Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirector - Find-all-you-want.com


  • This topic is locked This topic is locked
14 replies to this topic

#1 dinodod

dinodod

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 08 January 2015 - 11:59 PM

When using IE and Chrome, I am randomly getting redirected to various ad sites, mainly Find-all-you-want.com.  As you will see in my logs, I have used probably all the free tools I could get my hands on from MS, Kapersky, Mcafee, Norton, Malwarebytes, Comodo, etc and none detect any issues.

 

I have also tried several rootkit removers with no luck.

 

All I can do now is try Safe mode but I feel that won't work.  I'll let you know.

 

I was not able to find any real solutions on the net  for browser hijackers or redirectors other than to reset your settings.  I even tried PortableApps Chrome version and it is still happening.

 

Thanks for your help!  The DDS app told me to zip up the attach.txt file which I did.  Is this correct?

 

Attached Files


Essential Tools for safe computing

https://sites.google.com/site/dinodod/pc-standards

 

Please leave a comment on anything relative and help me expand on it.

 


BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:54 PM

Posted 10 January 2015 - 11:02 AM

Hey my friend. :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 dinodod

dinodod
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 11 January 2015 - 02:39 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by A (administrator) on MYLIFE on 11-01-2015 08:35:24
Running from C:\Users\s\Downloads\AntiVirus\Bleeping Computer
Loaded Profiles: A & s (Available profiles: A & s & Administrator)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Users\s\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(PortableApps.com) C:\PortableApps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Farbar) C:\Users\s\Downloads\AntiVirus\Bleeping Computer\1 - FRST64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2015-01-01] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2015-01-08] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [0] => C:\Users\s\Downloads\AntiVirus\MalwareBytes Chameleon\Windows\mbam-chameleon.exe [761656 2015-01-01] (MalwareBytes)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2015-01-08] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\...\RunOnce: [Ad Muncher Reboot Required] => [X]
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-12-28] (Comfort Software Group)
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Run: [SkyDrive] => C:\Users\s\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-01-06] (Microsoft Corporation)
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
IFEO\taskmgr.exe: [Debugger] C:\Program Files\COMODO\COMODO Internet Security\KillSwitch.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableApps.com Platform.lnk
ShortcutTarget: PortableApps.com Platform.lnk -> C:\PortableApps\PortableApps\PortableApps.com\PortableAppsPlatform.exe (PortableApps.com)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/it-it/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-2420948750-513993667-4212495904-1011 -> DefaultScope {6A1806CD-94D4-4689 URL = 
SearchScopes: HKU\S-1-5-21-2420948750-513993667-4212495904-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2420948750-513993667-4212495904-1013 -> DefaultScope {CC8CEA89-4D88-4137-9DB4-5A8EE47FF9BF} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2420948750-513993667-4212495904-1013 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2420948750-513993667-4212495904-1013 -> {CC8CEA89-4D88-4137-9DB4-5A8EE47FF9BF} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: AutorunsDisabled - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
Filter-x32: AutorunsDisabled - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E2397C48-3DBA-43BB-BA55-A12B27116213}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2420948750-513993667-4212495904-1013: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\s\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-01-01]
 
Chrome: 
=======
CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-26]
CHR Extension: (Google Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-26]
CHR Extension: (Google Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-26]
CHR Extension: (Google Sheets) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-26]
CHR Extension: (Google Wallet) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-26]
CHR HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
S4 DcaSvc; C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2012-08-27] (Microsoft Corporation)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-10-23] (Futuremark)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-02] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2015-01-08] (Kaspersky Lab ZAO)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
S4 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [280320 2013-01-25] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-01-06] (The OpenVPN Project)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-01-08] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-01-08] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2015-01-08] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-20] (IDT, Inc.) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 CLPSLauncher; "C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe" [X]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S4 dwmrcs; C:\Windows\dwrcs\dwrcs.exe -service [X]
S4 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S4 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-06-26] (Windows ® Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
S3 johci; C:\Windows\system32\drivers\johci.sys [26208 2013-01-08] (JMicron Technology Corp.)
R0 mbamchameleon; C:\Windows\System32\drivers\mbamchameleon.sys [93400 2015-01-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-18] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 rspMMFS; C:\Windows\System32\DRIVERS\rspmmfs64.sys [19512 2015-01-08] (Resplendence Software Projects Sp.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2014-05-27] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2014-05-27] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2014-05-27] (LG Electronics Inc.)
S1 adgnetworktdi; system32\drivers\adgnetworktdi.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\c:\temp\user\mfe_rr.sys [X]
S3 MMPSY; \??\c:\temp\user\mmpsy64.sys [X]
S3 SmbDrv; \SystemRoot\system32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; system32\DRIVERS\Smb_driver_Intel.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 06:39 - 2015-01-11 06:39 - 02502416 _____ () C:\Users\s\Downloads\k9-webprotection.exe
2015-01-11 06:18 - 2015-01-11 06:18 - 00002020 _____ () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
2015-01-11 06:18 - 2015-01-11 06:18 - 00000000 ____D () C:\Users\s\AppData\Roaming\OpenDNS Updater
2015-01-11 06:18 - 2015-01-11 06:18 - 00000000 ____D () C:\Users\A\AppData\Roaming\OpenDNS Updater
2015-01-11 06:18 - 2015-01-11 06:18 - 00000000 ____D () C:\Program Files (x86)\OpenDNS Updater
2015-01-09 06:56 - 2015-01-09 06:57 - 00000000 ____D () C:\Users\s\Desktop\RimWorld671Win
2015-01-09 06:52 - 2015-01-09 06:55 - 55213914 _____ () C:\Users\s\Downloads\RimWorldAlpha8fWin.zip
2015-01-09 06:43 - 2015-01-09 06:43 - 00880784 _____ (Google Inc.) C:\Users\s\Downloads\googledrivesync.exe
2015-01-09 06:01 - 2015-01-09 06:01 - 00003072 _____ () C:\WINDOWS\SysWOW64\persistent_q.db
2015-01-09 06:01 - 2015-01-09 06:01 - 00000000 ____D () C:\Users\Administrator\Desktop\Antivirus
2015-01-09 05:49 - 2015-01-09 05:49 - 00010156 _____ () C:\Users\A\Desktop\attach.txt
2015-01-09 05:49 - 2015-01-09 05:48 - 00034731 _____ () C:\Users\A\Desktop\dds.txt
2015-01-09 05:47 - 2015-01-09 05:47 - 00688992 ____R (Swearware) C:\Users\s\Downloads\dds.com
2015-01-09 05:21 - 2015-01-09 05:22 - 00045090 _____ () C:\Users\s\Downloads\Result.txt
2015-01-09 05:21 - 2015-01-09 05:21 - 00401920 _____ (Farbar) C:\Users\s\Downloads\MiniToolBox.exe
2015-01-08 13:55 - 2015-01-08 13:55 - 00000000 ____D () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 13:54 - 2015-01-08 13:54 - 00019512 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspmmfs64.sys
2015-01-08 13:54 - 2015-01-08 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiMon
2015-01-08 13:54 - 2015-01-08 13:54 - 00000000 ____D () C:\Program Files\MultiMon
2015-01-08 07:27 - 2015-01-09 06:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-08 07:27 - 2015-01-08 07:27 - 00001055 _____ () C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2015-01-08 07:27 - 2015-01-08 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-01-08 07:27 - 2015-01-08 07:27 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-08 06:08 - 2015-01-08 08:54 - 4100497408 _____ () C:\Users\s\Downloads\WindowsTechnicalPreview-x64-EN-US.iso
2015-01-08 06:07 - 2015-01-08 06:07 - 00030472 _____ () C:\Users\s\Downloads\PrepareWin7ForWindowsTechnicalPreview.exe
2015-01-08 05:37 - 2015-01-08 05:45 - 211735920 _____ () C:\Users\s\Downloads\NewRetroArcade-2.0.0.zip
2015-01-08 02:46 - 2015-01-08 02:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-08 02:46 - 2015-01-08 02:46 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-01-08 02:46 - 2015-01-08 02:46 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-08 02:46 - 2015-01-08 02:46 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-06 21:34 - 2015-01-06 21:34 - 00000506 _____ () C:\WINDOWS\SynInst.log
2015-01-06 21:33 - 2015-01-06 21:33 - 00000000 ___HD () C:\OneDriveTemp
2015-01-06 14:56 - 2015-01-06 17:09 - 3732312252 _____ () C:\Users\s\Downloads\Italy 2012.daa
2015-01-06 07:07 - 2015-01-06 07:07 - 00000000 ____D () C:\Users\s\AppData\Roaming\PowerISO
2015-01-06 07:05 - 2015-01-11 08:22 - 00000000 ___RD () C:\Users\s\OneDrive
2015-01-06 07:05 - 2015-01-06 07:05 - 00002124 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-06 07:05 - 2015-01-06 07:05 - 00002100 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-06 07:05 - 2015-01-06 07:05 - 00002100 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-06 07:05 - 2015-01-06 07:05 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-06 07:05 - 2015-01-06 07:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-06 04:18 - 2015-01-06 04:18 - 00000979 _____ () C:\Users\Public\Desktop\Clover.lnk
2015-01-06 04:18 - 2015-01-06 04:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover
2015-01-06 04:18 - 2015-01-06 04:18 - 00000000 ____D () C:\Program Files (x86)\Clover
2015-01-06 04:17 - 2015-01-11 08:22 - 00000000 ___RD () C:\Users\s\Google Drive
2015-01-06 04:17 - 2015-01-06 04:17 - 00001653 _____ () C:\Users\s\Desktop\Google Drive.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-06 03:20 - 2015-01-06 03:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Insoft LLC
2015-01-06 03:02 - 2015-01-06 03:03 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-06 03:02 - 2015-01-06 03:03 - 00000000 ____D () C:\Program Files\OpenVPN
2015-01-06 03:02 - 2015-01-06 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-01-06 02:18 - 2015-01-11 08:22 - 00000000 ___RD () C:\Users\s\Dropbox
2015-01-06 02:18 - 2015-01-06 02:18 - 00001075 _____ () C:\Users\s\Desktop\Dropbox.lnk
2015-01-06 02:17 - 2015-01-06 02:17 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-06 02:17 - 2015-01-06 02:17 - 00000000 ____D () C:\Users\A\AppData\Roaming\Dropbox
2015-01-06 02:14 - 2015-01-11 08:22 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox
2015-01-03 15:25 - 2015-01-03 15:25 - 00280888 _____ () C:\WINDOWS\Minidump\010315-6739-01.dmp
2015-01-03 14:45 - 2015-01-03 14:45 - 00001106 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-01-03 14:44 - 2015-01-03 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-01-01 03:23 - 2015-01-06 03:20 - 00000000 ____D () C:\Program Files (x86)\Adguard
2015-01-01 03:23 - 2015-01-06 03:19 - 00000000 ____D () C:\ProgramData\Adguard
2015-01-01 03:23 - 2015-01-01 03:23 - 00000261 _____ () C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2015-01-01 03:23 - 2015-01-01 03:23 - 00000261 _____ () C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2015-01-01 03:23 - 2015-01-01 03:23 - 00000261 _____ () C:\ProgramData\fontcacheev1.dat
2015-01-01 03:09 - 2015-01-01 03:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-01 03:09 - 2015-01-01 03:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-01 02:33 - 2015-01-01 02:52 - 00000000 ____D () C:\Users\s\Documents\Fiddler2
2015-01-01 02:33 - 2015-01-01 02:33 - 00001888 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler4.lnk
2015-01-01 02:33 - 2015-01-01 02:33 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2015-01-01 02:31 - 2015-01-01 02:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-01 02:03 - 2015-01-01 02:03 - 01188194 _____ () C:\Users\A\Downloads\ProcessExplorer.zip
2015-01-01 02:03 - 2015-01-01 02:03 - 01188194 _____ () C:\Users\A\Downloads\ProcessExplorer (1).zip
2015-01-01 02:01 - 2015-01-01 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-01-01 02:00 - 2015-01-09 08:36 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-01 02:00 - 2015-01-01 02:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-12-28 04:28 - 2014-12-28 04:28 - 00001079 _____ () C:\Users\A\Desktop\Free Alarm Clock.lnk
2014-12-28 04:28 - 2014-12-28 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2014-12-28 04:28 - 2014-12-28 04:28 - 00000000 ____D () C:\Program Files (x86)\FreeAlarmClock
2014-12-27 05:47 - 2015-01-06 12:58 - 00000000 ____D () C:\Users\s\Documents\My Games
2014-12-26 23:36 - 2014-12-26 23:36 - 00000000 ____D () C:\WINDOWS\Sun
2014-12-26 23:33 - 2015-01-01 03:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-26 23:33 - 2014-12-26 23:33 - 00000000 ____D () C:\ProgramData\Sun
2014-12-26 23:11 - 2014-12-26 23:11 - 00000000 ____D () C:\Users\s\AppData\Roaming\eCyber
2014-12-25 05:38 - 2014-12-25 05:38 - 00000000 ____D () C:\WINDOWS\system32\log
2014-12-25 05:38 - 2014-12-25 05:38 - 00000000 ____D () C:\Users\s\AppData\Roaming\Elex-tech
2014-12-25 04:41 - 2014-12-25 04:41 - 00000000 ___HD () C:\VTRoot
2014-12-25 04:38 - 2014-12-25 06:37 - 00095010 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2014-12-22 22:17 - 2014-12-27 00:50 - 00000000 ____D () C:\Users\s\AppData\Roaming\SpaceEngineers
2014-12-22 21:45 - 2014-12-22 21:45 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-12-22 19:04 - 2014-12-22 19:03 - 00538496 _____ (Intel Corporation) C:\WINDOWS\system32\PROUnstl.exe
2014-12-22 19:04 - 2006-01-12 20:52 - 00001904 ____N () C:\WINDOWS\system32\SetupBD.din
2014-12-22 19:03 - 2014-12-22 19:03 - 00482128 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1c62x64.sys
2014-12-22 19:03 - 2014-12-22 19:03 - 00101224 _____ (Intel Corporation) C:\WINDOWS\system32\NicInstC.dll
2014-12-22 19:03 - 2014-12-22 19:03 - 00073032 _____ (Intel Corporation) C:\WINDOWS\system32\e1cmsg.dll
2014-12-22 19:03 - 2012-01-06 19:02 - 00003114 _____ () C:\WINDOWS\system32\e1c62x64.din
2014-12-22 19:02 - 2014-12-22 19:03 - 05911416 _____ (Hewlett-Packard Company ) C:\Users\A\Downloads\sp60775.exe
2014-12-22 18:50 - 2015-01-08 13:53 - 00000836 _____ () C:\Users\A\Desktop\WhoCrashed.lnk
2014-12-22 18:50 - 2015-01-08 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2014-12-22 18:50 - 2015-01-08 13:53 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-12-22 18:23 - 2015-01-08 02:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 ____D () C:\Users\A\Documents\ProcAlyzer Dumps
2014-12-22 18:22 - 2014-12-22 18:22 - 00001043 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-22 18:22 - 2014-12-22 18:22 - 00001031 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-22 18:22 - 2014-12-22 18:22 - 00000000 ____D () C:\Users\A\AppData\Roaming\TeamViewer
2014-12-22 06:42 - 2014-12-22 06:42 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-12-20 23:02 - 2014-12-20 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-12-20 23:02 - 2014-12-20 23:02 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-12-20 12:21 - 2014-12-20 12:21 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-20 12:16 - 2014-12-20 12:16 - 00000000 ____D () C:\Users\s\AppData\Roaming\Comodo
2014-12-20 12:15 - 2014-12-20 12:15 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01} - Copy.bat
2014-12-20 11:56 - 2015-01-06 12:52 - 00000000 ____D () C:\Users\A\AppData\Roaming\Comodo
2014-12-20 11:50 - 2014-12-20 11:50 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-12-20 11:50 - 2014-12-20 11:50 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2014-12-20 11:50 - 2014-12-20 11:50 - 00001870 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-12-20 11:50 - 2014-12-20 11:50 - 00001116 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\Program Files\COMODO
2014-12-20 11:49 - 2014-12-20 11:56 - 00000000 ____D () C:\ProgramData\Comodo
2014-12-20 11:49 - 2014-12-20 11:49 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-12-20 11:49 - 2014-12-20 11:49 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-12-20 07:00 - 2014-12-20 07:04 - 00103553 _____ () C:\zoek-results.log
2014-12-20 06:59 - 2014-12-20 06:59 - 00000000 ____D () C:\zoek_backup
2014-12-19 16:13 - 2014-12-20 22:59 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-19 16:13 - 2014-12-19 16:13 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-19 16:06 - 2014-12-19 16:06 - 00028626 _____ () C:\ComboFix.txt
2014-12-19 15:59 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-12-19 15:59 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-12-19 15:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-12-19 15:33 - 2014-12-19 16:06 - 00000000 ____D () C:\Qoobox
2014-12-19 15:32 - 2014-12-19 16:05 - 00000000 ____D () C:\WINDOWS\erdnt
2014-12-19 07:12 - 2014-12-19 07:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-19 07:12 - 2014-12-19 07:12 - 11222744 _____ (SurfRight B.V.) C:\Users\s\Downloads\HitmanPro_x64.exe
2014-12-19 07:05 - 2014-12-19 07:08 - 00000000 ____D () C:\Users\s\Downloads\Rosetta Stone
2014-12-19 06:40 - 2014-12-19 06:40 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-19 06:40 - 2014-12-19 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 06:37 - 2015-01-11 08:21 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 06:37 - 2015-01-11 06:42 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 06:37 - 2014-12-19 06:37 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-19 06:37 - 2014-12-19 06:37 - 00003632 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-19 06:37 - 2014-12-19 06:37 - 00000000 ____D () C:\Users\A\AppData\Roaming\LavasoftStatistics
2014-12-19 06:36 - 2014-12-19 06:36 - 00000000 ____D () C:\Users\s\AppData\Local\Apps\2.0
2014-12-19 06:35 - 2014-12-19 06:35 - 00000000 ____D () C:\Users\A\AppData\Roaming\Macromedia
2014-12-19 06:34 - 2014-12-19 06:34 - 00880784 _____ (Google Inc.) C:\Users\A\Desktop\ChromeSetup.exe
2014-12-19 06:33 - 2014-12-19 06:33 - 00880784 _____ (Google Inc.) C:\Users\A\Downloads\ChromeSetup (1).exe
2014-12-19 06:32 - 2014-12-19 06:33 - 00880784 _____ (Google Inc.) C:\Users\A\Downloads\ChromeSetup.exe
2014-12-19 06:29 - 2014-12-19 06:29 - 00000000 ____D () C:\Users\A\AppData\Local\Apps\2.0
2014-12-18 01:08 - 2014-12-25 02:08 - 00000991 _____ () C:\Users\s\Desktop\P.txt
2014-12-18 01:03 - 2014-12-18 01:03 - 00001158 _____ () C:\Users\s\Desktop\Evernote.lnk
2014-12-17 20:51 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-12-17 20:51 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-12-17 05:58 - 2014-12-17 05:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-17 05:58 - 2014-12-17 05:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-17 05:36 - 2014-12-17 05:36 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-12-17 05:36 - 2014-05-27 16:07 - 00034816 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64modem.sys
2014-12-17 05:36 - 2014-05-27 16:07 - 00028160 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64diag.sys
2014-12-17 05:36 - 2014-05-27 16:07 - 00017920 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64bus.sys
2014-12-17 05:35 - 2014-12-17 05:36 - 11454688 _____ (LG Electronics) C:\Users\s\Downloads\LGUnitedMobileDriver_S51MAN312AP22_ML_WHQL_Ver_3.12.3.exe
2014-12-17 02:17 - 2014-12-17 02:17 - 00001330 _____ () C:\WINDOWS\DIFx.log
2014-12-17 02:17 - 2014-12-17 02:17 - 00000000 ____D () C:\WINDOWS\SysWOW64\AGEIA
2014-12-17 02:17 - 2014-12-17 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2014-12-17 02:17 - 2014-12-17 02:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-17 01:55 - 2014-12-17 01:56 - 00000000 ____D () C:\Users\s\Downloads\z
2014-12-17 01:54 - 2015-01-11 08:34 - 00000000 ____D () C:\Users\s\Downloads\AntiVirus
2014-12-17 01:52 - 2014-12-17 01:52 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2014-12-17 01:52 - 2014-12-17 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-12-17 01:13 - 2014-12-17 01:13 - 00001014 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PortableApps.com Platform.lnk
2014-12-16 02:35 - 2014-12-16 02:35 - 00000000 ____D () C:\AdwCleaner
2014-12-16 02:25 - 2014-12-16 02:32 - 00000000 ____D () C:\Users\s\Downloads\backups
2014-12-16 01:43 - 2014-12-16 01:43 - 00000000 ____D () C:\ProgramData\SMR430
2014-12-16 01:40 - 2014-12-16 01:40 - 00000000 ____D () C:\ProgramData\Norton
2014-12-16 01:25 - 2014-12-16 01:25 - 00000000 ____D () C:\Users\s\Documents\Klei
2014-12-15 02:33 - 2015-01-09 05:51 - 00000000 ____D () C:\temp
2014-12-14 20:38 - 2015-01-11 08:35 - 00000000 ____D () C:\FRST
2014-12-14 20:19 - 2014-12-14 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-12-14 20:19 - 2014-12-14 20:19 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-12-14 19:29 - 2015-01-09 06:02 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-14 19:29 - 2014-12-14 19:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-14 19:29 - 2014-12-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-14 19:28 - 2015-01-01 02:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-14 19:28 - 2014-12-14 19:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-14 19:28 - 2014-12-14 19:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-14 19:28 - 2014-11-21 12:14 - 00063704 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-14 19:28 - 2014-11-21 12:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-14 06:10 - 2014-12-27 06:12 - 00000000 ____D () C:\Users\s\AppData\Roaming\TeamViewer
2014-12-14 06:09 - 2014-12-27 06:19 - 00000000 ____D () C:\Users\s\AppData\Roaming\Skype
2014-12-14 02:37 - 2014-12-16 01:32 - 00000606 _____ () C:\Users\s\Desktop\1.txt
2014-12-14 02:37 - 2014-12-14 02:37 - 00000000 ____D () C:\Users\s\AppData\Roaming\WinPatrol
2014-12-14 02:31 - 2014-12-14 02:31 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-14 02:31 - 2014-12-14 02:31 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-12-13 23:50 - 2014-12-13 23:50 - 00000000 ____D () C:\Users\s\AppData\Roaming\Macromedia
2014-12-12 02:29 - 2014-12-12 02:29 - 00000000 ____D () C:\Users\A\AppData\Roaming\Check Point Software Technologies LTD
2014-12-12 02:29 - 2014-12-12 02:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-12 02:28 - 2014-12-12 02:28 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-12-12 02:15 - 2014-12-12 02:15 - 00001413 _____ () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-12 02:15 - 2014-12-12 02:15 - 00000020 ___SH () C:\Users\A\ntuser.ini
2014-12-12 02:15 - 2014-12-12 02:15 - 00000000 ____D () C:\Users\A\AppData\Roaming\Synaptics
2014-12-12 02:15 - 2014-12-12 02:15 - 00000000 ____D () C:\Users\A\AppData\Roaming\Adobe
2014-12-12 02:15 - 2014-12-12 02:15 - 00000000 ____D () C:\Users\A
2014-12-12 02:15 - 2014-04-15 18:23 - 00000000 ____D () C:\Users\A\AppData\Roaming\hpqLog
2014-12-12 02:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-12 02:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-12 02:11 - 2014-12-12 02:11 - 00000000 ____D () C:\WINDOWS\system32\appraiser
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 08:33 - 2014-04-15 22:17 - 01463718 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-11 08:27 - 2009-07-14 06:13 - 00928602 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-11 08:21 - 2009-07-14 06:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-11 08:21 - 2009-07-14 05:51 - 00057320 _____ () C:\WINDOWS\setupact.log
2015-01-11 07:13 - 2014-11-23 02:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-11 07:13 - 2009-07-14 05:45 - 00029744 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 07:13 - 2009-07-14 05:45 - 00029744 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 06:50 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-08 15:27 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-06 07:05 - 2014-12-10 00:35 - 00000000 ____D () C:\Users\s
2015-01-06 04:16 - 2014-11-23 02:33 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-06 03:20 - 2013-05-06 21:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-06 03:02 - 2013-08-22 13:40 - 00040664 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2015-01-03 17:52 - 2014-12-02 21:44 - 00002198 _____ () C:\WINDOWS\epplauncher.mif
2015-01-03 15:25 - 2014-12-02 22:23 - 573677454 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-03 15:25 - 2014-12-02 22:23 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-01 03:09 - 2013-09-06 13:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-27 02:30 - 2010-11-21 04:47 - 00237628 _____ () C:\WINDOWS\PFRO.log
2014-12-26 23:33 - 2013-09-06 13:11 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-12-26 23:33 - 2013-09-06 13:11 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-12-26 23:33 - 2013-09-06 13:11 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-12-25 06:37 - 2009-07-14 06:08 - 00032566 _____ () C:\WINDOWS\Tasks\SCHEDLGU.TXT
2014-12-25 06:37 - 2009-07-14 05:45 - 00415280 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-25 05:38 - 2013-09-06 13:03 - 00001900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TGH App Center.lnk
2014-12-22 19:03 - 2014-12-07 12:41 - 00000000 ____D () C:\SwSetup
2014-12-22 18:22 - 2014-12-02 01:02 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-19 16:04 - 2009-07-14 03:34 - 00000215 _____ () C:\WINDOWS\system.ini
2014-12-19 15:46 - 2014-04-15 22:18 - 00000372 _____ () C:\WINDOWS\SMSCFG.INI
2014-12-19 15:46 - 2014-04-15 22:18 - 00000000 ____D () C:\WINDOWS\ccmsetup
2014-12-19 15:46 - 2014-04-15 18:19 - 00001162 _____ () C:\WINDOWS\system32\InstallUtil.InstallLog
2014-12-19 15:46 - 2014-04-15 18:19 - 00000000 ____D () C:\WINDOWS\CCM
2014-12-19 15:44 - 2013-09-16 19:17 - 00000000 ____D () C:\WINDOWS\dwrcs
2014-12-19 15:40 - 2014-09-11 14:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\s\Desktop\autoruns.exe
2014-12-19 06:48 - 2014-12-02 21:20 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-12-18 01:03 - 2014-12-02 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-12-17 05:58 - 2014-11-23 02:30 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-17 05:58 - 2014-11-23 02:30 - 00000000 ____D () C:\ProgramData\Skype
2014-12-17 05:36 - 2014-12-07 12:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-17 05:29 - 2014-12-08 16:18 - 00003400 _____ () C:\WINDOWS\System32\Tasks\WINshell Event Notification
2014-12-17 05:29 - 2014-12-08 16:18 - 00003396 _____ () C:\WINDOWS\System32\Tasks\WINshell Event Logging
2014-12-17 01:53 - 2014-04-15 18:22 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-17 01:52 - 2014-04-15 18:22 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-12-17 01:44 - 2009-07-14 06:09 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-12-16 01:41 - 2009-07-14 04:20 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-16 01:39 - 2014-09-11 14:57 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\s\Desktop\procexp.exe
2014-12-16 00:46 - 2014-03-07 05:53 - 02510528 _____ (Sysinternals - www.sysinternals.com) C:\Users\s\Desktop\Procmon.exe
2014-12-14 19:39 - 2013-06-12 14:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 19:39 - 2013-06-12 14:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 19:39 - 2009-07-14 04:20 - 00000000 ____D () C:\WINDOWS\PLA
2014-12-14 00:35 - 2013-06-12 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 22:28 - 2014-04-15 18:21 - 03148854 _____ () C:\WINDOWS\BGInfo.bmp
2014-12-13 04:17 - 2009-07-14 04:20 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-12 02:17 - 2014-12-02 21:45 - 00000028 _____ () C:\WINDOWS\ODBC.INI
2014-12-12 02:11 - 2014-11-23 15:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-12 02:11 - 2009-07-14 04:20 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-12 02:11 - 2009-07-14 04:20 - 00000000 ____D () C:\WINDOWS\AppCompat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 11:57
 
==================== End Of Log ============================
 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by A at 2015-01-11 08:36:02
Running from C:\Users\s\Downloads\AntiVirus\Bleeping Computer
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark 11 Demo (HKLM-x32\...\Steam App 221870) (Version:  - Futuremark)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
AGEIA PhysX v7.09.13 (HKLM-x32\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
BLOCKADE 3D (HKLM-x32\...\Steam App 302830) (Version:  - Shumkov Dmitriy)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Firewall (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
Craft The World (HKLM-x32\...\Steam App 248390) (Version:  - Dekovir Entertainment)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
DameWare Development Mirror Driver 64 Uninstall (HKLM\...\DamewareMirror) (Version:  - )
DameWare Mini Remote Control Service (HKLM\...\{385FED21-85D3-401E-8B8A-38140333FAC8}) (Version: 7.5.6.0 - DameWare Development)
DARK (HKLM-x32\...\Steam App 225360) (Version:  - Realmforge Studios)
Darkout (HKLM-x32\...\Steam App 257050) (Version:  - Allgraf)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dropbox (HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
Evernote v. 5.7.2 (HKLM-x32\...\{FB57263E-706F-11E4-A65F-00163E98E7D6}) (Version: 5.7.2.5753 - Evernote Corp.)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.9.8 - Telerik)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Futuremark SystemInfo (HKLM-x32\...\{EC2B7377-A71D-4F99-87BC-792AE239D3B2}) (Version: 4.31.478.0 - Futuremark)
GeekBuddy (HKLM\...\{8EE6F031-FD37-45A2-95CE-696777FC4EC6}) (Version: 4.13.120 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.11.2 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6499.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.24.1790 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.380 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.380 - Kaspersky Lab) Hidden
K-Lite Codec Pack 8.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.8.0 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.12.3.0 - LG Electronics)
Life is Feudal: Your Own (HKLM-x32\...\Steam App 290080) (Version:  - Bitbox Ltd.)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MDOP MBAM (HKLM\...\{7B5ABC68-4641-4CEF-BD5B-E30407CF2B2C}) (Version: 2.0.5301.1 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MultiMon 2.50 (HKLM\...\MultiMon_is1) (Version:  - Resplendence Software Projects Sp.)
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
OpenVPN 2.3.6-I001  (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shadowgrounds: Survivor (HKLM-x32\...\Steam App 11200) (Version:  - Frozenbyte)
Signs of Life (HKLM-x32\...\Steam App 263200) (Version:  - Sweet Dog Studios)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Towns (HKLM-x32\...\Steam App 221020) (Version:  - Xavi Canal, Ben Palgi)
Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unity Web Player (HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-2420948750-513993667-4212495904-1011\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\s\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\s\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\s\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\s\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\s\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1013_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
06-01-2015 03:02:52 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
07-01-2015 04:27:12 Windows Update
10-01-2015 08:22:54 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-12-12 01:57 - 00001506 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.107.101 www.google-analytics.com.
85.25.107.101 google-analytics.com.
85.25.107.101 connect.facebook.net.
192.95.55.230 www.google-analytics.com.
192.95.55.230 google-analytics.com.
192.95.55.230 connect.facebook.net.
162.247.13.84 www.google-analytics.com.
162.247.13.84 google-analytics.com.
162.247.13.84 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {635FCE7E-E4A9-4153-823F-ABF48AE0CFBC} - System32\Tasks\WINshell Event Logging => C:\Users\ADMINI~2\AppData\Local\Temp\Dscp1.exe <==== ATTENTION
Task: {75F2E8EE-856E-41EE-833D-0ED1FDAC1A58} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {77A7A3D1-7A23-46DE-B206-79CA0D52285B} - System32\Tasks\WINshell Event Notification => C:\Users\ADMINI~2\AppData\Local\Temp\SBCint2.exe <==== ATTENTION
Task: {7B9009F5-C6F2-46A3-A8C1-73E4C85AFE65} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {907926D4-6370-47C9-A86B-45D31C26B1FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEE0516C-975B-4E61-9F7F-432E5318A7DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {EE264B96-C49C-484B-8DE4-2EBDBB244F9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {FC307AAC-3F71-4F09-9BCE-DB3040903B1D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-10-20 20:23 - 2010-10-20 20:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-06-16 22:42 - 2010-06-16 22:42 - 00839680 _____ () C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
2014-12-13 16:49 - 2014-12-13 16:49 - 00320792 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-01-06 07:05 - 2015-01-06 07:05 - 00081056 _____ () C:\Users\s\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2015-01-06 02:17 - 2014-12-16 23:22 - 00750080 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-11 08:22 - 2015-01-11 08:22 - 00043008 _____ () c:\users\s\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbfmqdn.dll
2015-01-06 02:17 - 2014-12-16 23:22 - 00047616 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-06 02:17 - 2014-12-16 23:22 - 00863744 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-06 02:17 - 2014-12-16 23:22 - 00200704 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-08 02:46 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-08 02:46 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-08 02:46 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-20 04:14 - 2014-11-20 04:14 - 00438336 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-11-20 04:14 - 2014-11-20 04:14 - 00320064 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-01-11 08:22 - 2015-01-11 08:22 - 00098816 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32api.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00110080 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\pywintypes27.dll
2015-01-11 08:22 - 2015-01-11 08:22 - 00364544 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\pythoncom27.dll
2015-01-11 08:22 - 2015-01-11 08:22 - 00045568 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\_socket.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 01160704 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\_ssl.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00320512 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32com.shell.shell.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00713216 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\_hashlib.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 01175040 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\wx._core_.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00805888 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\wx._gdi_.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00811008 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\wx._windows_.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 01062400 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\wx._controls_.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00735232 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\wx._misc_.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00557056 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\pysqlite2._sqlite.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00128512 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\_elementtree.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00127488 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\pyexpat.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00087552 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\_ctypes.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00119808 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32file.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00108544 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32security.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00007168 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\hashobjs_ext.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00167936 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32gui.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00018432 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32event.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00038912 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32inet.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00011264 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32crypt.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00070656 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\wx._html2.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00027136 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\_multiprocessing.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00035840 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32process.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00686080 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\unicodedata.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00122368 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\wx._wizard.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00024064 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32pipe.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00025600 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32pdh.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00525640 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\windows._lib_cacheinvalidation.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00010240 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\select.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00017408 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32profile.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00022528 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\win32ts.pyd
2015-01-11 08:22 - 2015-01-11 08:22 - 00078336 _____ () C:\Users\s\AppData\Local\Temp\_MEI50442\wx._animate.pyd
2015-01-06 07:05 - 2015-01-06 07:05 - 00081056 _____ () C:\Users\s\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2013-09-05 06:14 - 2013-09-05 06:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 20:45 - 2010-10-20 20:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-19 06:40 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-19 06:40 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-19 06:40 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-19 06:40 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-08 20:56 - 2013-12-09 23:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\e1cmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NicInstC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PROUnstl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdnclean64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01} - Copy.bat:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\e1c62x64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rspmmfs64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\Users\A\Downloads\ProcessExplorer (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\A\Downloads\ProcessExplorer.zip:$CmdZnID
AlternateDataStreams: C:\Users\A\Downloads\sp60775.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Evernote_5.7.2.5753.exe:PG$Secure
AlternateDataStreams: C:\Users\Administrator\Downloads\TeamViewer_Setup.exe:PG$Secure
AlternateDataStreams: C:\Users\s\Downloads\dds.com:$CmdTcID
AlternateDataStreams: C:\Users\s\Downloads\dds.com:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\googledrivesync.exe:$CmdTcID
AlternateDataStreams: C:\Users\s\Downloads\googledrivesync.exe:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\Italy 2012.daa:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\k9-webprotection.exe:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\MiniToolBox.exe:$CmdTcID
AlternateDataStreams: C:\Users\s\Downloads\MiniToolBox.exe:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\NewRetroArcade-2.0.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\PrepareWin7ForWindowsTechnicalPreview.exe:$CmdTcID
AlternateDataStreams: C:\Users\s\Downloads\PrepareWin7ForWindowsTechnicalPreview.exe:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\RimWorldAlpha8fWin.zip:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\WindowsTechnicalPreview-x64-EN-US.iso:$CmdZnID
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DcaTray => C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
 
========================= Accounts: ==========================
 
A (S-1-5-21-2420948750-513993667-4212495904-1011 - Administrator - Enabled) => C:\Users\A
Administrator (S-1-5-21-2420948750-513993667-4212495904-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2420948750-513993667-4212495904-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2420948750-513993667-4212495904-1015 - Limited - Enabled)
s (S-1-5-21-2420948750-513993667-4212495904-1013 - Limited - Enabled) => C:\Users\s
 
==================== Faulty Device Manager Devices =============
 
Name: HP HD Webcam [Fixed]
Description: HP HD Webcam [Fixed]
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Foxlink
Service: SPUVCbv
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: adgnetworktdi
Description: adgnetworktdi
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: adgnetworktdi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/09/2015 06:19:03 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\s\Downloads\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).
 
Error: (01/07/2015 07:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x1384
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
 
Error: (01/06/2015 09:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x13c0
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
 
Error: (01/02/2015 05:34:37 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=F1F7EB32C7764BA1B77937E22DF58991;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\09339db0-15fc-4e9b-8102-c9602a70c8fa.dmp
 
Error: (12/25/2014 06:36:00 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code 00000000.  The machine must now be restarted.
 
Error: (12/22/2014 07:04:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dragon_updater.exe, version: 1.0.0.1, time stamp: 0x54771c75
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0058d790
Faulting process id: 0x440
Faulting application start time: 0xdragon_updater.exe0
Faulting application path: dragon_updater.exe1
Faulting module path: dragon_updater.exe2
Report Id: dragon_updater.exe3
 
Error: (12/22/2014 06:23:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: yo_cm_client.exe, version: 0.2.9.5, time stamp: 0x549012b0
Faulting module name: yo_cm_client.exe, version: 0.2.9.5, time stamp: 0x549012b0
Exception code: 0xc0000005
Fault offset: 0x004f78c3
Faulting process id: 0x14fc
Faulting application start time: 0xyo_cm_client.exe0
Faulting application path: yo_cm_client.exe1
Faulting module path: yo_cm_client.exe2
Report Id: yo_cm_client.exe3
 
Error: (12/20/2014 11:51:54 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored.
 
Error: (12/20/2014 11:51:54 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored.
 
Error: (12/20/2014 11:51:54 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (01/11/2015 08:21:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
adgnetworktdi
 
Error: (01/11/2015 08:21:27 AM) (Source: mbamchameleon) (EventID: 28930) (User: )
Description: Mbamchameleon failed to initiate Object Manager filtering - C01C0007
 
Error: (01/11/2015 08:21:27 AM) (Source: mbamchameleon) (EventID: 28929) (User: )
Description: Mbamchameleon failed to initiate File System filtering - C01C0007
 
Error: (01/10/2015 08:31:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (01/10/2015 08:31:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (01/10/2015 08:08:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
adgnetworktdi
 
Error: (01/10/2015 08:08:20 AM) (Source: mbamchameleon) (EventID: 28930) (User: )
Description: Mbamchameleon failed to initiate Object Manager filtering - C01C0007
 
Error: (01/10/2015 08:08:20 AM) (Source: mbamchameleon) (EventID: 28929) (User: )
Description: Mbamchameleon failed to initiate File System filtering - C01C0007
 
Error: (01/09/2015 06:21:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
adgnetworktdi
 
Error: (01/09/2015 06:21:12 AM) (Source: mbamchameleon) (EventID: 28930) (User: )
Description: Mbamchameleon failed to initiate Object Manager filtering - C01C0007
 
 
Microsoft Office Sessions:
=========================
Error: (01/09/2015 06:19:03 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\s\Downloads\HitmanPro_x64.exe Checkpoint by HitmanPro0x8007043c
 
Error: (01/07/2015 07:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: googledrivesync.exe1.18.7821.2489509418e4ntdll.dll6.1.7601.18247521ea8e7c00000050002e3be138401d02a84440bc6beC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\WINDOWS\SysWOW64\ntdll.dll0917bf8d-969a-11e4-ba5f-a0481cdf42a4
 
Error: (01/06/2015 09:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: googledrivesync.exe1.18.7821.2489509418e4ntdll.dll6.1.7601.18247521ea8e7c00000050002e3be13c001d029f00060f664C:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\WINDOWS\SysWOW64\ntdll.dllca6fd374-95e6-11e4-91af-a0481cdf42a4
 
Error: (01/02/2015 05:34:37 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=F1F7EB32C7764BA1B77937E22DF58991;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\09339db0-15fc-4e9b-8102-c9602a70c8fa.dmp
 
Error: (12/25/2014 06:36:00 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\WINDOWS\system32\lsass.exe00000000
 
Error: (12/22/2014 07:04:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dragon_updater.exe1.0.0.154771c75unknown0.0.0.000000000c00000050058d79044001d01e0f3305f77eC:\Program Files (x86)\Comodo\Dragon\dragon_updater.exeunknownf4a20299-8a04-11e4-b5b2-a0481cdf42a4
 
Error: (12/22/2014 06:23:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: yo_cm_client.exe0.2.9.5549012b0yo_cm_client.exe0.2.9.5549012b0c0000005004f78c314fc01d01e0a931946caC:\Program Files (x86)\Steam\steamapps\common\Life is Feudal Your Own\yo_cm_client.exeC:\Program Files (x86)\Steam\steamapps\common\Life is Feudal Your Own\yo_cm_client.exe3689e978-89ff-11e4-978f-a0481cdf42a4
 
Error: (12/20/2014 11:51:54 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis
 
Error: (12/20/2014 11:51:54 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis
 
Error: (12/20/2014 11:51:54 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-19 16:04:31.845
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-19 16:04:31.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3667U CPU @ 2.00GHz
Percentage of memory in use: 49%
Total physical RAM: 8055.48 MB
Available physical RAM: 4051.06 MB
Total Pagefile: 16109.14 MB
Available Pagefile: 11429.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:167.19 GB) (Free:33.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: B097F329)
Partition 1: (Not Active) - (Size=167.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=500 MB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Essential Tools for safe computing

https://sites.google.com/site/dinodod/pc-standards

 

Please leave a comment on anything relative and help me expand on it.

 


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:54 PM

Posted 11 January 2015 - 07:46 AM

Hey,
please move FRST.exe to your Desktop. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 dinodod

dinodod
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 11 January 2015 - 05:04 PM

# AdwCleaner v4.107 - Report created 11/01/2015 at 14:23:47
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : A - MYLIFE
# Running from : C:\Users\s\Downloads\AntiVirus\Bleeping Computer\2 - AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\A\AppDAtA\LocAlLow\Check Point Software Technologies LTD
Folder Deleted : C:\Users\A\AppDAtA\RoAming\Check Point Software Technologies LTD
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
File Deleted : C:\WINDOWS\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
 
-\\ Comodo Dragon v36.1.1.21
 
[C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
 
*************************
 
AdwCleaner[R0].txt - [4155 octets] - [16/12/2014 02:35:02]
AdwCleaner[R1].txt - [2482 octets] - [11/01/2015 14:10:25]
AdwCleaner[R2].txt - [2542 octets] - [11/01/2015 14:19:43]
AdwCleaner[S0].txt - [3157 octets] - [11/01/2015 14:23:47]
 
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3217 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Enterprise x64
Ran by A on Sun 01/11/2015 at 19:26:22.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2420948750-513993667-4212495904-1011\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/11/2015 at 19:57:54.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by A (administrator) on MYLIFE on 11-01-2015 21:42:50
Running from C:\Users\s\Downloads\AntiVirus\Bleeping Computer
Loaded Profiles: A & s (Available profiles: A & s & Administrator)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Users\s\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(PortableApps.com) C:\PortableApps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\s\Downloads\AntiVirus\Bleeping Computer\1 - FRST64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2015-01-01] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2015-01-08] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [0] => C:\Users\s\Downloads\AntiVirus\MalwareBytes Chameleon\Windows\mbam-chameleon.exe [761656 2015-01-01] (MalwareBytes)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2015-01-08] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-12-28] (Comfort Software Group)
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Run: [SkyDrive] => C:\Users\s\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-01-06] (Microsoft Corporation)
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
IFEO\taskmgr.exe: [Debugger] C:\Program Files\COMODO\COMODO Internet Security\KillSwitch.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableApps.com Platform.lnk
ShortcutTarget: PortableApps.com Platform.lnk -> C:\PortableApps\PortableApps\PortableApps.com\PortableAppsPlatform.exe (PortableApps.com)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/it-it/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2420948750-513993667-4212495904-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2420948750-513993667-4212495904-1013 -> DefaultScope {CC8CEA89-4D88-4137-9DB4-5A8EE47FF9BF} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2420948750-513993667-4212495904-1013 -> {CC8CEA89-4D88-4137-9DB4-5A8EE47FF9BF} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: AutorunsDisabled - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
Filter-x32: AutorunsDisabled - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E2397C48-3DBA-43BB-BA55-A12B27116213}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2420948750-513993667-4212495904-1013: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\s\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-01-01]
 
Chrome: 
=======
CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-26]
CHR Extension: (Google Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-26]
CHR Extension: (Google Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-26]
CHR Extension: (Google Sheets) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-26]
CHR Extension: (Google Wallet) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-26]
CHR HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2015-01-11] (Blue Coat Systems, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
S4 DcaSvc; C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2012-08-27] (Microsoft Corporation)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-10-23] (Futuremark)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-02] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2015-01-08] (Kaspersky Lab ZAO)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
S4 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [280320 2013-01-25] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-01-06] (The OpenVPN Project)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-01-08] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-01-08] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2015-01-08] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-20] (IDT, Inc.) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 CLPSLauncher; "C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe" [X]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S4 dwmrcs; C:\Windows\dwrcs\dwrcs.exe -service [X]
S4 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S4 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckd; C:\Windows\System32\drivers\bckd.sys [126168 2014-01-24] (Blue Coat Systems, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-06-26] (Windows ® Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
S3 johci; C:\Windows\system32\drivers\johci.sys [26208 2013-01-08] (JMicron Technology Corp.)
R0 mbamchameleon; C:\Windows\System32\drivers\mbamchameleon.sys [93400 2015-01-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-18] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 rspMMFS; C:\Windows\System32\DRIVERS\rspmmfs64.sys [19512 2015-01-08] (Resplendence Software Projects Sp.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2014-05-27] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2014-05-27] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2014-05-27] (LG Electronics Inc.)
S1 adgnetworktdi; system32\drivers\adgnetworktdi.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\c:\temp\user\mfe_rr.sys [X]
S3 MMPSY; \??\c:\temp\user\mmpsy64.sys [X]
S3 SmbDrv; \SystemRoot\system32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; system32\DRIVERS\Smb_driver_Intel.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 19:57 - 2015-01-11 19:57 - 00001354 _____ () C:\Users\A\Desktop\JRT.txt
2015-01-11 19:26 - 2015-01-11 19:26 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-11 13:49 - 2015-01-11 14:01 - 00000000 _____ () C:\Users\s\Downloads\Unconfirmed 865376.crdownload
2015-01-11 13:46 - 2015-01-11 13:46 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-11 13:42 - 2015-01-11 14:06 - 00000000 ____D () C:\Users\s\AppData\Roaming\VOS
2015-01-11 13:32 - 2015-01-11 13:34 - 15993466 _____ (Cameyo) C:\Users\s\Downloads\Cameyo.exe
2015-01-11 13:25 - 2015-01-11 13:25 - 00281368 _____ () C:\WINDOWS\Minidump\011115-6536-01.dmp
2015-01-11 08:44 - 2015-01-11 21:24 - 00000000 ____D () C:\Program Files\Blue Coat K9 Web Protection
2015-01-11 08:44 - 2015-01-11 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection
2015-01-11 06:39 - 2015-01-11 06:39 - 02502416 _____ () C:\Users\s\Downloads\k9-webprotection.exe
2015-01-11 06:18 - 2015-01-11 06:18 - 00002020 _____ () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
2015-01-11 06:18 - 2015-01-11 06:18 - 00000000 ____D () C:\Users\s\AppData\Roaming\OpenDNS Updater
2015-01-11 06:18 - 2015-01-11 06:18 - 00000000 ____D () C:\Users\A\AppData\Roaming\OpenDNS Updater
2015-01-11 06:18 - 2015-01-11 06:18 - 00000000 ____D () C:\Program Files (x86)\OpenDNS Updater
2015-01-09 06:56 - 2015-01-09 06:57 - 00000000 ____D () C:\Users\s\Desktop\RimWorld671Win
2015-01-09 06:52 - 2015-01-09 06:55 - 55213914 _____ () C:\Users\s\Downloads\RimWorldAlpha8fWin.zip
2015-01-09 06:43 - 2015-01-09 06:43 - 00880784 _____ (Google Inc.) C:\Users\s\Downloads\googledrivesync.exe
2015-01-09 06:01 - 2015-01-09 06:01 - 00003072 _____ () C:\WINDOWS\SysWOW64\persistent_q.db
2015-01-09 06:01 - 2015-01-09 06:01 - 00000000 ____D () C:\Users\Administrator\Desktop\Antivirus
2015-01-09 05:49 - 2015-01-09 05:49 - 00010156 _____ () C:\Users\A\Desktop\attach.txt
2015-01-09 05:49 - 2015-01-09 05:48 - 00034731 _____ () C:\Users\A\Desktop\dds.txt
2015-01-09 05:47 - 2015-01-09 05:47 - 00688992 ____R (Swearware) C:\Users\s\Downloads\dds.com
2015-01-09 05:21 - 2015-01-09 05:22 - 00045090 _____ () C:\Users\s\Downloads\Result.txt
2015-01-09 05:21 - 2015-01-09 05:21 - 00401920 _____ (Farbar) C:\Users\s\Downloads\MiniToolBox.exe
2015-01-08 13:55 - 2015-01-08 13:55 - 00000000 ____D () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 13:54 - 2015-01-08 13:54 - 00019512 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspmmfs64.sys
2015-01-08 13:54 - 2015-01-08 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiMon
2015-01-08 13:54 - 2015-01-08 13:54 - 00000000 ____D () C:\Program Files\MultiMon
2015-01-08 07:27 - 2015-01-09 06:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-08 07:27 - 2015-01-08 07:27 - 00001055 _____ () C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2015-01-08 07:27 - 2015-01-08 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-01-08 07:27 - 2015-01-08 07:27 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-08 06:08 - 2015-01-08 08:54 - 4100497408 _____ () C:\Users\s\Downloads\WindowsTechnicalPreview-x64-EN-US.iso
2015-01-08 06:07 - 2015-01-08 06:07 - 00030472 _____ () C:\Users\s\Downloads\PrepareWin7ForWindowsTechnicalPreview.exe
2015-01-08 05:37 - 2015-01-08 05:45 - 211735920 _____ () C:\Users\s\Downloads\NewRetroArcade-2.0.0.zip
2015-01-08 02:46 - 2015-01-08 02:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-08 02:46 - 2015-01-08 02:46 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-01-08 02:46 - 2015-01-08 02:46 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-08 02:46 - 2015-01-08 02:46 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-06 21:34 - 2015-01-06 21:34 - 00000506 _____ () C:\WINDOWS\SynInst.log
2015-01-06 21:33 - 2015-01-06 21:33 - 00000000 ___HD () C:\OneDriveTemp
2015-01-06 14:56 - 2015-01-06 17:09 - 3732312252 _____ () C:\Users\s\Downloads\Italy 2012.daa
2015-01-06 07:07 - 2015-01-06 07:07 - 00000000 ____D () C:\Users\s\AppData\Roaming\PowerISO
2015-01-06 07:05 - 2015-01-11 21:34 - 00000000 ___RD () C:\Users\s\OneDrive
2015-01-06 07:05 - 2015-01-06 07:05 - 00002124 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-06 07:05 - 2015-01-06 07:05 - 00002100 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-06 07:05 - 2015-01-06 07:05 - 00002100 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-06 07:05 - 2015-01-06 07:05 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-06 07:05 - 2015-01-06 07:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-06 04:18 - 2015-01-06 04:18 - 00000979 _____ () C:\Users\Public\Desktop\Clover.lnk
2015-01-06 04:18 - 2015-01-06 04:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover
2015-01-06 04:18 - 2015-01-06 04:18 - 00000000 ____D () C:\Program Files (x86)\Clover
2015-01-06 04:17 - 2015-01-11 21:34 - 00000000 ___RD () C:\Users\s\Google Drive
2015-01-06 04:17 - 2015-01-06 04:17 - 00001653 _____ () C:\Users\s\Desktop\Google Drive.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-06 03:20 - 2015-01-06 03:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Insoft LLC
2015-01-06 03:02 - 2015-01-06 03:03 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-06 03:02 - 2015-01-06 03:03 - 00000000 ____D () C:\Program Files\OpenVPN
2015-01-06 03:02 - 2015-01-06 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-01-06 02:18 - 2015-01-11 21:34 - 00000000 ___RD () C:\Users\s\Dropbox
2015-01-06 02:18 - 2015-01-06 02:18 - 00001075 _____ () C:\Users\s\Desktop\Dropbox.lnk
2015-01-06 02:17 - 2015-01-06 02:17 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-06 02:17 - 2015-01-06 02:17 - 00000000 ____D () C:\Users\A\AppData\Roaming\Dropbox
2015-01-06 02:14 - 2015-01-11 21:34 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox
2015-01-03 15:25 - 2015-01-03 15:25 - 00280888 _____ () C:\WINDOWS\Minidump\010315-6739-01.dmp
2015-01-03 14:45 - 2015-01-03 14:45 - 00001106 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-01-03 14:44 - 2015-01-03 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-01-01 03:23 - 2015-01-06 03:20 - 00000000 ____D () C:\Program Files (x86)\Adguard
2015-01-01 03:23 - 2015-01-06 03:19 - 00000000 ____D () C:\ProgramData\Adguard
2015-01-01 03:23 - 2015-01-01 03:23 - 00000261 _____ () C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2015-01-01 03:23 - 2015-01-01 03:23 - 00000261 _____ () C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2015-01-01 03:23 - 2015-01-01 03:23 - 00000261 _____ () C:\ProgramData\fontcacheev1.dat
2015-01-01 03:09 - 2015-01-01 03:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-01 03:09 - 2015-01-01 03:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-01 02:33 - 2015-01-01 02:52 - 00000000 ____D () C:\Users\s\Documents\Fiddler2
2015-01-01 02:33 - 2015-01-01 02:33 - 00001888 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler4.lnk
2015-01-01 02:33 - 2015-01-01 02:33 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2015-01-01 02:31 - 2015-01-01 02:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-01 02:03 - 2015-01-01 02:03 - 01188194 _____ () C:\Users\A\Downloads\ProcessExplorer.zip
2015-01-01 02:03 - 2015-01-01 02:03 - 01188194 _____ () C:\Users\A\Downloads\ProcessExplorer (1).zip
2015-01-01 02:01 - 2015-01-01 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-01-01 02:00 - 2015-01-09 08:36 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-01 02:00 - 2015-01-01 02:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-12-28 04:28 - 2014-12-28 04:28 - 00001079 _____ () C:\Users\A\Desktop\Free Alarm Clock.lnk
2014-12-28 04:28 - 2014-12-28 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2014-12-28 04:28 - 2014-12-28 04:28 - 00000000 ____D () C:\Program Files (x86)\FreeAlarmClock
2014-12-27 05:47 - 2015-01-06 12:58 - 00000000 ____D () C:\Users\s\Documents\My Games
2014-12-26 23:36 - 2014-12-26 23:36 - 00000000 ____D () C:\WINDOWS\Sun
2014-12-26 23:33 - 2015-01-01 03:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-26 23:33 - 2014-12-26 23:33 - 00000000 ____D () C:\ProgramData\Sun
2014-12-26 23:11 - 2014-12-26 23:11 - 00000000 ____D () C:\Users\s\AppData\Roaming\eCyber
2014-12-25 05:38 - 2015-01-11 14:23 - 00000000 ____D () C:\WINDOWS\system32\log
2014-12-25 05:38 - 2014-12-25 05:38 - 00000000 ____D () C:\Users\s\AppData\Roaming\Elex-tech
2014-12-25 04:41 - 2014-12-25 04:41 - 00000000 ___HD () C:\VTRoot
2014-12-25 04:38 - 2014-12-25 06:37 - 00095010 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2014-12-22 22:17 - 2014-12-27 00:50 - 00000000 ____D () C:\Users\s\AppData\Roaming\SpaceEngineers
2014-12-22 21:45 - 2014-12-22 21:45 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-12-22 19:04 - 2014-12-22 19:03 - 00538496 _____ (Intel Corporation) C:\WINDOWS\system32\PROUnstl.exe
2014-12-22 19:04 - 2006-01-12 20:52 - 00001904 ____N () C:\WINDOWS\system32\SetupBD.din
2014-12-22 19:03 - 2014-12-22 19:03 - 00482128 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1c62x64.sys
2014-12-22 19:03 - 2014-12-22 19:03 - 00101224 _____ (Intel Corporation) C:\WINDOWS\system32\NicInstC.dll
2014-12-22 19:03 - 2014-12-22 19:03 - 00073032 _____ (Intel Corporation) C:\WINDOWS\system32\e1cmsg.dll
2014-12-22 19:03 - 2012-01-06 19:02 - 00003114 _____ () C:\WINDOWS\system32\e1c62x64.din
2014-12-22 19:02 - 2014-12-22 19:03 - 05911416 _____ (Hewlett-Packard Company ) C:\Users\A\Downloads\sp60775.exe
2014-12-22 18:50 - 2015-01-08 13:53 - 00000836 _____ () C:\Users\A\Desktop\WhoCrashed.lnk
2014-12-22 18:50 - 2015-01-08 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2014-12-22 18:50 - 2015-01-08 13:53 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-12-22 18:23 - 2015-01-08 02:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 ____D () C:\Users\A\Documents\ProcAlyzer Dumps
2014-12-22 18:22 - 2014-12-22 18:22 - 00001043 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-22 18:22 - 2014-12-22 18:22 - 00001031 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-22 18:22 - 2014-12-22 18:22 - 00000000 ____D () C:\Users\A\AppData\Roaming\TeamViewer
2014-12-22 06:42 - 2014-12-22 06:42 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-12-20 23:02 - 2014-12-20 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-12-20 23:02 - 2014-12-20 23:02 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-12-20 12:21 - 2014-12-20 12:21 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-20 12:16 - 2014-12-20 12:16 - 00000000 ____D () C:\Users\s\AppData\Roaming\Comodo
2014-12-20 12:15 - 2014-12-20 12:15 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01} - Copy.bat
2014-12-20 11:56 - 2015-01-06 12:52 - 00000000 ____D () C:\Users\A\AppData\Roaming\Comodo
2014-12-20 11:50 - 2014-12-20 11:50 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-12-20 11:50 - 2014-12-20 11:50 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2014-12-20 11:50 - 2014-12-20 11:50 - 00001870 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-12-20 11:50 - 2014-12-20 11:50 - 00001116 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\Program Files\COMODO
2014-12-20 11:49 - 2014-12-20 11:56 - 00000000 ____D () C:\ProgramData\Comodo
2014-12-20 11:49 - 2014-12-20 11:49 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-12-20 11:49 - 2014-12-20 11:49 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-12-20 07:00 - 2014-12-20 07:04 - 00103553 _____ () C:\zoek-results.log
2014-12-20 06:59 - 2014-12-20 06:59 - 00000000 ____D () C:\zoek_backup
2014-12-19 16:13 - 2014-12-20 22:59 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-19 16:13 - 2014-12-19 16:13 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-19 16:06 - 2014-12-19 16:06 - 00028626 _____ () C:\ComboFix.txt
2014-12-19 15:59 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-12-19 15:59 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-12-19 15:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-12-19 15:33 - 2014-12-19 16:06 - 00000000 ____D () C:\Qoobox
2014-12-19 15:32 - 2014-12-19 16:05 - 00000000 ____D () C:\WINDOWS\erdnt
2014-12-19 07:12 - 2014-12-19 07:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-19 07:12 - 2014-12-19 07:12 - 11222744 _____ (SurfRight B.V.) C:\Users\s\Downloads\HitmanPro_x64.exe
2014-12-19 07:05 - 2014-12-19 07:08 - 00000000 ____D () C:\Users\s\Downloads\Rosetta Stone
2014-12-19 06:40 - 2014-12-19 06:40 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-19 06:40 - 2014-12-19 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 06:37 - 2015-01-11 21:42 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 06:37 - 2015-01-11 21:33 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 06:37 - 2014-12-19 06:37 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-19 06:37 - 2014-12-19 06:37 - 00003632 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-19 06:37 - 2014-12-19 06:37 - 00000000 ____D () C:\Users\A\AppData\Roaming\LavasoftStatistics
2014-12-19 06:36 - 2014-12-19 06:36 - 00000000 ____D () C:\Users\s\AppData\Local\Apps\2.0
2014-12-19 06:35 - 2014-12-19 06:35 - 00000000 ____D () C:\Users\A\AppData\Roaming\Macromedia
2014-12-19 06:34 - 2014-12-19 06:34 - 00880784 _____ (Google Inc.) C:\Users\A\Desktop\ChromeSetup.exe
2014-12-19 06:33 - 2014-12-19 06:33 - 00880784 _____ (Google Inc.) C:\Users\A\Downloads\ChromeSetup (1).exe
2014-12-19 06:32 - 2014-12-19 06:33 - 00880784 _____ (Google Inc.) C:\Users\A\Downloads\ChromeSetup.exe
2014-12-19 06:29 - 2014-12-19 06:29 - 00000000 ____D () C:\Users\A\AppData\Local\Apps\2.0
2014-12-18 01:08 - 2014-12-25 02:08 - 00000991 _____ () C:\Users\s\Desktop\P.txt
2014-12-18 01:03 - 2014-12-18 01:03 - 00001158 _____ () C:\Users\s\Desktop\Evernote.lnk
2014-12-17 20:51 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-12-17 20:51 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-12-17 05:58 - 2014-12-17 05:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-17 05:58 - 2014-12-17 05:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-17 05:36 - 2014-12-17 05:36 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-12-17 05:36 - 2014-05-27 16:07 - 00034816 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64modem.sys
2014-12-17 05:36 - 2014-05-27 16:07 - 00028160 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64diag.sys
2014-12-17 05:36 - 2014-05-27 16:07 - 00017920 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64bus.sys
2014-12-17 05:35 - 2014-12-17 05:36 - 11454688 _____ (LG Electronics) C:\Users\s\Downloads\LGUnitedMobileDriver_S51MAN312AP22_ML_WHQL_Ver_3.12.3.exe
2014-12-17 02:17 - 2014-12-17 02:17 - 00001330 _____ () C:\WINDOWS\DIFx.log
2014-12-17 02:17 - 2014-12-17 02:17 - 00000000 ____D () C:\WINDOWS\SysWOW64\AGEIA
2014-12-17 02:17 - 2014-12-17 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2014-12-17 02:17 - 2014-12-17 02:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-17 01:55 - 2014-12-17 01:56 - 00000000 ____D () C:\Users\s\Downloads\z
2014-12-17 01:54 - 2015-01-11 08:34 - 00000000 ____D () C:\Users\s\Downloads\AntiVirus
2014-12-17 01:52 - 2014-12-17 01:52 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2014-12-17 01:52 - 2014-12-17 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-12-17 01:13 - 2014-12-17 01:13 - 00001014 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PortableApps.com Platform.lnk
2014-12-16 02:35 - 2015-01-11 14:23 - 00000000 ____D () C:\AdwCleaner
2014-12-16 02:25 - 2014-12-16 02:32 - 00000000 ____D () C:\Users\s\Downloads\backups
2014-12-16 01:43 - 2014-12-16 01:43 - 00000000 ____D () C:\ProgramData\SMR430
2014-12-16 01:40 - 2014-12-16 01:40 - 00000000 ____D () C:\ProgramData\Norton
2014-12-16 01:25 - 2014-12-16 01:25 - 00000000 ____D () C:\Users\s\Documents\Klei
2014-12-15 02:33 - 2015-01-09 05:51 - 00000000 ____D () C:\temp
2014-12-14 20:38 - 2015-01-11 21:42 - 00000000 ____D () C:\FRST
2014-12-14 20:19 - 2014-12-14 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-12-14 20:19 - 2014-12-14 20:19 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-12-14 19:29 - 2015-01-09 06:02 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-14 19:29 - 2014-12-14 19:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-14 19:29 - 2014-12-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-14 19:28 - 2015-01-01 02:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-14 19:28 - 2014-12-14 19:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-14 19:28 - 2014-12-14 19:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-14 19:28 - 2014-11-21 12:14 - 00063704 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-14 19:28 - 2014-11-21 12:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-14 06:10 - 2014-12-27 06:12 - 00000000 ____D () C:\Users\s\AppData\Roaming\TeamViewer
2014-12-14 06:09 - 2014-12-27 06:19 - 00000000 ____D () C:\Users\s\AppData\Roaming\Skype
2014-12-14 02:37 - 2014-12-16 01:32 - 00000606 _____ () C:\Users\s\Desktop\1.txt
2014-12-14 02:37 - 2014-12-14 02:37 - 00000000 ____D () C:\Users\s\AppData\Roaming\WinPatrol
2014-12-14 02:31 - 2014-12-14 02:31 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-14 02:31 - 2014-12-14 02:31 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-12-13 23:50 - 2014-12-13 23:50 - 00000000 ____D () C:\Users\s\AppData\Roaming\Macromedia
2014-12-12 02:29 - 2014-12-12 02:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-12 02:28 - 2014-12-12 02:28 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-12-12 02:15 - 2014-12-12 02:15 - 00001413 _____ () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-12 02:15 - 2014-12-12 02:15 - 00000020 ___SH () C:\Users\A\ntuser.ini
2014-12-12 02:15 - 2014-12-12 02:15 - 00000000 ____D () C:\Users\A\AppData\Roaming\Synaptics
2014-12-12 02:15 - 2014-12-12 02:15 - 00000000 ____D () C:\Users\A\AppData\Roaming\Adobe
2014-12-12 02:15 - 2014-12-12 02:15 - 00000000 ____D () C:\Users\A
2014-12-12 02:15 - 2014-04-15 18:23 - 00000000 ____D () C:\Users\A\AppData\Roaming\hpqLog
2014-12-12 02:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-12 02:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-12 02:11 - 2014-12-12 02:11 - 00000000 ____D () C:\WINDOWS\system32\appraiser
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 21:39 - 2009-07-14 06:13 - 00928602 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-11 21:32 - 2014-04-15 22:17 - 01512858 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-11 21:32 - 2009-07-14 06:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-11 21:32 - 2009-07-14 05:51 - 00057544 _____ () C:\WINDOWS\setupact.log
2015-01-11 21:32 - 2009-07-14 05:45 - 00029744 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 21:32 - 2009-07-14 05:45 - 00029744 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 14:24 - 2010-11-21 04:47 - 00237942 _____ () C:\WINDOWS\PFRO.log
2015-01-11 13:25 - 2014-12-02 22:23 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-11 13:25 - 2014-11-23 02:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-11 13:24 - 2014-12-02 22:23 - 548647408 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-09 06:50 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-08 15:27 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-06 07:05 - 2014-12-10 00:35 - 00000000 ____D () C:\Users\s
2015-01-06 04:16 - 2014-11-23 02:33 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-06 03:20 - 2013-05-06 21:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-06 03:02 - 2013-08-22 13:40 - 00040664 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2015-01-03 17:52 - 2014-12-02 21:44 - 00002198 _____ () C:\WINDOWS\epplauncher.mif
2015-01-01 03:09 - 2013-09-06 13:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-26 23:33 - 2013-09-06 13:11 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-12-26 23:33 - 2013-09-06 13:11 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-12-26 23:33 - 2013-09-06 13:11 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-12-25 06:37 - 2009-07-14 06:08 - 00032566 _____ () C:\WINDOWS\Tasks\SCHEDLGU.TXT
2014-12-25 06:37 - 2009-07-14 05:45 - 00415280 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-25 05:38 - 2013-09-06 13:03 - 00001900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TGH App Center.lnk
2014-12-22 19:03 - 2014-12-07 12:41 - 00000000 ____D () C:\SwSetup
2014-12-22 18:22 - 2014-12-02 01:02 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-19 16:04 - 2009-07-14 03:34 - 00000215 _____ () C:\WINDOWS\system.ini
2014-12-19 15:46 - 2014-04-15 22:18 - 00000372 _____ () C:\WINDOWS\SMSCFG.INI
2014-12-19 15:46 - 2014-04-15 22:18 - 00000000 ____D () C:\WINDOWS\ccmsetup
2014-12-19 15:46 - 2014-04-15 18:19 - 00001162 _____ () C:\WINDOWS\system32\InstallUtil.InstallLog
2014-12-19 15:46 - 2014-04-15 18:19 - 00000000 ____D () C:\WINDOWS\CCM
2014-12-19 15:44 - 2013-09-16 19:17 - 00000000 ____D () C:\WINDOWS\dwrcs
2014-12-19 15:40 - 2014-09-11 14:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\s\Desktop\autoruns.exe
2014-12-19 06:48 - 2014-12-02 21:20 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-12-18 01:03 - 2014-12-02 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-12-17 05:58 - 2014-11-23 02:30 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-17 05:58 - 2014-11-23 02:30 - 00000000 ____D () C:\ProgramData\Skype
2014-12-17 05:36 - 2014-12-07 12:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-17 05:29 - 2014-12-08 16:18 - 00003400 _____ () C:\WINDOWS\System32\Tasks\WINshell Event Notification
2014-12-17 05:29 - 2014-12-08 16:18 - 00003396 _____ () C:\WINDOWS\System32\Tasks\WINshell Event Logging
2014-12-17 01:53 - 2014-04-15 18:22 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-17 01:52 - 2014-04-15 18:22 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-12-17 01:44 - 2009-07-14 06:09 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-12-16 01:41 - 2009-07-14 04:20 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-16 01:39 - 2014-09-11 14:57 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\s\Desktop\procexp.exe
2014-12-16 00:46 - 2014-03-07 05:53 - 02510528 _____ (Sysinternals - www.sysinternals.com) C:\Users\s\Desktop\Procmon.exe
2014-12-14 19:39 - 2013-06-12 14:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 19:39 - 2013-06-12 14:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 19:39 - 2009-07-14 04:20 - 00000000 ____D () C:\WINDOWS\PLA
2014-12-14 00:35 - 2013-06-12 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 22:28 - 2014-04-15 18:21 - 03148854 _____ () C:\WINDOWS\BGInfo.bmp
2014-12-13 04:17 - 2009-07-14 04:20 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-12 02:17 - 2014-12-02 21:45 - 00000028 _____ () C:\WINDOWS\ODBC.INI
2014-12-12 02:11 - 2014-11-23 15:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-12 02:11 - 2009-07-14 04:20 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-12 02:11 - 2009-07-14 04:20 - 00000000 ____D () C:\WINDOWS\AppCompat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 11:57
 
==================== End Of Log ============================
 
 

Essential Tools for safe computing

https://sites.google.com/site/dinodod/pc-standards

 

Please leave a comment on anything relative and help me expand on it.

 


#6 dinodod

dinodod
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 11 January 2015 - 05:05 PM

MBAM log

Attached Files


Essential Tools for safe computing

https://sites.google.com/site/dinodod/pc-standards

 

Please leave a comment on anything relative and help me expand on it.

 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:54 PM

Posted 11 January 2015 - 07:24 PM

Hey,
that's the wrong MBAM Log. ;)
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 dinodod

dinodod
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 12 January 2015 - 06:32 AM

Sorry about that...

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/11/2015
Scan Time: 2:31:10 PM
Logfile: MBAM Log.txt
Administrator: No
 
Version: 2.00.4.1028
Malware Database: v2015.01.11.06
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: s
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311369
Time Elapsed: 5 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Essential Tools for safe computing

https://sites.google.com/site/dinodod/pc-standards

 

Please leave a comment on anything relative and help me expand on it.

 


#9 dinodod

dinodod
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 12 January 2015 - 06:34 AM

By the way, is there a forum on what exactly these tools do which BleepingComputer has on their site?  I'd like to know what is different about these tools -vs- all teh other anti-malware that is out there.

 

Does any of your tools actually detect for known malware?  If so, how do you do that?


Essential Tools for safe computing

https://sites.google.com/site/dinodod/pc-standards

 

Please leave a comment on anything relative and help me expand on it.

 


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:54 PM

Posted 12 January 2015 - 10:09 AM

Hey,

By the way, is there a forum on what exactly these tools do which BleepingComputer has on their site? I'd like to know what is different about these tools -vs- all teh other anti-malware that is out there.

Does any of your tools actually detect for known malware? If so, how do you do that?

You can join our malware removal training. ;)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    HKU\S-1-5-21-2420948750-513993667-4212495904-1011\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    C:\ProgramData\fontcacheev1.dat
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 dinodod

dinodod
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 16 January 2015 - 06:04 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by A at 2015-01-16 11:03:03 Run:1
Running from C:\Users\A\Desktop
Loaded Profiles: A (Available profiles: A & s & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No
File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No
Path
C:\ProgramData\fontcacheev1.dat
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\GrpConv => Value not found.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
File => Error: No automatic fix found for this entry.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKU\S-1-5-21-2420948750-513993667-4212495904-1011\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKU\S-1-5-21-2420948750-513993667-4212495904-1013\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => Key not found. 
"CHR HKU\S-1-5-21-2420948750-513993667-4212495904-1013\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No" => File/Directory not found.
Path => Error: No automatic fix found for this entry.
C:\ProgramData\fontcacheev1.dat => Moved successfully.
EmptyTemp: => Removed 227.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 11:03:08 ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by A (administrator) on MYLIFE on 16-01-2015 11:09:35
Running from C:\Users\A\Desktop
Loaded Profiles: A (Available profiles: A & s & Administrator)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Horizon Datasys, Inc.) C:\Program Files\Shield\ShdServ.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Horizon Datasys, Inc.) C:\Program Files\Shield\ShdTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Shield] => C:\Program Files\Shield\shdtray.exe [72728 2015-01-14] (Horizon Datasys, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2015-01-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2015-01-08] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
IFEO\taskmgr.exe: [Debugger] C:\Program Files\COMODO\COMODO Internet Security\KillSwitch.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableApps.com Platform.lnk
ShortcutTarget: PortableApps.com Platform.lnk -> C:\PortableApps\PortableApps\PortableApps.com\PortableAppsPlatform.exe (PortableApps.com)
BootExecute: ShdSyncautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2420948750-513993667-4212495904-1011\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-2420948750-513993667-4212495904-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: AutorunsDisabled - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
Filter-x32: AutorunsDisabled - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E2397C48-3DBA-43BB-BA55-A12B27116213}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-01-13]
 
Chrome: 
=======
CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-26]
CHR Extension: (Google Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-26]
CHR Extension: (Google Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-26]
CHR Extension: (Google Sheets) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-26]
CHR Extension: (Google Wallet) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2015-01-11] (Blue Coat Systems, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
S4 DcaSvc; C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2012-08-27] (Microsoft Corporation)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-10-23] (Futuremark)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-02] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2015-01-08] (Kaspersky Lab ZAO)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S4 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [280320 2013-01-25] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-01-06] (The OpenVPN Project)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-01-08] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-01-08] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2015-01-08] (Safer-Networking Ltd.)
R2 ShdServ; C:\Program Files\Shield\shdserv.exe [232984 2015-01-14] (Horizon Datasys, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-20] (IDT, Inc.) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 dwmrcs; C:\Windows\dwrcs\dwrcs.exe -service [X]
S4 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S4 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckd; C:\Windows\System32\drivers\bckd.sys [126168 2014-01-24] (Blue Coat Systems, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-06-26] (Windows ® Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
S3 johci; C:\Windows\system32\drivers\johci.sys [26208 2013-01-08] (JMicron Technology Corp.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-18] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 rspMMFS; C:\Windows\System32\DRIVERS\rspmmfs64.sys [19512 2015-01-08] (Resplendence Software Projects Sp.)
R0 Shdbus; C:\Windows\System32\DRIVERS\Shdbus.sys [30232 2015-01-14] (Horizon Datasys, Inc.)
R0 Shield; C:\Windows\System32\DRIVERS\shield.sys [76312 2015-01-14] (Horizon Datasys, Inc.)
R0 Shieldf; C:\Windows\System32\DRIVERS\Shieldf.sys [32280 2015-01-14] (Horizon Datasys, Inc.)
R0 Shieldm; C:\Windows\System32\DRIVERS\Shieldm.sys [35352 2015-01-14] (Horizon Datasys, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2015-01-14] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-01-08] (Sunplus)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2014-05-27] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2014-05-27] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2014-05-27] (LG Electronics Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2014-11-17] (VMware, Inc.)
S1 adgnetworktdi; system32\drivers\adgnetworktdi.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\c:\temp\user\mfe_rr.sys [X]
S3 MMPSY; \??\c:\temp\user\mmpsy64.sys [X]
S3 SmbDrv; \SystemRoot\system32\drivers\Smb_driver_AMDASF.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 11:09 - 2015-01-16 11:09 - 00021353 _____ () C:\Users\A\Desktop\FRST.txt
2015-01-16 11:00 - 2015-01-16 11:00 - 02125312 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
2015-01-16 10:39 - 2015-01-16 10:39 - 00000000 ____D () C:\Users\A\.VirtualBox
2015-01-14 15:38 - 2015-01-16 11:09 - 00000000 ____D () C:\Program Files\Shield
2015-01-14 15:38 - 2015-01-14 15:38 - 00076312 ____N (Horizon Datasys, Inc.) C:\WINDOWS\system32\Drivers\shield.sys
2015-01-14 15:38 - 2015-01-14 15:38 - 00035352 ____N (Horizon Datasys, Inc.) C:\WINDOWS\system32\Drivers\shieldm.sys
2015-01-14 15:38 - 2015-01-14 15:38 - 00032280 ____N (Horizon Datasys, Inc.) C:\WINDOWS\system32\Drivers\shieldf.sys
2015-01-14 15:38 - 2015-01-14 15:38 - 00030232 ____N (Horizon Datasys, Inc.) C:\WINDOWS\system32\shdsync.exe
2015-01-14 15:38 - 2015-01-14 15:38 - 00030232 ____N (Horizon Datasys, Inc.) C:\WINDOWS\system32\Drivers\shdbus.sys
2015-01-14 15:38 - 2015-01-14 15:38 - 00006004 ____N () C:\WINDOWS\system32\Drivers\shieldmamd64.cat
2015-01-14 15:38 - 2015-01-14 15:38 - 00000000 ____D () C:\WINDOWS\system32\configfix
2015-01-14 15:38 - 2015-01-14 15:38 - 00000000 ____D () C:\RebootRestore
2015-01-14 15:10 - 2015-01-14 15:10 - 00000000 ____D () C:\Users\s\Documents\Virtual Machines
2015-01-14 15:09 - 2015-01-14 15:35 - 00000000 ____D () C:\Users\s\AppData\Roaming\VMware
2015-01-14 15:09 - 2014-11-20 18:44 - 00066752 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2015-01-14 15:09 - 2014-11-20 18:44 - 00033472 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\VMkbd.sys
2015-01-14 15:09 - 2014-11-17 17:38 - 00076480 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2015-01-14 15:09 - 2014-11-17 17:38 - 00068288 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2015-01-14 15:09 - 2014-11-17 17:38 - 00064192 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2015-01-14 15:08 - 2015-01-14 15:35 - 00046144 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmusb.sys
2015-01-14 15:08 - 2015-01-14 15:08 - 00002120 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2015-01-14 15:08 - 2015-01-14 15:08 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-01-14 15:08 - 2015-01-14 15:07 - 00438464 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2015-01-14 15:08 - 2015-01-14 15:07 - 00359104 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2015-01-14 15:08 - 2014-11-20 18:44 - 00931008 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2015-01-14 15:08 - 2014-11-20 18:44 - 00026816 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2015-01-14 15:08 - 2014-11-18 08:04 - 00055488 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2015-01-14 15:07 - 2015-01-16 11:03 - 00000000 ____D () C:\ProgramData\VMware
2015-01-14 15:07 - 2015-01-14 15:07 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-01-14 12:51 - 2015-01-14 12:51 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-01-14 12:51 - 2015-01-14 12:51 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-01-14 10:57 - 2015-01-14 10:57 - 05197824 _____ () C:\Users\s\Downloads\HPSupportSolutionsFramework-en-11.51.0048.msi
2015-01-14 09:45 - 2015-01-14 14:53 - 00000000 ____D () C:\Users\s\VirtualBox VMs
2015-01-14 09:36 - 2015-01-16 10:35 - 00000000 ____D () C:\Users\s\.VirtualBox
2015-01-14 09:35 - 2015-01-14 09:35 - 00916024 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2015-01-14 09:35 - 2015-01-14 09:35 - 00128080 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2015-01-14 09:35 - 2015-01-14 09:35 - 00001076 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-01-14 09:35 - 2015-01-14 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-01-14 09:35 - 2015-01-14 09:35 - 00000000 ____D () C:\Program Files\Oracle
2015-01-13 23:29 - 2015-01-13 23:32 - 00000000 ____D () C:\Users\s\AppData\Roaming\Free Download Manager
2015-01-13 23:28 - 2015-01-13 23:28 - 00001067 _____ () C:\Users\A\Desktop\Free Download Manager.lnk
2015-01-13 23:28 - 2015-01-13 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-01-13 23:28 - 2015-01-13 23:28 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2015-01-13 08:34 - 2014-12-19 06:40 - 00002255 _____ () C:\Users\s\Desktop\Google Chrome.lnk
2015-01-13 03:08 - 2015-01-11 13:34 - 15993466 _____ (Cameyo) C:\Users\s\Desktop\Cameyo.exe
2015-01-13 03:07 - 2015-01-14 14:15 - 00000000 ____D () C:\Users\s\Downloads\Games
2015-01-11 19:57 - 2015-01-11 19:57 - 00001354 _____ () C:\Users\A\Desktop\JRT.txt
2015-01-11 19:26 - 2015-01-11 19:26 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-11 13:46 - 2015-01-11 13:46 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-11 13:42 - 2015-01-14 00:46 - 00000000 ____D () C:\Users\s\AppData\Roaming\VOS
2015-01-11 13:25 - 2015-01-11 13:25 - 00281368 _____ () C:\WINDOWS\Minidump\011115-6536-01.dmp
2015-01-11 08:44 - 2015-01-14 15:31 - 00000000 ____D () C:\Program Files\Blue Coat K9 Web Protection
2015-01-11 08:44 - 2015-01-11 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection
2015-01-11 06:18 - 2015-01-11 06:18 - 00002020 _____ () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
2015-01-11 06:18 - 2015-01-11 06:18 - 00000000 ____D () C:\Users\s\AppData\Roaming\OpenDNS Updater
2015-01-11 06:18 - 2015-01-11 06:18 - 00000000 ____D () C:\Users\A\AppData\Roaming\OpenDNS Updater
2015-01-11 06:18 - 2015-01-11 06:18 - 00000000 ____D () C:\Program Files (x86)\OpenDNS Updater
2015-01-09 06:56 - 2015-01-09 06:57 - 00000000 ____D () C:\Users\s\Desktop\RimWorld671Win
2015-01-09 06:01 - 2015-01-09 06:01 - 00003072 _____ () C:\WINDOWS\SysWOW64\persistent_q.db
2015-01-09 06:01 - 2015-01-09 06:01 - 00000000 ____D () C:\Users\Administrator\Desktop\Antivirus
2015-01-09 05:49 - 2015-01-09 05:49 - 00010156 _____ () C:\Users\A\Desktop\attach.txt
2015-01-09 05:49 - 2015-01-09 05:48 - 00034731 _____ () C:\Users\A\Desktop\dds.txt
2015-01-09 05:47 - 2015-01-09 05:47 - 00688992 ____R (Swearware) C:\Users\s\Downloads\dds.com
2015-01-09 05:21 - 2015-01-09 05:22 - 00045090 _____ () C:\Users\s\Downloads\Result.txt
2015-01-09 05:21 - 2015-01-09 05:21 - 00401920 _____ (Farbar) C:\Users\s\Downloads\MiniToolBox.exe
2015-01-08 13:55 - 2015-01-08 13:55 - 00000000 ____D () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 13:54 - 2015-01-08 13:54 - 00019512 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspmmfs64.sys
2015-01-08 13:54 - 2015-01-08 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiMon
2015-01-08 13:54 - 2015-01-08 13:54 - 00000000 ____D () C:\Program Files\MultiMon
2015-01-08 07:27 - 2015-01-09 06:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-08 07:27 - 2015-01-08 07:27 - 00001055 _____ () C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2015-01-08 07:27 - 2015-01-08 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-01-08 07:27 - 2015-01-08 07:27 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-08 02:46 - 2015-01-08 02:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-08 02:46 - 2015-01-08 02:46 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-01-08 02:46 - 2015-01-08 02:46 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-08 02:46 - 2015-01-08 02:46 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-06 21:34 - 2015-01-06 21:34 - 00000506 _____ () C:\WINDOWS\SynInst.log
2015-01-06 21:33 - 2015-01-06 21:33 - 00000000 ___HD () C:\OneDriveTemp
2015-01-06 14:56 - 2015-01-06 17:09 - 3732312252 _____ () C:\Users\s\Downloads\Italy 2012.daa
2015-01-06 07:07 - 2015-01-06 07:07 - 00000000 ____D () C:\Users\s\AppData\Roaming\PowerISO
2015-01-06 07:05 - 2015-01-16 10:38 - 00000000 ___RD () C:\Users\s\OneDrive
2015-01-06 07:05 - 2015-01-06 07:05 - 00002124 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-06 07:05 - 2015-01-06 07:05 - 00002100 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-06 07:05 - 2015-01-06 07:05 - 00002100 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-06 07:05 - 2015-01-06 07:05 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-06 07:05 - 2015-01-06 07:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-06 04:18 - 2015-01-06 04:18 - 00000979 _____ () C:\Users\Public\Desktop\Clover.lnk
2015-01-06 04:18 - 2015-01-06 04:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover
2015-01-06 04:18 - 2015-01-06 04:18 - 00000000 ____D () C:\Program Files (x86)\Clover
2015-01-06 04:17 - 2015-01-16 10:35 - 00000000 ___RD () C:\Users\s\Google Drive
2015-01-06 04:17 - 2015-01-06 04:17 - 00001653 _____ () C:\Users\s\Desktop\Google Drive.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-06 04:16 - 2015-01-09 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-06 03:20 - 2015-01-06 03:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Insoft LLC
2015-01-06 03:02 - 2015-01-06 03:03 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-06 03:02 - 2015-01-06 03:03 - 00000000 ____D () C:\Program Files\OpenVPN
2015-01-06 03:02 - 2015-01-06 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-01-06 02:18 - 2015-01-16 10:35 - 00000000 ___RD () C:\Users\s\Dropbox
2015-01-06 02:18 - 2015-01-06 02:18 - 00001075 _____ () C:\Users\s\Desktop\Dropbox.lnk
2015-01-06 02:17 - 2015-01-06 02:17 - 00000000 ____D () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-06 02:17 - 2015-01-06 02:17 - 00000000 ____D () C:\Users\A\AppData\Roaming\Dropbox
2015-01-06 02:14 - 2015-01-16 10:35 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox
2015-01-03 15:25 - 2015-01-03 15:25 - 00280888 _____ () C:\WINDOWS\Minidump\010315-6739-01.dmp
2015-01-03 14:45 - 2015-01-03 14:45 - 00001106 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-01-03 14:44 - 2015-01-03 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-01-01 03:23 - 2015-01-06 03:20 - 00000000 ____D () C:\Program Files (x86)\Adguard
2015-01-01 03:23 - 2015-01-06 03:19 - 00000000 ____D () C:\ProgramData\Adguard
2015-01-01 03:23 - 2015-01-01 03:23 - 00000261 _____ () C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2015-01-01 03:23 - 2015-01-01 03:23 - 00000261 _____ () C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2015-01-01 03:09 - 2015-01-01 03:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-01 03:09 - 2015-01-01 03:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-01 02:33 - 2015-01-01 02:52 - 00000000 ____D () C:\Users\s\Documents\Fiddler2
2015-01-01 02:33 - 2015-01-01 02:33 - 00001888 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler4.lnk
2015-01-01 02:33 - 2015-01-01 02:33 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2015-01-01 02:31 - 2015-01-01 02:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-01 02:03 - 2015-01-01 02:03 - 01188194 _____ () C:\Users\A\Downloads\ProcessExplorer.zip
2015-01-01 02:03 - 2015-01-01 02:03 - 01188194 _____ () C:\Users\A\Downloads\ProcessExplorer (1).zip
2015-01-01 02:00 - 2015-01-16 10:38 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-12-28 04:28 - 2014-12-28 04:28 - 00001079 _____ () C:\Users\A\Desktop\Free Alarm Clock.lnk
2014-12-28 04:28 - 2014-12-28 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2014-12-28 04:28 - 2014-12-28 04:28 - 00000000 ____D () C:\Program Files (x86)\FreeAlarmClock
2014-12-27 05:47 - 2015-01-06 12:58 - 00000000 ____D () C:\Users\s\Documents\My Games
2014-12-26 23:36 - 2014-12-26 23:36 - 00000000 ____D () C:\WINDOWS\Sun
2014-12-26 23:33 - 2015-01-01 03:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-26 23:33 - 2014-12-26 23:33 - 00000000 ____D () C:\ProgramData\Sun
2014-12-26 23:11 - 2014-12-26 23:11 - 00000000 ____D () C:\Users\s\AppData\Roaming\eCyber
2014-12-25 05:38 - 2015-01-11 14:23 - 00000000 ____D () C:\WINDOWS\system32\log
2014-12-25 05:38 - 2014-12-25 05:38 - 00000000 ____D () C:\Users\s\AppData\Roaming\Elex-tech
2014-12-25 04:41 - 2014-12-25 04:41 - 00000000 ___HD () C:\VTRoot
2014-12-25 04:38 - 2014-12-25 06:37 - 00095010 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2014-12-22 22:17 - 2014-12-27 00:50 - 00000000 ____D () C:\Users\s\AppData\Roaming\SpaceEngineers
2014-12-22 21:45 - 2014-12-22 21:45 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-12-22 19:04 - 2014-12-22 19:03 - 00538496 _____ (Intel Corporation) C:\WINDOWS\system32\PROUnstl.exe
2014-12-22 19:04 - 2006-01-12 20:52 - 00001904 ____N () C:\WINDOWS\system32\SetupBD.din
2014-12-22 19:03 - 2014-12-22 19:03 - 00482128 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1c62x64.sys
2014-12-22 19:03 - 2014-12-22 19:03 - 00101224 _____ (Intel Corporation) C:\WINDOWS\system32\NicInstC.dll
2014-12-22 19:03 - 2014-12-22 19:03 - 00073032 _____ (Intel Corporation) C:\WINDOWS\system32\e1cmsg.dll
2014-12-22 19:03 - 2012-01-06 19:02 - 00003114 _____ () C:\WINDOWS\system32\e1c62x64.din
2014-12-22 19:02 - 2014-12-22 19:03 - 05911416 _____ (Hewlett-Packard Company ) C:\Users\A\Downloads\sp60775.exe
2014-12-22 18:50 - 2015-01-08 13:53 - 00000836 _____ () C:\Users\A\Desktop\WhoCrashed.lnk
2014-12-22 18:50 - 2015-01-08 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2014-12-22 18:50 - 2015-01-08 13:53 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-12-22 18:23 - 2015-01-08 02:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 ____D () C:\Users\A\Documents\ProcAlyzer Dumps
2014-12-22 18:22 - 2014-12-22 18:22 - 00001043 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-22 18:22 - 2014-12-22 18:22 - 00001031 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-22 18:22 - 2014-12-22 18:22 - 00000000 ____D () C:\Users\A\AppData\Roaming\TeamViewer
2014-12-22 06:42 - 2014-12-22 06:42 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-12-20 23:02 - 2014-12-20 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-12-20 23:02 - 2014-12-20 23:02 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-12-20 12:21 - 2014-12-20 12:21 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-20 12:16 - 2014-12-20 12:16 - 00000000 ____D () C:\Users\s\AppData\Roaming\Comodo
2014-12-20 12:15 - 2014-12-20 12:15 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01} - Copy.bat
2014-12-20 11:56 - 2015-01-06 12:52 - 00000000 ____D () C:\Users\A\AppData\Roaming\Comodo
2014-12-20 11:50 - 2014-12-20 11:50 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-12-20 11:50 - 2014-12-20 11:50 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2014-12-20 11:50 - 2014-12-20 11:50 - 00001870 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-12-20 11:50 - 2014-12-20 11:50 - 00001116 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-12-20 11:50 - 2014-12-20 11:50 - 00000000 ____D () C:\Program Files\COMODO
2014-12-20 11:49 - 2014-12-20 11:56 - 00000000 ____D () C:\ProgramData\Comodo
2014-12-20 11:49 - 2014-12-20 11:49 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-12-20 11:49 - 2014-12-20 11:49 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-12-20 07:00 - 2014-12-20 07:04 - 00103553 _____ () C:\zoek-results.log
2014-12-20 06:59 - 2014-12-20 06:59 - 00000000 ____D () C:\zoek_backup
2014-12-19 16:13 - 2014-12-20 22:59 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-19 16:13 - 2014-12-19 16:13 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-19 16:06 - 2014-12-19 16:06 - 00028626 _____ () C:\ComboFix.txt
2014-12-19 15:59 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-12-19 15:59 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-12-19 15:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-12-19 15:59 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-12-19 15:33 - 2014-12-19 16:06 - 00000000 ____D () C:\Qoobox
2014-12-19 15:32 - 2014-12-19 16:05 - 00000000 ____D () C:\WINDOWS\erdnt
2014-12-19 07:12 - 2014-12-19 07:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-19 06:40 - 2014-12-19 06:40 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-19 06:40 - 2014-12-19 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 06:37 - 2015-01-16 11:04 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 06:37 - 2015-01-16 10:42 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 06:37 - 2014-12-19 06:37 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-19 06:37 - 2014-12-19 06:37 - 00003632 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-19 06:37 - 2014-12-19 06:37 - 00000000 ____D () C:\Users\A\AppData\Roaming\LavasoftStatistics
2014-12-19 06:36 - 2014-12-19 06:36 - 00000000 ____D () C:\Users\s\AppData\Local\Apps\2.0
2014-12-19 06:35 - 2014-12-19 06:35 - 00000000 ____D () C:\Users\A\AppData\Roaming\Macromedia
2014-12-19 06:34 - 2014-12-19 06:34 - 00880784 _____ (Google Inc.) C:\Users\A\Desktop\ChromeSetup.exe
2014-12-19 06:33 - 2014-12-19 06:33 - 00880784 _____ (Google Inc.) C:\Users\A\Downloads\ChromeSetup (1).exe
2014-12-19 06:32 - 2014-12-19 06:33 - 00880784 _____ (Google Inc.) C:\Users\A\Downloads\ChromeSetup.exe
2014-12-19 06:29 - 2014-12-19 06:29 - 00000000 ____D () C:\Users\A\AppData\Local\Apps\2.0
2014-12-18 01:08 - 2014-12-25 02:08 - 00000991 _____ () C:\Users\s\Desktop\P.txt
2014-12-18 01:03 - 2014-12-18 01:03 - 00001158 _____ () C:\Users\s\Desktop\Evernote.lnk
2014-12-17 20:51 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-12-17 20:51 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-12-17 05:58 - 2014-12-17 05:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-17 05:58 - 2014-12-17 05:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-17 05:36 - 2014-12-17 05:36 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-12-17 05:36 - 2014-05-27 16:07 - 00034816 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64modem.sys
2014-12-17 05:36 - 2014-05-27 16:07 - 00028160 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64diag.sys
2014-12-17 05:36 - 2014-05-27 16:07 - 00017920 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64bus.sys
2014-12-17 05:35 - 2014-12-17 05:36 - 11454688 _____ (LG Electronics) C:\Users\s\Downloads\LGUnitedMobileDriver_S51MAN312AP22_ML_WHQL_Ver_3.12.3.exe
2014-12-17 02:17 - 2014-12-17 02:17 - 00001330 _____ () C:\WINDOWS\DIFx.log
2014-12-17 02:17 - 2014-12-17 02:17 - 00000000 ____D () C:\WINDOWS\SysWOW64\AGEIA
2014-12-17 02:17 - 2014-12-17 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2014-12-17 02:17 - 2014-12-17 02:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-17 01:55 - 2014-12-17 01:56 - 00000000 ____D () C:\Users\s\Downloads\z
2014-12-17 01:52 - 2014-12-17 01:52 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2014-12-17 01:52 - 2014-12-17 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-12-17 01:13 - 2014-12-17 01:13 - 00001014 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PortableApps.com Platform.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 11:09 - 2014-12-14 20:38 - 00000000 ____D () C:\FRST
2015-01-16 11:09 - 2014-04-15 22:17 - 01819488 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-16 11:09 - 2009-07-14 06:13 - 00932834 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-16 11:03 - 2009-07-14 06:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-16 11:03 - 2009-07-14 05:51 - 00062684 _____ () C:\WINDOWS\setupact.log
2015-01-16 10:42 - 2009-07-14 05:45 - 00030160 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 10:42 - 2009-07-14 05:45 - 00030160 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 10:39 - 2014-12-12 02:15 - 00000000 ____D () C:\Users\A
2015-01-14 15:09 - 2014-11-17 17:38 - 00085584 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmci.sys
2015-01-14 15:08 - 2014-11-20 18:44 - 00081088 _____ (VMware, Inc.) C:\WINDOWS\system32\vmnetbridge.dll
2015-01-14 15:08 - 2014-11-20 18:44 - 00049856 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetinst.dll
2015-01-14 15:08 - 2014-11-20 18:44 - 00048832 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetbridge.sys
2015-01-14 15:08 - 2014-11-20 18:44 - 00028864 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetadapter.sys
2015-01-14 15:08 - 2012-12-18 18:03 - 00946188 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-01-14 12:51 - 2014-04-15 18:23 - 00013192 _____ () C:\WINDOWS\DPINST.LOG
2015-01-14 12:51 - 2014-04-15 18:23 - 00001340 _____ () C:\WINDOWS\Synaptics.log
2015-01-14 12:50 - 2014-12-07 12:41 - 00000000 ____D () C:\SwSetup
2015-01-14 12:50 - 2014-04-07 20:59 - 00555760 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-01-14 12:50 - 2014-04-07 20:59 - 00034544 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-01-14 12:50 - 2014-04-07 20:58 - 00723184 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-01-14 12:50 - 2014-04-07 20:58 - 00422640 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo19.dll
2015-01-14 12:50 - 2014-04-07 20:58 - 00400624 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-01-14 12:50 - 2014-04-07 20:58 - 00252144 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-01-14 12:50 - 2014-04-07 20:58 - 00169712 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynTPCom.dll
2015-01-14 12:20 - 2014-12-10 00:35 - 00000000 ____D () C:\Users\s
2015-01-14 09:35 - 2014-11-24 12:07 - 00141440 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys
2015-01-14 09:35 - 2014-11-24 12:06 - 00204264 _____ (Oracle Corporation) C:\WINDOWS\system32\VBoxNetFltNobj.dll
2015-01-14 09:35 - 2014-11-24 12:06 - 00156360 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetFlt.sys
2015-01-14 01:50 - 2014-12-14 19:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 16:31 - 2014-11-23 02:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-11 14:24 - 2010-11-21 04:47 - 00237942 _____ () C:\WINDOWS\PFRO.log
2015-01-11 14:23 - 2014-12-16 02:35 - 00000000 ____D () C:\AdwCleaner
2015-01-11 13:25 - 2014-12-02 22:23 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-09 06:50 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-09 05:51 - 2014-12-15 02:33 - 00000000 ____D () C:\temp
2015-01-08 15:27 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-06 04:16 - 2014-11-23 02:33 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-06 03:20 - 2013-05-06 21:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-06 03:02 - 2013-08-22 13:40 - 00040664 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2015-01-03 17:52 - 2014-12-02 21:44 - 00002198 _____ () C:\WINDOWS\epplauncher.mif
2015-01-01 03:09 - 2013-09-06 13:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-01 02:11 - 2014-12-14 19:28 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-27 06:19 - 2014-12-14 06:09 - 00000000 ____D () C:\Users\s\AppData\Roaming\Skype
2014-12-27 06:12 - 2014-12-14 06:10 - 00000000 ____D () C:\Users\s\AppData\Roaming\TeamViewer
2014-12-26 23:33 - 2013-09-06 13:11 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-12-26 23:33 - 2013-09-06 13:11 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-12-26 23:33 - 2013-09-06 13:11 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-12-25 06:37 - 2009-07-14 06:08 - 00032566 _____ () C:\WINDOWS\Tasks\SCHEDLGU.TXT
2014-12-25 06:37 - 2009-07-14 05:45 - 00415280 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-25 05:38 - 2013-09-06 13:03 - 00001900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TGH App Center.lnk
2014-12-22 18:22 - 2014-12-02 01:02 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-19 16:04 - 2009-07-14 03:34 - 00000215 _____ () C:\WINDOWS\system.ini
2014-12-19 15:46 - 2014-04-15 22:18 - 00000372 _____ () C:\WINDOWS\SMSCFG.INI
2014-12-19 15:46 - 2014-04-15 22:18 - 00000000 ____D () C:\WINDOWS\ccmsetup
2014-12-19 15:46 - 2014-04-15 18:19 - 00001162 _____ () C:\WINDOWS\system32\InstallUtil.InstallLog
2014-12-19 15:46 - 2014-04-15 18:19 - 00000000 ____D () C:\WINDOWS\CCM
2014-12-19 15:44 - 2013-09-16 19:17 - 00000000 ____D () C:\WINDOWS\dwrcs
2014-12-19 15:40 - 2014-09-11 14:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\s\Desktop\autoruns.exe
2014-12-19 06:48 - 2014-12-02 21:20 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-12-18 01:03 - 2014-12-02 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-12-17 05:58 - 2014-11-23 02:30 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-17 05:58 - 2014-11-23 02:30 - 00000000 ____D () C:\ProgramData\Skype
2014-12-17 05:36 - 2014-12-07 12:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-17 01:53 - 2014-04-15 18:22 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-17 01:52 - 2014-04-15 18:22 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-12-17 01:44 - 2009-07-14 06:09 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 07:39
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by A at 2015-01-16 11:10:16
Running from C:\Users\A\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark 11 Demo (HKLM-x32\...\Steam App 221870) (Version:  - Futuremark)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
AGEIA PhysX v7.09.13 (HKLM-x32\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
BLOCKADE 3D (HKLM-x32\...\Steam App 302830) (Version:  - Shumkov Dmitriy)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.276 - Blue Coat Systems, Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Firewall (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
Craft The World (HKLM-x32\...\Steam App 248390) (Version:  - Dekovir Entertainment)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
DameWare Development Mirror Driver 64 Uninstall (HKLM\...\DamewareMirror) (Version:  - )
DameWare Mini Remote Control Service (HKLM\...\{385FED21-85D3-401E-8B8A-38140333FAC8}) (Version: 7.5.6.0 - DameWare Development)
DARK (HKLM-x32\...\Steam App 225360) (Version:  - Realmforge Studios)
Darkout (HKLM-x32\...\Steam App 257050) (Version:  - Allgraf)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Evernote v. 5.7.2 (HKLM-x32\...\{FB57263E-706F-11E4-A65F-00163E98E7D6}) (Version: 5.7.2.5753 - Evernote Corp.)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.9.8 - Telerik)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Futuremark SystemInfo (HKLM-x32\...\{EC2B7377-A71D-4F99-87BC-792AE239D3B2}) (Version: 4.31.478.0 - Futuremark)
GeekBuddy (HKLM\...\{8EE6F031-FD37-45A2-95CE-696777FC4EC6}) (Version: 4.13.120 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.11.2 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6499.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.24.1790 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.380 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.380 - Kaspersky Lab) Hidden
K-Lite Codec Pack 8.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.8.0 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.12.3.0 - LG Electronics)
Life is Feudal: Your Own (HKLM-x32\...\Steam App 290080) (Version:  - Bitbox Ltd.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MDOP MBAM (HKLM\...\{7B5ABC68-4641-4CEF-BD5B-E30407CF2B2C}) (Version: 2.0.5301.1 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MultiMon 2.50 (HKLM\...\MultiMon_is1) (Version:  - Resplendence Software Projects Sp.)
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
OpenVPN 2.3.6-I001  (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Reboot Restore Rx (HKLM\...\Shield) (Version: 2.0 - Horizon Datasys, Inc.)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shadowgrounds: Survivor (HKLM-x32\...\Steam App 11200) (Version:  - Frozenbyte)
Signs of Life (HKLM-x32\...\Steam App 263200) (Version:  - Sweet Dog Studios)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Towns (HKLM-x32\...\Steam App 221020) (Version:  - Xavi Canal, Ben Palgi)
Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.0.0 - VMware, Inc)
VMware Player (Version: 7.0.0 - VMware, Inc.) Hidden
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-2420948750-513993667-4212495904-1011\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2420948750-513993667-4212495904-1011_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-01-16 11:03 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {75F2E8EE-856E-41EE-833D-0ED1FDAC1A58} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {7B9009F5-C6F2-46A3-A8C1-73E4C85AFE65} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {907926D4-6370-47C9-A86B-45D31C26B1FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEE0516C-975B-4E61-9F7F-432E5318A7DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {EE264B96-C49C-484B-8DE4-2EBDBB244F9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {FC307AAC-3F71-4F09-9BCE-DB3040903B1D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-14 15:38 - 2015-01-14 15:38 - 00015896 ____N () C:\Program Files\Shield\shdservps.dll
2013-09-05 06:17 - 2013-09-05 06:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 20:23 - 2010-10-20 20:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-13 16:49 - 2014-12-13 16:49 - 00320792 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2014-11-20 18:44 - 2014-11-20 18:44 - 01299136 _____ () c:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-12-13 16:37 - 2014-12-13 16:37 - 00248832 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\webcore.dll
2014-12-13 16:37 - 2014-12-13 16:37 - 39896064 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2014-12-19 06:40 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-19 06:40 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-19 06:40 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-19 06:40 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-08 20:56 - 2013-12-09 23:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-05 06:14 - 2013-09-05 06:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 20:45 - 2010-10-20 20:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\e1cmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NicInstC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PROUnstl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdnclean64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SynCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SynTPAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SynTPCo19.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBoxNetFltNobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmnetbridge.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vnetinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01} - Copy.bat:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SynCom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SynTPCom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vmnat.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vmnetdhcp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\e1c62x64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rspmmfs64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynTP.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetFlt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmci.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnetadapter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnetbridge.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmusb.sys:$CmdTcID
AlternateDataStreams: C:\Users\A\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\A\Downloads\ProcessExplorer (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\A\Downloads\ProcessExplorer.zip:$CmdZnID
AlternateDataStreams: C:\Users\A\Downloads\sp60775.exe:$CmdTcID
AlternateDataStreams: C:\Users\Administrator\Downloads\Evernote_5.7.2.5753.exe:PG$Secure
AlternateDataStreams: C:\Users\Administrator\Downloads\TeamViewer_Setup.exe:PG$Secure
AlternateDataStreams: C:\Users\s\Desktop\Cameyo.exe:$CmdTcID
AlternateDataStreams: C:\Users\s\Desktop\Cameyo.exe:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\dds.com:$CmdTcID
AlternateDataStreams: C:\Users\s\Downloads\dds.com:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\HPSupportSolutionsFramework-en-11.51.0048.msi:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\Italy 2012.daa:$CmdZnID
AlternateDataStreams: C:\Users\s\Downloads\MiniToolBox.exe:$CmdTcID
AlternateDataStreams: C:\Users\s\Downloads\MiniToolBox.exe:$CmdZnID
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DcaTray => C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
 
========================= Accounts: ==========================
 
A (S-1-5-21-2420948750-513993667-4212495904-1011 - Administrator - Enabled) => C:\Users\A
Administrator (S-1-5-21-2420948750-513993667-4212495904-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2420948750-513993667-4212495904-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2420948750-513993667-4212495904-1015 - Limited - Enabled)
s (S-1-5-21-2420948750-513993667-4212495904-1013 - Limited - Enabled) => C:\Users\s
 
==================== Faulty Device Manager Devices =============
 
Name: adgnetworktdi
Description: adgnetworktdi
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: adgnetworktdi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/14/2015 01:29:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: guard32.dll_unloaded, version: 0.0.0.0, time stamp: 0x5486354b
Exception code: 0xc0000005
Fault offset: 0x72ea06e1
Faulting process id: 0x2fa8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (01/14/2015 00:08:57 PM) (Source: Software Protection Platform Service) (EventID: 1010) (User: )
Description: Acquisition of Rights Account Certificate failed. hr=0x80072EE2
 
Error: (01/14/2015 00:08:57 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE2
 
Error: (01/14/2015 00:25:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TreeSize.exe, version: 5.5.4.812, time stamp: 0x4f451737
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x735ecb49
Faulting process id: 0x1b24
Faulting application start time: 0xTreeSize.exe0
Faulting application path: TreeSize.exe1
Faulting module path: TreeSize.exe2
Report Id: TreeSize.exe3
 
Error: (01/14/2015 00:24:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TreeSize.exe, version: 5.5.4.812, time stamp: 0x4f451737
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x735ecb49
Faulting process id: 0x1f38
Faulting application start time: 0xTreeSize.exe0
Faulting application path: TreeSize.exe1
Faulting module path: TreeSize.exe2
Report Id: TreeSize.exe3
 
Error: (01/13/2015 05:04:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cis.exe, version: 8.0.0.4344, time stamp: 0x548639f0
Faulting module name: cis.exe, version: 8.0.0.4344, time stamp: 0x548639f0
Exception code: 0xc0000417
Fault offset: 0x000000000044caf4
Faulting process id: 0x1214
Faulting application start time: 0xcis.exe0
Faulting application path: cis.exe1
Faulting module path: cis.exe2
Report Id: cis.exe3
 
 
System errors:
=============
Error: (01/16/2015 11:03:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
adgnetworktdi
 
Error: (01/16/2015 10:35:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
adgnetworktdi
 
Error: (01/14/2015 00:17:37 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (01/14/2015 00:02:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (01/14/2015 11:23:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (01/14/2015 11:21:40 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (01/14/2015 11:20:03 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (01/14/2015 11:19:02 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (01/14/2015 11:18:01 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (01/14/2015 11:18:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/14/2015 01:29:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3guard32.dll_unloaded0.0.0.05486354bc000000572ea06e12fa801d02ff5c72c9f01C:\Program Files (x86)\Google\Chrome\Application\chrome.exeguard32.dll05212de4-9be9-11e4-b602-a0481cdf42a4
 
Error: (01/14/2015 00:08:57 PM) (Source: Software Protection Platform Service) (EventID: 1010) (User: )
Description: hr=0x80072EE29abf5984-9c16-46f2-ad1e-7fe15931a8dd
 
Error: (01/14/2015 00:08:57 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EE200010001(0x00000000, 12:08:34:104 - http://go.microsoft.com/fwlink/?LinkID=88339)
00020001(0x00000000, 12:08:34:107)
00030001(0x00000000, 12:08:34:117 - http://go.microsoft.com)
00030002(0x00000000, 12:08:34:117 - 0)
00040001(0x00000000, 12:08:34:117 - http://go.microsoft.com)
00040002(0x00000000, 12:08:34:134 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 12:08:36:704 - <NULL>)
00040006(0x00000000, 12:08:36:704 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 12:08:36:704 - 0)
00020007(0x80072EE2, 12:08:57:720)
00010002(0x80072EE2, 12:08:57:720 - <NULL>)
00010003(0x80072EE2, 12:08:57:720)
 
Error: (01/14/2015 00:25:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TreeSize.exe5.5.4.8124f451737unknown0.0.0.000000000c0000005735ecb491b2401d02f88226ecbfeC:\Users\s\AppData\Roaming\VOS\TreeSize Professional\%Program Files%\JAM Software\TreeSize Professional\TreeSize.exeunknown738578ed-9b7b-11e4-89d6-a0481cdf42a4
 
Error: (01/14/2015 00:24:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TreeSize.exe5.5.4.8124f451737unknown0.0.0.000000000c0000005735ecb491f3801d02f8807e35d3eC:\Users\s\AppData\Roaming\VOS\TreeSize Professional\%Program Files%\JAM Software\TreeSize Professional\TreeSize.exeunknown604e3716-9b7b-11e4-89d6-a0481cdf42a4
 
Error: (01/13/2015 05:04:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cis.exe8.0.0.4344548639f0cis.exe8.0.0.4344548639f0c0000417000000000044caf4121401d02ee5e074b8beC:\Program Files\COMODO\COMODO Internet Security\cis.exeC:\Program Files\COMODO\COMODO Internet Security\cis.exe46b297e8-9ad9-11e4-89d6-a0481cdf42a4
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-19 16:04:31.845
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-19 16:04:31.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3667U CPU @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 8055.45 MB
Available physical RAM: 4607.41 MB
Total Pagefile: 16109.09 MB
Available Pagefile: 12530.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:167.19 GB) (Free:44.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: B097F329)
Partition 1: (Not Active) - (Size=167.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=500 MB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
C:\AdwCleaner\Quarantine\C\Users\A\AppDAtA\RoAming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe.vir Win32/Toolbar.Montiera.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\A\AppDAtA\RoAming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe.vir Win32/Toolbar.Montiera.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\A\AppDAtA\RoAming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe.vir Win32/Toolbar.Montiera.E potentially unwanted application deleted - quarantined
C:\Users\s\Downloads\z\zafwSetupWeb_133_209_000.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\s\OneDrive\Projects\AutoIt\Autoit\DigitalChaos\v.5.0 - Win 7 x64\_Includes\ScanNetwork.exe VBS/VBSDownloader.A Constructor deleted - quarantined
 
 
 
Will test and see but none of these look like anything that could cause it

Essential Tools for safe computing

https://sites.google.com/site/dinodod/pc-standards

 

Please leave a comment on anything relative and help me expand on it.

 


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:54 PM

Posted 16 January 2015 - 08:08 AM

I'm waiting for your feedback. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 dinodod

dinodod
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 18 January 2015 - 08:51 AM

I'm sorry but my HD got corrupted and I ended up having to reformat my system.  

 

I'm now using VirtualBox with Zorin OS 9 to browse the web (Wanted to try Linux anyways) and Reboot Restore RX (Free) on my host system.  It's like Deepfreeze.  Just had to setup a second partition to store all my data onto so it wouldn't be frozen by the RR RX app.

 

Hopefully this will be enough for now to stopthe internet from breaking down my door :)  

 

I may never know what this virus was.  Oh well. 

 

Do you still offer a training program?  If so, can I get invited?  

 

Thanks!


Essential Tools for safe computing

https://sites.google.com/site/dinodod/pc-standards

 

Please leave a comment on anything relative and help me expand on it.

 


#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:54 PM

Posted 18 January 2015 - 09:22 AM

Hey,

Here is some information for you: http://www.bleepingcomputer.com/forums/t/532535/malware-removal-training-program/


 

Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:54 PM

Posted 22 January 2015 - 10:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users