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-01-03 18:18 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-01-03 18:18 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-01-03 18:18 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-01-03 18:18 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-03 18:18 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-01-03 18:18 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-01-03 18:18 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-01-03 18:18 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-01-03 18:18 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-01-03 18:18 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-01-03 18:18 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2015-01-03 18:17 - 2015-01-03 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-03 18:17 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-01-03 18:17 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2015-01-03 18:17 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-03 18:02 - 2015-01-03 18:02 - 00025196 _____ () C:\Users\Ben\Desktop\dds.txt
2015-01-03 18:02 - 2015-01-03 18:02 - 00015288 _____ () C:\Users\Ben\Desktop\ddsattach.txt
2015-01-03 18:00 - 2015-01-03 18:00 - 00117856 _____ () C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 17:55 - 2015-01-09 14:59 - 00000448 _____ () C:\windows\setupact.log
2015-01-03 17:55 - 2015-01-03 18:23 - 00001324 _____ () C:\windows\PFRO.log
2015-01-03 17:55 - 2015-01-03 17:55 - 05071792 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-03 17:55 - 2015-01-03 17:55 - 00000000 _____ () C:\windows\setuperr.log
2015-01-03 17:07 - 2015-01-03 17:07 - 00001679 _____ () C:\Users\Ben\Desktop\Computer.lnk
2015-01-03 17:07 - 2015-01-03 17:07 - 00000288 _____ () C:\Users\Ben\AppData\Roaming\C4729784.reg
2015-01-03 15:54 - 2015-01-03 15:54 - 00000632 _____ () C:\Users\Ben\Documents\cc_20150103_155446.reg
2015-01-03 14:52 - 2015-01-03 14:52 - 00000000 ____D () C:\windows\ERUNT
2015-01-03 14:31 - 2015-01-03 14:37 - 00000000 ____D () C:\AdwCleaner
2015-01-01 13:11 - 2015-01-01 13:11 - 00020590 _____ () C:\windows\system32\.crusader
2015-01-01 12:26 - 2015-01-01 12:26 - 00001901 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-01 12:26 - 2015-01-01 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-01 12:26 - 2015-01-01 12:26 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-01 12:25 - 2015-01-01 13:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-01 11:46 - 2015-01-01 11:46 - 00000219 _____ () C:\Users\Ben\Desktop\Counter-Strike Source.url
2015-01-01 00:15 - 2015-01-08 16:02 - 00000000 ____D () C:\ProgramData\RayutIpaze
2014-12-31 18:17 - 2014-12-31 18:17 - 00000220 _____ () C:\Users\Ben\Desktop\Garry's Mod.url
2014-12-31 11:49 - 2014-12-31 11:49 - 00015872 _____ () C:\Users\Ben\AppData\Roaming\chatterer.fye
2014-12-30 17:52 - 2014-12-09 17:21 - 00037184 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpmgrk.sys
2014-12-23 15:53 - 2014-12-20 03:30 - 00215912 _____ (Bdrive Inc.) C:\windows\system32\NetDrive2.nd2np.dll
2014-12-23 15:53 - 2014-12-20 03:30 - 00186728 _____ (Bdrive Inc.) C:\windows\SysWOW64\NetDrive2.nd2np.dll
2014-12-20 23:54 - 2014-12-20 23:54 - 00000219 _____ () C:\Users\Ben\Desktop\Counter-Strike Global Offensive.url
2014-12-18 22:22 - 2014-12-18 22:22 - 00009728 _____ (Razer Inc.) C:\windows\SysWOW64\RzStats.IPC.dll
2014-12-18 02:50 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 02:50 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-11 18:43 - 2014-12-11 18:43 - 00000000 ____D () C:\Users\Ben\Documents\Any Video Converter
2014-12-11 18:18 - 2014-12-11 18:18 - 00001207 _____ () C:\Users\Ben\Desktop\Any Video Converter.lnk
2014-12-11 18:06 - 2014-12-11 18:09 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\MassTube
2014-12-11 18:06 - 2014-12-11 18:06 - 00000000 ____D () C:\Users\Ben\Documents\MassTube
2014-12-11 15:09 - 2014-12-20 20:48 - 00005694 _____ () C:\Users\Ben\Documents\cc_20141211_150937.reg
2014-12-11 03:39 - 2014-12-11 03:39 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-11 03:07 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-11 03:07 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 16:02 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 16:02 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 16:02 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-10 16:01 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 16:01 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 16:01 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 16:01 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 16:01 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 16:01 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 16:01 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 16:01 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 16:01 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 16:01 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 16:01 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 16:01 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 16:01 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 16:01 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 16:01 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 16:01 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 16:01 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 16:01 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 16:01 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 16:01 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 16:01 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 16:01 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 16:01 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 16:01 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 16:01 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 16:01 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 16:01 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 16:01 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 16:01 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 16:01 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 16:01 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 16:01 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 16:01 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 16:01 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 16:01 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 16:01 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 16:01 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 16:01 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 16:01 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 16:01 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 16:01 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 16:01 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 16:01 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 16:01 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 16:01 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 16:01 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 16:01 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 16:01 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 16:01 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 16:01 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 16:01 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 16:01 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 16:01 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 16:01 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 16:01 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 16:01 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 16:00 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 16:00 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 16:00 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 16:00 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 16:00 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 16:00 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 16:00 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 16:00 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 16:00 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 16:00 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 16:00 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 16:00 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 16:00 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 16:00 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 16:00 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 15:09 - 2013-04-03 19:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-09 15:08 - 2013-04-01 14:40 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Skype
2015-01-09 15:07 - 2014-10-15 13:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-09 15:07 - 2014-03-20 15:17 - 00000000 ____D () C:\Users\Ben\AppData\Local\CrashDumps
2015-01-09 15:06 - 2014-05-31 13:54 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Raptr
2015-01-09 15:06 - 2013-04-01 14:40 - 00000000 ____D () C:\ProgramData\Skype
2015-01-09 15:01 - 2014-01-03 22:36 - 00000000 ____D () C:\ProgramData\VMware
2015-01-09 15:00 - 2013-04-01 14:29 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 14:59 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-09 14:57 - 2014-04-03 16:27 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1550224419-736723516-2154025555-1000Core.job
2015-01-09 14:57 - 2013-04-01 21:00 - 01549365 _____ () C:\windows\WindowsUpdate.log
2015-01-09 14:57 - 2009-07-13 23:45 - 00031152 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 14:57 - 2009-07-13 23:45 - 00031152 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 14:56 - 2014-04-03 16:27 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1550224419-736723516-2154025555-1000UA.job
2015-01-09 14:53 - 2013-08-13 19:21 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 14:53 - 2013-04-22 15:15 - 00000000 ____D () C:\Users\Ben\AppData\Local\Adobe
2015-01-09 14:53 - 2013-04-01 14:29 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 14:58 - 2013-04-01 15:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-04 13:30 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-01-04 11:54 - 2014-01-03 22:50 - 00000000 ____D () C:\Users\Ben\Documents\Virtual Machines
2015-01-04 11:54 - 2014-01-03 22:39 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\VMware
2015-01-04 11:54 - 2014-01-03 22:39 - 00000000 ____D () C:\Users\Ben\AppData\Local\VMware
2015-01-04 00:31 - 2014-03-14 16:21 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\HexChat
2015-01-04 00:15 - 2013-05-19 14:35 - 00007625 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2015-01-03 21:49 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-03 21:32 - 2014-11-10 23:27 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-03 18:25 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-03 18:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-01-03 17:26 - 2013-09-20 15:31 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uTorrent
2015-01-03 17:26 - 2013-04-24 21:28 - 00000000 ____D () C:\windows\Minidump
2015-01-03 15:18 - 2014-04-02 21:44 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 11:46 - 2013-04-26 05:26 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-01 00:25 - 2014-03-30 13:28 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-31 22:30 - 2014-02-12 16:14 - 00000000 ____D () C:\Users\Ben\AppData\Local\Battle.net
2014-12-31 20:54 - 2014-02-12 16:14 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-31 20:50 - 2014-02-12 16:14 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Battle.net
2014-12-31 18:25 - 2013-05-05 15:54 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\.minecraft
2014-12-31 11:47 - 2014-02-05 17:22 - 00000000 ___RD () C:\Users\Ben\Dropbox
2014-12-31 11:47 - 2014-02-05 17:18 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Dropbox
2014-12-30 17:41 - 2014-11-18 19:38 - 00000000 ____D () C:\Program Files\NetDrive2
2014-12-23 15:53 - 2014-11-18 19:41 - 00000832 _____ () C:\Users\Public\Desktop\NetDrive2.lnk
2014-12-23 15:47 - 2014-11-18 19:42 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\NetDrive2
2014-12-20 21:09 - 2013-05-24 23:28 - 00000000 ____D () C:\Program Files (x86)\Heroes of Newerth
2014-12-20 00:54 - 2013-04-01 14:04 - 00000000 ____D () C:\Users\Ben\AppData\Local\VirtualStore
2014-12-18 15:24 - 2014-02-05 17:19 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 17:44 - 2014-06-15 20:49 - 00000000 ____D () C:\Users\Ben\Downloads\SAO Light Novels Vol. 1-13
2014-12-13 11:58 - 2014-11-12 23:02 - 00000000 ____D () C:\Users\Ben\AppData\Local\osu!
2014-12-13 10:18 - 2013-10-17 15:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-11 18:18 - 2013-09-23 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-12-11 18:17 - 2013-09-23 16:59 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\AnvSoft
2014-12-11 18:17 - 2013-09-23 16:59 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-12-11 15:07 - 2013-08-13 20:04 - 00000000 ____D () C:\Users\Ben\AppData\Local\TERA
2014-12-11 14:51 - 2014-03-11 15:06 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\TS3Client
2014-12-11 14:51 - 2013-04-17 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-12-11 14:33 - 2014-05-31 13:54 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-11 03:39 - 2014-05-07 02:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-11 03:39 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-11 03:23 - 2014-03-17 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 03:23 - 2014-03-17 13:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:21 - 2013-08-11 02:04 - 00000000 ____D () C:\windows\system32\MRT
2014-12-11 03:13 - 2013-04-17 13:48 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
Files to move or delete:
====================
C:\Users\Ben\jagex_cl_runescape_LIVE.dat
C:\Users\Ben\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\1871KrakenDevProps.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 13:23
 
==================== End Of Log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:20 PM

Posted 10 January 2015 - 09:00 AM


Something not in your previous log.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [himnamm] => rundll32 "C:\Users\Ben\AppData\Local\himnamm.dll",himnamm <===== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#8 ihavanswer

ihavanswer
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:20 PM

Posted 10 January 2015 - 01:25 PM

Its still running fine, but before we did this i would get a popup on every reboot saying something about himnamm.dll can not start, now that does not happen but it gives me the same kind of popup about btvstack.dll

 

fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Ben at 2015-01-10 13:08:46 Run:2
Running from C:\Users\Ben\Desktop
Loaded Profile: Ben (Available profiles: Ben)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [himnamm] => rundll32 "C:\Users\Ben\AppData\Local\himnamm.dll",himnamm <===== ATTENTION
 
End
*****************
 
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\Software\Microsoft\Windows\CurrentVersion\Run\\himnamm => value deleted successfully.
 
==== End of Fixlog 13:08:46 ====

FRST scan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Ben (administrator) on BEN-IMAC on 10-01-2015 13:16:06
Running from C:\Users\Ben\Desktop
Loaded Profile: Ben (Available profiles: Ben)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Avatron Software) C:\Program Files\Avatron\Air Display\AVTHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows ® Win 7 DDK provider) C:\Program Files\NetDrive2\mounter.exe
() C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Bdrive Inc.) C:\Program Files\NetDrive2\nd2sp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(CrystalIDEA Software) C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Flux Software LLC) C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrodist.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [1486128 2014-06-11] (Razer Inc)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [MacsFanControl] => C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe [1360384 2014-09-07] (CrystalIDEA Software)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [Google Update] => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-03] (Google Inc.)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [f.lux] => C:\Users\Ben\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [NetDrive2] => C:\Program Files\NetDrive2\NetDrive2.exe [12223960 2014-12-20] (Bdrive Inc)
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\MountPoints2: {2023891c-e3a0-11e3-b848-3451c9eee74a} - F:\TLBootstrap_WPP.exe
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacsFanControl.lnk
ShortcutTarget: MacsFanControl.lnk -> C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe (CrystalIDEA Software)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @talk.google.com/O1DPlugin -> C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1550224419-736723516-2154025555-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Ben\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ben\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-12-29]
 
Chrome: 
=======
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-01]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2013-12-07]
CHR Extension: (Razer) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbcjclholhnenkngiajifpenjnklokk [2014-12-02]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-01]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-01]
CHR Extension: (AdBlock) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVTHelper; C:\Program Files\Avatron\Air Display\AVTHelper.exe [237048 2013-12-04] (Avatron Software)
R2 DokanMounter_Dokan_NetDrive2; C:\Program Files\NetDrive2\mounter.exe [28160 2014-11-12] (Windows ® Win 7 DDK provider) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 notifierNetDrive2; C:\Program Files\NetDrive2\nd2sp.exe [75112 2014-12-20] (Bdrive Inc.)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2014-08-14] ()
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
S2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [15352 2013-12-04] (Windows ® Win 7 DDK provider)
R3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [15352 2013-12-04] (Windows ® Win 7 DDK provider)
R3 AirDisplayWDDM; C:\Windows\System32\DRIVERS\AVWDDMMiniPort.sys [48632 2013-12-04] (Windows ® Win 7 DDK provider)
R3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-03] (Apple Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R0 AVPCIFilter; C:\Windows\System32\DRIVERS\AVPCIFilter.sys [36344 2013-12-04] (Windows ® Win 7 DDK provider)
R2 Dokan_NetDrive2; C:\Program Files\NetDrive2\dokan.sys [117952 2014-07-03] (Windows ® Win 7 DDK provider)
R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows ® Win 7 DDK provider)
R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 RzDxgk; C:\windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R1 RzFilter; C:\windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-09-04] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [33448 2014-09-04] (Razer Inc)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15104 2012-10-15] (Headsoft)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 16:01 - 2015-01-08 16:01 - 00003490 _____ () C:\windows\System32\Tasks\AutoKMS
2015-01-08 15:44 - 2015-01-10 13:00 - 00000788 _____ () C:\windows\Tasks\Security Center Update - 2962292213.job
2015-01-08 15:44 - 2015-01-08 15:58 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Ywabxe
2015-01-08 15:44 - 2015-01-08 15:47 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Local Store
2015-01-08 15:44 - 2015-01-08 15:44 - 00003792 _____ () C:\windows\System32\Tasks\Security Center Update - 2962292213
2015-01-08 15:42 - 2015-01-08 15:42 - 00000000 ____D () C:\ProgramData\lbyme
2015-01-08 15:13 - 2015-01-10 13:17 - 00022712 _____ () C:\Users\Ben\Desktop\FRST.txt
2015-01-08 15:12 - 2015-01-10 13:16 - 00000000 ____D () C:\FRST
2015-01-08 14:51 - 2015-01-08 14:51 - 02124288 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2015-01-04 10:05 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-01-04 10:05 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-01-04 10:05 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-01-04 10:05 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-01-03 22:37 - 2015-01-03 22:37 - 00004950 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Ben-IMAC-Ben Ben-IMAC
2015-01-03 18:18 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-01-03 18:18 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-03 18:18 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-03 18:18 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-01-03 18:18 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-01-03 18:18 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-01-03 18:18 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-01-03 18:18 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-01-03 18:18 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-01-03 18:18 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-01-03 18:18 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-03 18:18 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-01-03 18:18 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-01-03 18:18 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-01-03 18:18 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-01-03 18:18 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-01-03 18:18 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-01-03 18:18 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2015-01-03 18:17 - 2015-01-03 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-03 18:17 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-01-03 18:17 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2015-01-03 18:17 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-03 18:00 - 2015-01-03 18:00 - 00117856 _____ () C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 17:55 - 2015-01-10 13:11 - 00000560 _____ () C:\windows\setupact.log
2015-01-03 17:55 - 2015-01-09 15:24 - 00001622 _____ () C:\windows\PFRO.log
2015-01-03 17:55 - 2015-01-03 17:55 - 05071792 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-03 17:55 - 2015-01-03 17:55 - 00000000 _____ () C:\windows\setuperr.log
2015-01-03 17:07 - 2015-01-03 17:07 - 00000288 _____ () C:\Users\Ben\AppData\Roaming\C4729784.reg
2015-01-03 15:54 - 2015-01-03 15:54 - 00000632 _____ () C:\Users\Ben\Documents\cc_20150103_155446.reg
2015-01-03 14:52 - 2015-01-03 14:52 - 00000000 ____D () C:\windows\ERUNT
2015-01-03 14:31 - 2015-01-03 14:37 - 00000000 ____D () C:\AdwCleaner
2015-01-01 13:11 - 2015-01-01 13:11 - 00020590 _____ () C:\windows\system32\.crusader
2015-01-01 12:26 - 2015-01-01 12:26 - 00001901 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-01 12:26 - 2015-01-01 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-01 12:26 - 2015-01-01 12:26 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-01 12:25 - 2015-01-01 13:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-01 11:46 - 2015-01-01 11:46 - 00000219 _____ () C:\Users\Ben\Desktop\Counter-Strike Source.url
2015-01-01 00:15 - 2015-01-08 16:02 - 00000000 ____D () C:\ProgramData\RayutIpaze
2014-12-31 18:17 - 2014-12-31 18:17 - 00000220 _____ () C:\Users\Ben\Desktop\Garry's Mod.url
2014-12-31 11:49 - 2014-12-31 11:49 - 00015872 _____ () C:\Users\Ben\AppData\Roaming\chatterer.fye
2014-12-30 17:52 - 2014-12-09 17:21 - 00037184 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpmgrk.sys
2014-12-23 15:53 - 2014-12-20 03:30 - 00215912 _____ (Bdrive Inc.) C:\windows\system32\NetDrive2.nd2np.dll
2014-12-23 15:53 - 2014-12-20 03:30 - 00186728 _____ (Bdrive Inc.) C:\windows\SysWOW64\NetDrive2.nd2np.dll
2014-12-20 23:54 - 2014-12-20 23:54 - 00000219 _____ () C:\Users\Ben\Desktop\Counter-Strike Global Offensive.url
2014-12-18 22:22 - 2014-12-18 22:22 - 00009728 _____ (Razer Inc.) C:\windows\SysWOW64\RzStats.IPC.dll
2014-12-18 02:50 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 02:50 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-11 18:43 - 2014-12-11 18:43 - 00000000 ____D () C:\Users\Ben\Documents\Any Video Converter
2014-12-11 18:18 - 2014-12-11 18:18 - 00001207 _____ () C:\Users\Ben\Desktop\Any Video Converter.lnk
2014-12-11 18:06 - 2014-12-11 18:09 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\MassTube
2014-12-11 18:06 - 2014-12-11 18:06 - 00000000 ____D () C:\Users\Ben\Documents\MassTube
2014-12-11 15:09 - 2014-12-20 20:48 - 00005694 _____ () C:\Users\Ben\Documents\cc_20141211_150937.reg
2014-12-11 03:39 - 2014-12-11 03:39 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-11 03:07 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-11 03:07 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 13:17 - 2014-05-31 13:54 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Raptr
2015-01-10 13:17 - 2013-04-01 21:00 - 01581829 _____ () C:\windows\WindowsUpdate.log
2015-01-10 13:13 - 2014-01-03 22:36 - 00000000 ____D () C:\ProgramData\VMware
2015-01-10 13:13 - 2013-04-01 14:40 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Skype
2015-01-10 13:11 - 2013-04-01 14:29 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 13:11 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-10 13:08 - 2014-03-14 16:21 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\HexChat
2015-01-10 12:56 - 2014-04-03 16:27 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1550224419-736723516-2154025555-1000UA.job
2015-01-10 12:46 - 2013-08-13 19:21 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 12:44 - 2013-04-01 14:29 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 12:19 - 2013-04-03 19:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-10 05:56 - 2014-04-03 16:27 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1550224419-736723516-2154025555-1000Core.job
2015-01-10 02:00 - 2013-04-22 15:15 - 00000000 ____D () C:\Users\Ben\AppData\Local\Adobe
2015-01-09 19:38 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-01-09 18:52 - 2013-04-01 15:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-09 15:31 - 2009-07-14 00:13 - 00786702 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-09 15:12 - 2014-03-31 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-09 15:07 - 2014-10-15 13:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-09 15:07 - 2014-03-20 15:17 - 00000000 ____D () C:\Users\Ben\AppData\Local\CrashDumps
2015-01-09 15:07 - 2013-04-01 14:40 - 00000000 ____D () C:\ProgramData\Skype
2015-01-09 14:57 - 2009-07-13 23:45 - 00031152 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 14:57 - 2009-07-13 23:45 - 00031152 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 11:54 - 2014-01-03 22:50 - 00000000 ____D () C:\Users\Ben\Documents\Virtual Machines
2015-01-04 11:54 - 2014-01-03 22:39 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\VMware
2015-01-04 11:54 - 2014-01-03 22:39 - 00000000 ____D () C:\Users\Ben\AppData\Local\VMware
2015-01-04 00:15 - 2013-05-19 14:35 - 00007625 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2015-01-03 21:49 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-03 21:32 - 2014-11-10 23:27 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-03 18:25 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-03 18:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-01-03 17:26 - 2013-09-20 15:31 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uTorrent
2015-01-03 17:26 - 2013-04-24 21:28 - 00000000 ____D () C:\windows\Minidump
2015-01-03 15:18 - 2014-04-02 21:44 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 11:46 - 2013-04-26 05:26 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-01 00:25 - 2014-03-30 13:28 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-31 22:30 - 2014-02-12 16:14 - 00000000 ____D () C:\Users\Ben\AppData\Local\Battle.net
2014-12-31 20:54 - 2014-02-12 16:14 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-31 20:50 - 2014-02-12 16:14 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Battle.net
2014-12-31 18:25 - 2013-05-05 15:54 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\.minecraft
2014-12-31 11:47 - 2014-02-05 17:22 - 00000000 ___RD () C:\Users\Ben\Dropbox
2014-12-31 11:47 - 2014-02-05 17:18 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Dropbox
2014-12-30 17:41 - 2014-11-18 19:38 - 00000000 ____D () C:\Program Files\NetDrive2
2014-12-23 15:53 - 2014-11-18 19:41 - 00000832 _____ () C:\Users\Public\Desktop\NetDrive2.lnk
2014-12-23 15:47 - 2014-11-18 19:42 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\NetDrive2
2014-12-20 21:09 - 2013-05-24 23:28 - 00000000 ____D () C:\Program Files (x86)\Heroes of Newerth
2014-12-20 00:54 - 2013-04-01 14:04 - 00000000 ____D () C:\Users\Ben\AppData\Local\VirtualStore
2014-12-18 15:24 - 2014-02-05 17:19 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 17:44 - 2014-06-15 20:49 - 00000000 ____D () C:\Users\Ben\Downloads\SAO Light Novels Vol. 1-13
2014-12-13 11:58 - 2014-11-12 23:02 - 00000000 ____D () C:\Users\Ben\AppData\Local\osu!
2014-12-13 10:18 - 2013-10-17 15:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-11 18:18 - 2013-09-23 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-12-11 18:17 - 2013-09-23 16:59 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\AnvSoft
2014-12-11 18:17 - 2013-09-23 16:59 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-12-11 15:07 - 2013-08-13 20:04 - 00000000 ____D () C:\Users\Ben\AppData\Local\TERA
2014-12-11 14:51 - 2014-03-11 15:06 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\TS3Client
2014-12-11 14:51 - 2013-04-17 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-12-11 14:33 - 2014-05-31 13:54 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-11 03:39 - 2014-05-07 02:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-11 03:39 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-11 03:23 - 2014-03-17 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 03:23 - 2014-03-17 13:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:21 - 2013-08-11 02:04 - 00000000 ____D () C:\windows\system32\MRT
2014-12-11 03:13 - 2013-04-17 13:48 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
Files to move or delete:
====================
C:\Users\Ben\jagex_cl_runescape_LIVE.dat
C:\Users\Ben\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\1871KrakenDevProps.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 13:23
 
==================== End Of Log ============================


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:20 PM

Posted 10 January 2015 - 02:00 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

p.s.
The next time you get any errors it should be reported to the helper.
I would have investigated them and suggested their removal much sooner.

Edited by nasdaq, 10 January 2015 - 02:02 PM.


#10 ihavanswer

ihavanswer
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:20 PM

Posted 10 January 2015 - 02:14 PM

Ok thanks, no more errors, here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Ben at 2015-01-10 14:07:31 Run:3
Running from C:\Users\Ben\Desktop
Loaded Profile: Ben (Available profiles: Ben)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
 
End
*****************
 
Processes closed successfully.
HKU\S-1-5-21-1550224419-736723516-2154025555-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BluetoothS => value deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:07:31 ====


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:20 PM

Posted 11 January 2015 - 08:43 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#12 ihavanswer

ihavanswer
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:20 PM

Posted 11 January 2015 - 02:28 PM

The computer is running fine

 


 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG Internet Security 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Adobe Reader XI  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:20 PM

Posted 12 January 2015 - 07:47 AM

You are good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 ihavanswer

ihavanswer
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:20 PM

Posted 12 January 2015 - 08:14 AM

Thanks for all your help nasdaq have a nice day!



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:20 PM

Posted 12 January 2015 - 08:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users