Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Checking for malware after ransomware screen in browser.


  • This topic is locked This topic is locked
47 replies to this topic

#1 Bane88

Bane88

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 25 January 2015 - 03:44 AM

A few weeks ago a ransomware screen popped up in my browser similar to this (but I think it was an FBI/CIA one):

 

http://www.bleepingcomputer.com/virus-removal/remove-australian-communications-and-media-authority-ransomware
 

After exiting the browser and restarting the computer I've never seen it again and haven't had any other indications of malware.I am seeking help to check if my computer is actually infected with malware and, if it is, to remove it.

 

The only other thing to note about the computer is that it has a tendency to freeze occasionally when switching between tabs in browser.

 

It is a Medion Akoya E6214 laptop running Windows 7 Home Edition 32 bit.

 

Any help would be much appreciated.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Daniel (administrator) on DANIEL-LAPTOP on 25-01-2015 16:29:12
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available profiles: Daniel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-03] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-03-08] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [802136 2013-06-14] (BitTorrent Inc.)
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1929423053-4057178227-3398327298-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll No File
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2012-09-24]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-19]
FF Extension: DownThemAll! - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-05-18]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-10-14]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-10-26]

Chrome:
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S2 gupdate1caf31cbe210d3c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [602624 2010-03-30] (Hauppauge Computer Works) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-21] (B.H.A Corporation) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-01-18] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-18] (Elaborate Bytes AG)
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [12800 2013-02-06] (Marvell Semiconductor, Inc.)
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [13824 2013-02-06] (Marvell Semiconductor, Inc.)
R1 ISODisk; C:\Windows\system32\Drivers\ISODisk.sys [9600 2006-04-26] () [File not signed]
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-14] (DiBcom SA)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.) [File not signed]
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [582400 2010-03-31] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [136064 2010-03-31] (Hauppauge Computer Works, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\usbccid.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 16:29 - 2015-01-25 16:30 - 00018160 _____ () C:\Users\Daniel\Desktop\FRST.txt
2015-01-25 16:28 - 2015-01-25 16:29 - 00000000 ____D () C:\FRST
2015-01-25 15:02 - 2015-01-25 15:02 - 01120768 _____ (Farbar) C:\Users\Daniel\Desktop\FRST.exe
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBCD
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XBCD
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Program Files\XBCD
2015-01-18 19:46 - 2015-01-18 22:51 - 00000000 ____D () C:\Users\Daniel\Documents\NHL 2004
2015-01-18 19:45 - 2015-01-18 19:45 - 00001439 _____ () C:\Users\Public\Desktop\NHL 2004.lnk
2015-01-18 19:45 - 2015-01-18 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS
2015-01-18 19:43 - 2015-01-19 00:18 - 00000000 ____D () C:\NHL 2004
2015-01-18 19:43 - 2015-01-18 19:43 - 00000476 _____ () C:\Windows\eReg.dat
2015-01-18 18:21 - 2015-01-18 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-18 18:20 - 2015-01-18 19:40 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
2015-01-18 18:20 - 2015-01-18 18:20 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2015-01-18 18:20 - 2015-01-18 18:20 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-01-18 18:19 - 2015-01-18 19:41 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-18 16:57 - 2015-01-18 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISODisk
2015-01-18 16:57 - 2015-01-18 16:57 - 00000000 ____D () C:\Program Files\ISODisk
2015-01-18 16:57 - 2006-04-26 01:03 - 00009600 _____ () C:\Windows\system32\Drivers\ISODisk.sys
2015-01-18 00:20 - 2015-01-18 00:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 21:24 - 2014-12-19 13:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 21:24 - 2014-12-19 12:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 21:24 - 2014-12-12 16:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 21:24 - 2014-12-12 16:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 21:24 - 2014-12-12 04:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:24 - 2014-12-06 14:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:24 - 2012-10-04 03:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 21:24 - 2012-10-04 03:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-04 14:32 - 2015-01-04 14:32 - 00000000 ____D () C:\Users\Daniel\Spanish
2015-01-01 15:50 - 2015-01-01 15:53 - 15991384 _____ () C:\Users\Daniel\Desktop\best-of-2014-showreel.mp4
2014-12-31 19:41 - 2014-12-31 19:41 - 00000402 _____ () C:\Users\Daniel\Desktop\Nutrition question.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 16:30 - 2010-07-11 22:18 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\uTorrent
2015-01-25 16:10 - 2010-05-14 23:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 14:10 - 2010-05-14 23:41 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 12:33 - 2010-05-06 23:19 - 02013921 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 08:34 - 2009-07-14 15:39 - 00240944 _____ () C:\Windows\setupact.log
2015-01-24 23:24 - 2009-07-14 15:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 23:24 - 2009-07-14 15:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 23:17 - 2013-07-31 20:12 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-24 23:16 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 19:49 - 2014-03-14 08:59 - 00000000 ____D () C:\Users\Daniel\Training and Fitness
2015-01-24 18:59 - 2011-05-03 09:58 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-01-22 00:02 - 2010-03-06 04:09 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 23:59 - 2010-05-15 19:33 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc
2015-01-19 18:45 - 2012-04-26 11:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-18 23:16 - 2010-05-14 13:42 - 00000000 ____D () C:\Users\Daniel\Setup Files
2015-01-18 19:45 - 2011-03-24 03:55 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-16 20:52 - 2013-06-12 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-16 20:52 - 2013-06-12 08:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-15 09:33 - 2013-08-20 20:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 09:29 - 2010-03-06 06:12 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-04 14:34 - 2013-01-11 14:55 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Mp3tag
2015-01-04 14:33 - 2010-05-06 23:20 - 00000000 ____D () C:\Users\Daniel
2015-01-04 12:26 - 2010-06-18 01:58 - 00495616 ___SH () C:\Users\Daniel\Thumbs.db
2014-12-26 07:07 - 2012-08-16 14:08 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-26 07:07 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-12-26 07:07 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\registration
2014-12-26 07:07 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-26 06:30 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\LogFiles

==================== Files in the root of some directories =======

2011-12-07 23:19 - 2011-12-07 23:24 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-21 01:19 - 2013-06-21 01:19 - 0026900 _____ () C:\Users\Daniel\AppData\Local\dt.dat
2010-06-10 00:24 - 2010-10-15 08:05 - 0007631 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2011-07-22 06:27 - 2011-07-22 06:28 - 0000000 _____ () C:\Users\Daniel\AppData\Local\{30AD88CB-7A21-46D7-9333-379450294948}
2010-05-14 17:13 - 2010-06-16 19:07 - 0000041 ___SH () C:\ProgramData\.zreglib
2010-07-02 03:51 - 2013-10-01 03:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Files to move or delete:
====================
C:\Users\Daniel\delfile.bat
C:\Users\Daniel\delfle.bat


Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\temp\AutoRun.exe
C:\Users\Daniel\AppData\Local\temp\AutoRunGUI.dll
C:\Users\Daniel\AppData\Local\temp\bitool.dll
C:\Users\Daniel\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\temp\UNINSTALL.EXE
C:\Users\Daniel\AppData\Local\temp\vlc-2.0.7-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 01:19

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:40 AM

Posted 25 January 2015 - 02:14 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

What's with the Addition Log?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Bane88

Bane88
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 25 January 2015 - 10:44 PM

Sorry, I could've sworn I attached it. Here it is.

 

Thanks.

Attached Files



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:40 AM

Posted 26 January 2015 - 10:45 AM

Can you please post it directly into the thread. I can not open attachments on my system. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Bane88

Bane88
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 28 January 2015 - 05:36 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by Daniel at 2015-01-25 16:30:55
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Mythology: Extended Edition (HKLM\...\Steam App 266840) (Version:  - SkyBox Labs)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Codec (HKLM\...\{08EE3698-AAB9-4BAD-BDF4-0BE0A9157222}) (Version:  - ArcSoft)
ArcSoft Codec (HKLM\...\{EBACE371-46EC-49CD-87C6-8D8A649C2F28}) (Version:  - ArcSoft)
Aspect Calculator 2.1.0 (HKLM\...\Aspect 2_is1) (Version:  - pan@omni.lt)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.4257 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.0.8179 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloneCD (HKLM\...\CloneCD) (Version:  - SlySoft)
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2522 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2519.00 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DVDFab 8.1.5.9 (20/01/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
EA SPORTS online 2004 (HKLM\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version:  - )
e-tax 2010 (HKLM\...\{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}) (Version: 1.0.648 - DWS)
e-tax 2012 (HKLM\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
Exact Audio Copy 0.99pb5 (HKLM\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
Exercise Drawer (HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Exercise Drawer) (Version:  - Jiri Janak)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GtkRadiant 1.5.0 (HKLM\...\{EC2F741D-308C-42B4-BD04-9A4853F2E402}) (Version: 1.5.0 - Radiant Community)
HandBrake 0.9.5 (HKLM\...\HandBrake) (Version: 0.9.5 - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: 7.0.28130 - Hauppauge Computer Works)
Hauppauge WinTV Infrared Remote (HKLM\...\Hauppauge WinTV Infrared Remote) (Version: 2.66.28078 - Hauppauge Computer Works, Inc.)
Hockey Playbook 010 (HKLM\...\Hockey Playbook 010_is1) (Version:  - Jes-Soft)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2092 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
ISODisk 1.1 (HKLM\...\{BF731945-7AAD-45E3-A202-A60C9213915C}_is1) (Version:  - ISODisk.com)
iTunes (HKLM\...\{11E568E0-3244-4BCB-875E-F334269DFDCB}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager V1.5.0.8 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0.8 - Wistron Corp.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1318 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1318 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 35.0 (x86 en-GB)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.54 (HKLM\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NHL 2004 (HKLM\...\{4816702A-0879-4499-0085-ACFC0F65E811}) (Version:  - )
NirSoft VideoCacheView (HKLM\...\NirSoft VideoCacheView) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6057 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Shrink Pic (remove) (HKLM\...\Shrink Pic) (Version:  - )
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sports Tactics Board (HKLM\...\{E6CF8C3F-A533-4267-8B54-FE7E2FCF3686}) (Version: 0.2.1008.0 - Sports Tactics Board)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
streamCapture (HKLM\...\streamCapture) (Version: 0.3.3 - Ceicer IT)
StreamTransport version: 1.0.2.2041 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
URL Snooper v2.30.01 (HKLM\...\URLSnooper 2_is1) (Version:  - DonationCoder.com)
VideoCam Suite 2.0 (HKLM\...\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}) (Version: 2.00.043.1033 - Panasonic Corporation)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VUE 3.1.1 (HKLM\...\VUE) (Version: 3.1.1 - Tufts University)
WinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
X10 Hardware™ (HKLM\...\X10Hardware) (Version:  - )
XBCD 1.07 (HKLM\...\XBCD) (Version: 1.07 - Redcl0ud)
XMedia Recode version 3.1.2.5 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.2.5 - XMedia Recode)
YouTube Downloader 2.5.6 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - BienneSoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1929423053-4057178227-3398327298-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1929423053-4057178227-3398327298-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1929423053-4057178227-3398327298-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================

18-01-2015 18:20:41 Device Driver Package Install: DT Soft Ltd System devices

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2012-02-28 18:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {079BCC49-ADB0-4446-A37C-77AB947F934B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-23] (Piriform Ltd)
Task: {2DA26175-8A58-4768-AA86-290242C303B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {2FE216A9-19F4-4D13-9BC0-D82A11D7C11B} - System32\Tasks\{780DAD66-1159-4854-9F98-98D15BC44EF0} => pcalua.exe -a E:\setup.exe -d E:\
Task: {B16E445E-7200-441B-B73F-CEA2F3F42AC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {D3511F93-6F4B-4556-A0D6-5BA5266CBBDC} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {F9AAB6EE-A768-41A0-8D8F-1EA659700C01} - System32\Tasks\{F24B6FD5-D829-4BEB-A3B8-FB3A3009F0F6} => Firefox.exe http://ui.skype.com/ui/0/4.2.0.166.259/en/privacy?source=lightinstaller

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-19 04:27 - 2013-02-06 14:39 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\ZPP1319P.DLL
2012-02-20 22:29 - 2012-02-20 22:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 22:28 - 2012-02-20 22:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-02 02:38 - 2010-04-10 13:21 - 00022528 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2010-03-06 05:49 - 2010-02-10 22:34 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2010-03-06 04:34 - 2009-10-02 13:18 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-01-18 00:20 - 2015-01-18 00:20 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-16 20:52 - 2015-01-16 20:52 - 16844464 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\Daniel Clay - Child Protection Awareness Certificate.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Public\Daniel Clay - Child Protection Awareness Certificate.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\Daniel Clay - Transfer Form 2014.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Public\Daniel Clay - Transfer Form 2014.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Daniel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-1929423053-4057178227-3398327298-500 - Administrator - Disabled)
Daniel (S-1-5-21-1929423053-4057178227-3398327298-1000 - Administrator - Enabled) => C:\Users\Daniel
Guest (S-1-5-21-1929423053-4057178227-3398327298-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1929423053-4057178227-3398327298-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 10:45:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NHL2004.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 175c

Start Time: 01d03313fd8a1024

Termination Time: 1597

Application Path: C:\NHL 2004\NHL2004.exe

Report Id:

Error: (01/18/2015 10:42:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NHL2004.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d3c

Start Time: 01d03313a01cbf7d

Termination Time: 1634

Application Path: C:\NHL 2004\NHL2004.exe

Report Id:

Error: (01/18/2015 10:39:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NHL2004.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d4

Start Time: 01d033132509bd83

Termination Time: 1643

Application Path: C:\NHL 2004\NHL2004.exe

Report Id:

Error: (01/18/2015 10:27:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NHL2004.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 938

Start Time: 01d0331170dd8c1a

Termination Time: 1561

Application Path: C:\NHL 2004\NHL2004.exe

Report Id:

Error: (01/18/2015 10:20:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NHL2004.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1360

Start Time: 01d033106be4b9a3

Termination Time: 1639

Application Path: C:\NHL 2004\NHL2004.exe

Report Id:

Error: (01/18/2015 10:11:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nhl2004.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6d8

Start Time: 01d0330ee2e70420

Termination Time: 1594

Application Path: C:\NHL 2004\nhl2004.exe

Report Id:

Error: (01/04/2015 04:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(ac:3c:0b:87:3c:70@fe80::ae3c:bff:fe87:3c70._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/03/2015 08:16:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 464: DNSServiceBrowse           _apple-mobdev._tcp.local.

Error: (01/03/2015 08:16:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 464: Client unresponsive; aborting connection

Error: (01/03/2015 08:16:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 464: Could not write data to client after 600 seconds, 7 replies waiting


System errors:
=============
Error: (01/24/2015 11:51:46 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/24/2015 11:18:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/23/2015 09:20:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/23/2015 02:19:24 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/23/2015 02:15:21 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/22/2015 07:43:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/22/2015 07:43:07 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.

Error: (01/22/2015 08:15:04 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/22/2015 08:13:03 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/21/2015 07:46:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (01/18/2015 10:45:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NHL2004.exe0.0.0.0175c01d03313fd8a10241597C:\NHL 2004\NHL2004.exe

Error: (01/18/2015 10:42:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NHL2004.exe0.0.0.0d3c01d03313a01cbf7d1634C:\NHL 2004\NHL2004.exe

Error: (01/18/2015 10:39:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NHL2004.exe0.0.0.015d401d033132509bd831643C:\NHL 2004\NHL2004.exe

Error: (01/18/2015 10:27:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NHL2004.exe0.0.0.093801d0331170dd8c1a1561C:\NHL 2004\NHL2004.exe

Error: (01/18/2015 10:20:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NHL2004.exe0.0.0.0136001d033106be4b9a31639C:\NHL 2004\NHL2004.exe

Error: (01/18/2015 10:11:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nhl2004.exe0.0.0.06d801d0330ee2e704201594C:\NHL 2004\nhl2004.exe

Error: (01/04/2015 04:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(ac:3c:0b:87:3c:70@fe80::ae3c:bff:fe87:3c70._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (01/03/2015 08:16:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 464: DNSServiceBrowse           _apple-mobdev._tcp.local.

Error: (01/03/2015 08:16:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 464: Client unresponsive; aborting connection

Error: (01/03/2015 08:16:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 464: Could not write data to client after 600 seconds, 7 replies waiting


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 69%
Total physical RAM: 3510.6 MB
Available physical RAM: 1055.85 MB
Total Pagefile: 7019.49 MB
Available Pagefile: 3953.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.68 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:58.96 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:28.99 GB) NTFS
Drive f: (NHL 2004 DISC 2) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 71F1EB2B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:40 AM

Posted 28 January 2015 - 10:36 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:40 AM

Posted 02 February 2015 - 03:22 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:40 AM

Posted 03 February 2015 - 07:58 AM

User returned. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Bane88

Bane88
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 03 February 2015 - 04:56 PM

Thanks for re-opening the thread.

 

Adware Log

 

# AdwCleaner v4.109 - Report created 03/02/2015 at 07:05:19
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Daniel - DANIEL-LAPTOP
# Running from : C:\Users\Daniel\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
File Deleted : C:\Users\Daniel\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-GB)

[a02ypaz2.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [2301 octets] - [02/02/2015 23:11:08]
AdwCleaner[S0].txt - [2263 octets] - [03/02/2015 07:05:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2323 octets] ##########
 

 

 

 

 

MBAM LOG

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/02/2015
Scan Time: 8:57:56 PM
Logfile: MBAM Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.03.03
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Daniel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362295
Time Elapsed: 30 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Somoto, C:\Users\Daniel\AppData\Local\temp\nsxF97F.tmp, No Action By User, [79d831c66a1fa39322d54fc9ff064db3],
PUP.Optional.Somoto, C:\Users\Daniel\AppData\Local\temp\bitool.dll, No Action By User, [183931c68504bd7940cacaf35fa3f30d],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

JRT LOG

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by Daniel on Wed 04/02/2015 at  8:02:40.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\a02ypaz2.default\minidumps [164 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/02/2015 at  8:04:16.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

FRST Log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Daniel (administrator) on DANIEL-LAPTOP on 04-02-2015 08:07:10
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available profiles: Daniel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS

Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-

farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The

file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer

\HauppaugeTVServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine

Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service

\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared

\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage

Technology\IAStorDataMgrSvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy

\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared

\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine

Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage

Technology\IAStorIcon.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update

\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM

\1.0\AdobeARM.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(BitTorrent Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF

\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcfgex.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be

restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid

Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe

[200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe

[348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA

\RtHDVCpl.exe [8522272 2010-03-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

[678432 2010-03-03] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files

\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe

[2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[1594664 2010-03-08] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple

Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe

[152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java

\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM

\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014

-02-06] (Geek Software GmbH)
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Run: [uTorrent] =>

C:\Program Files\uTorrent\uTorrent.exe [802136 2013-06-14] (BitTorrent

Inc.)
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Run: [DAEMON Tools

Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-

04] (Disc Soft Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync

/restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will

be removed or restored to default.)

HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\SOFTWARE\Policies

\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft

\Internet Explorer\Main,Search Page =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft

\Internet Explorer\Main,Start Page = http://www.aldi.com
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft

\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:

\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} ->

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking

Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

-> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-

5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-

9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle

Corporation)
Toolbar: HKU\S-1-5-21-1929423053-4057178227-3398327298-1000 -> No Name -

{21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}

http://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program

Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft

Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program

Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft

Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program

Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [

]
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple

Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles

\a02ypaz2.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash

\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes

\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java

\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java

\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft

Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files

\Microsoft\Office Live\npOLW.dll No File
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files

\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files

\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files

\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN

\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR

\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins

\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins

\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins

\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins

\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins

\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins

\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins

\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins

\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins

\npqtplugin7.dll (Apple Inc.)
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Daniel

\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\Extensions

\bytubed@cs213.cse.iitk.ac.in [2012-09-24]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla

\Firefox\Profiles\a02ypaz2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-

2b9879e08c5d}.xpi [2014-07-19]
FF Extension: DownThemAll! - C:\Users\Daniel\AppData\Roaming\Mozilla

\Firefox\Profiles\a02ypaz2.default\Extensions\{DDC359D1-844A-42a7-9AA1-

88A850A938A8}.xpi [2011-05-18]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] -

C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4

[2011-10-14]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] -

C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox

\DoNotTrack [2012-10-26]

Chrome:
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from

the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856

2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14]

(AVG Technologies CZ, s.r.o.)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A

Corporation)
S2 gupdate1caf31cbe210d3c; C:\Program Files\Google\Update\GoogleUpdate.exe

[107912 2014-10-21] (Google Inc.)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer

\HauppaugeTVServer.exe [602624 2010-03-30] (Hauppauge Computer Works)

[File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not

signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe

[244904 2010-02-10] () [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

[1153368 2009-01-26] (Safer Networking Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek

America Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05

-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10

-22] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480

2009-11-07] (X10) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%

\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from

the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176

2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144

2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19]

(AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12

-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08]

(AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23]

(AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31]

(AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11]

(AVG Technologies CZ, s.r.o.)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-21]

(B.H.A Corporation) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-

01-18] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16]

(SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-18]

(Elaborate Bytes AG)
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [12800 2013-02-06]

(Marvell Semiconductor, Inc.)
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [13824 2013-02-06]

(Marvell Semiconductor, Inc.)
R1 ISODisk; C:\Windows\system32\Drivers\ISODisk.sys [9600 2006-04-26] ()

[File not signed]
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-14]

(DiBcom SA)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE

Technologies, Inc.)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27]

(Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02]

(Syntek America Inc.) [File not signed]
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [582400 2010-03-31]

(eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [136064 2010-03-31]

(Hauppauge Computer Works, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10

Wireless Technology, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14]

(Microsoft Corporation)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10

Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft

Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\usbccid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the

registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 08:06 - 2015-02-04 08:06 - 00000000 ____D () C:\Users\Daniel

\Desktop\FRST-OlderVersion
2015-02-04 08:04 - 2015-02-04 08:04 - 00001059 _____ () C:\Users\Daniel

\Desktop\JRT.txt
2015-02-03 21:55 - 2015-02-03 21:55 - 01388274 _____ (Thisisu) C:\Users

\Daniel\Desktop\JRT.exe
2015-02-02 23:10 - 2015-02-03 07:05 - 00000000 ____D () C:\AdwCleaner
2015-02-02 23:03 - 2015-02-02 23:04 - 02194432 _____ () C:\Users\Daniel

\Desktop\AdwCleaner.exe
2015-01-27 19:41 - 2015-01-27 19:41 - 00000000 ____D () C:\Program Files

\Mozilla Firefox
2015-01-25 16:30 - 2015-01-25 16:31 - 00029284 _____ () C:\Users\Daniel

\Desktop\Addition.txt
2015-01-25 16:29 - 2015-02-04 08:07 - 00017052 _____ () C:\Users\Daniel

\Desktop\FRST.txt
2015-01-25 16:28 - 2015-02-04 08:07 - 00000000 ____D () C:\FRST
2015-01-25 15:02 - 2015-02-04 08:06 - 01122304 _____ (Farbar) C:\Users

\Daniel\Desktop\FRST.exe
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Users\Daniel

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBCD
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\XBCD
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Program Files

\XBCD
2015-01-18 19:46 - 2015-01-18 22:51 - 00000000 ____D () C:\Users\Daniel

\Documents\NHL 2004
2015-01-18 19:45 - 2015-01-18 19:45 - 00001439 _____ () C:\Users\Public

\Desktop\NHL 2004.lnk
2015-01-18 19:45 - 2015-01-18 19:45 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\EA SPORTS
2015-01-18 19:43 - 2015-01-19 00:18 - 00000000 ____D () C:\NHL 2004
2015-01-18 19:43 - 2015-01-18 19:43 - 00000476 _____ () C:\Windows

\eReg.dat
2015-01-18 18:21 - 2015-01-18 19:19 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-18 18:20 - 2015-01-18 19:40 - 00000000 ____D () C:\Users\Daniel

\AppData\Roaming\DAEMON Tools Lite
2015-01-18 18:20 - 2015-01-18 18:20 - 00243128 _____ (Disc Soft Ltd) C:

\Windows\system32\Drivers\dtsoftbus01.sys
2015-01-18 18:20 - 2015-01-18 18:20 - 00000000 ____D () C:\Program Files

\DAEMON Tools Lite
2015-01-18 18:19 - 2015-01-18 19:41 - 00000000 ____D () C:\ProgramData

\DAEMON Tools Lite
2015-01-18 16:57 - 2015-01-18 16:57 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\ISODisk
2015-01-18 16:57 - 2015-01-18 16:57 - 00000000 ____D () C:\Program Files

\ISODisk
2015-01-18 16:57 - 2006-04-26 01:03 - 00009600 _____ () C:\Windows

\system32\Drivers\ISODisk.sys
2015-01-14 21:24 - 2014-12-19 13:43 - 00164864 _____ (Microsoft

Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 21:24 - 2014-12-19 12:34 - 00116224 _____ (Microsoft

Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 21:24 - 2014-12-12 16:11 - 03971512 _____ (Microsoft

Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 21:24 - 2014-12-12 16:11 - 03916728 _____ (Microsoft

Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 21:24 - 2014-12-12 04:47 - 00046592 _____ (Microsoft

Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:24 - 2014-12-06 14:50 - 00242688 _____ (Microsoft

Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:24 - 2012-10-04 03:42 - 00156672 _____ (Microsoft

Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 21:24 - 2012-10-04 03:42 - 00052224 _____ (Microsoft

Corporation) C:\Windows\system32\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 08:04 - 2010-07-11 22:18 - 00000000 ____D () C:\Users\Daniel

\AppData\Roaming\uTorrent
2015-02-04 07:18 - 2010-05-14 23:41 - 00000882 _____ () C:\Windows\Tasks

\GoogleUpdateTaskMachineCore.job
2015-02-04 07:10 - 2010-05-14 23:41 - 00000886 _____ () C:\Windows\Tasks

\GoogleUpdateTaskMachineUA.job
2015-02-04 00:08 - 2009-07-14 15:34 - 00010096 ____H () C:\Windows

\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-

8115-601632D005A0
2015-02-04 00:08 - 2009-07-14 15:34 - 00010096 ____H () C:\Windows

\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-

8115-601632D005A0
2015-02-04 00:04 - 2010-05-06 23:19 - 01259526 _____ () C:\Windows

\WindowsUpdate.log
2015-02-04 00:01 - 2013-07-31 20:12 - 00000440 _____ () C:\Windows

\system32\Drivers\etc\hosts.ics
2015-02-04 00:01 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks

\SA.DAT
2015-02-04 00:01 - 2009-07-14 15:39 - 00241616 _____ () C:\Windows

\setupact.log
2015-02-03 20:57 - 2014-12-25 13:10 - 00114904 _____ (Malwarebytes

Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 19:37 - 2011-05-03 09:58 - 00000000 ____D () C:\Windows

\system32\Drivers\AVG
2015-02-03 07:06 - 2010-03-06 06:23 - 00104448 _____ () C:\Windows

\PFRO.log
2015-02-02 07:51 - 2010-05-14 23:37 - 00000000 ____D () C:\Users\Daniel

\AppData\Roaming\Skype
2015-02-01 23:44 - 2014-09-27 14:56 - 00000000 ___RD () C:\Program Files

\Skype
2015-02-01 23:44 - 2010-05-14 15:19 - 00000000 ____D () C:\ProgramData

\Skype
2015-01-31 20:46 - 2013-06-12 08:14 - 00701616 _____ (Adobe Systems

Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-31 20:46 - 2013-06-12 08:14 - 00071344 _____ (Adobe Systems

Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-30 22:03 - 2012-04-26 11:38 - 00000000 ____D () C:\Program Files

\Mozilla Maintenance Service
2015-01-24 19:49 - 2014-03-14 08:59 - 00000000 ____D () C:\Users\Daniel

\Training and Fitness
2015-01-22 00:02 - 2010-03-06 04:09 - 00726444 _____ () C:\Windows

\system32\PerfStringBackup.INI
2015-01-21 23:59 - 2010-05-15 19:33 - 00000000 ____D () C:\Users\Daniel

\AppData\Roaming\vlc
2015-01-18 23:16 - 2010-05-14 13:42 - 00000000 ____D () C:\Users\Daniel

\Setup Files
2015-01-18 19:45 - 2011-03-24 03:55 - 00000000 ____D () C:\Users\Daniel

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-15 09:33 - 2013-08-20 20:05 - 00000000 ____D () C:\Windows

\system32\MRT
2015-01-15 09:29 - 2010-03-06 06:12 - 110348472 _____ (Microsoft

Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-07 23:19 - 2011-12-07 23:24 - 0003584 _____ () C:\Users\Daniel

\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-21 01:19 - 2013-06-21 01:19 - 0026900 _____ () C:\Users\Daniel

\AppData\Local\dt.dat
2010-06-10 00:24 - 2010-10-15 08:05 - 0007631 _____ () C:\Users\Daniel

\AppData\Local\Resmon.ResmonCfg
2011-07-22 06:27 - 2011-07-22 06:28 - 0000000 _____ () C:\Users\Daniel

\AppData\Local\{30AD88CB-7A21-46D7-9333-379450294948}
2010-05-14 17:13 - 2010-06-16 19:07 - 0000041 ___SH () C:\ProgramData

\.zreglib
2010-07-02 03:51 - 2013-10-01 03:34 - 0000952 ___SH () C:\ProgramData

\KGyGaAvL.sys

Files to move or delete:
====================
C:\Users\Daniel\delfile.bat
C:\Users\Daniel\delfle.bat


Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\temp\AutoRun.exe
C:\Users\Daniel\AppData\Local\temp\AutoRunGUI.dll
C:\Users\Daniel\AppData\Local\temp\bitool.dll
C:\Users\Daniel\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\temp\Quarantine.exe
C:\Users\Daniel\AppData\Local\temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\temp\sqlite3.dll
C:\Users\Daniel\AppData\Local\temp\vlc-2.0.7-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:03

==================== End Of Log ============================



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:40 AM

Posted 04 February 2015 - 10:31 AM

Hey, :)

Can you please repost FRST because it is unreadable currently. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Bane88

Bane88
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 05 February 2015 - 03:43 PM

Sorry about that.

 

Here it is.

 

 

FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Daniel (administrator) on DANIEL-LAPTOP on 04-02-2015 08:07:10
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available profiles: Daniel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(BitTorrent Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcfgex.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-03] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-03-08] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [802136 2013-06-14] (BitTorrent Inc.)
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1929423053-4057178227-3398327298-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll No File
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2012-09-24]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-19]
FF Extension: DownThemAll! - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-05-18]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-10-14]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-10-26]

Chrome:
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S2 gupdate1caf31cbe210d3c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [602624 2010-03-30] (Hauppauge Computer Works) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-21] (B.H.A Corporation) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-01-18] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-18] (Elaborate Bytes AG)
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [12800 2013-02-06] (Marvell Semiconductor, Inc.)
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [13824 2013-02-06] (Marvell Semiconductor, Inc.)
R1 ISODisk; C:\Windows\system32\Drivers\ISODisk.sys [9600 2006-04-26] () [File not signed]
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-14] (DiBcom SA)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.) [File not signed]
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [582400 2010-03-31] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [136064 2010-03-31] (Hauppauge Computer Works, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\usbccid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 08:06 - 2015-02-04 08:06 - 00000000 ____D () C:\Users\Daniel\Desktop\FRST-OlderVersion
2015-02-04 08:04 - 2015-02-04 08:04 - 00001059 _____ () C:\Users\Daniel\Desktop\JRT.txt
2015-02-03 21:55 - 2015-02-03 21:55 - 01388274 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2015-02-02 23:10 - 2015-02-03 07:05 - 00000000 ____D () C:\AdwCleaner
2015-02-02 23:03 - 2015-02-02 23:04 - 02194432 _____ () C:\Users\Daniel\Desktop\AdwCleaner.exe
2015-01-27 19:41 - 2015-01-27 19:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 16:30 - 2015-01-25 16:31 - 00029284 _____ () C:\Users\Daniel\Desktop\Addition.txt
2015-01-25 16:29 - 2015-02-04 08:07 - 00017052 _____ () C:\Users\Daniel\Desktop\FRST.txt
2015-01-25 16:28 - 2015-02-04 08:07 - 00000000 ____D () C:\FRST
2015-01-25 15:02 - 2015-02-04 08:06 - 01122304 _____ (Farbar) C:\Users\Daniel\Desktop\FRST.exe
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBCD
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XBCD
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Program Files\XBCD
2015-01-18 19:46 - 2015-01-18 22:51 - 00000000 ____D () C:\Users\Daniel\Documents\NHL 2004
2015-01-18 19:45 - 2015-01-18 19:45 - 00001439 _____ () C:\Users\Public\Desktop\NHL 2004.lnk
2015-01-18 19:45 - 2015-01-18 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS
2015-01-18 19:43 - 2015-01-19 00:18 - 00000000 ____D () C:\NHL 2004
2015-01-18 19:43 - 2015-01-18 19:43 - 00000476 _____ () C:\Windows\eReg.dat
2015-01-18 18:21 - 2015-01-18 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-18 18:20 - 2015-01-18 19:40 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
2015-01-18 18:20 - 2015-01-18 18:20 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2015-01-18 18:20 - 2015-01-18 18:20 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-01-18 18:19 - 2015-01-18 19:41 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-18 16:57 - 2015-01-18 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISODisk
2015-01-18 16:57 - 2015-01-18 16:57 - 00000000 ____D () C:\Program Files\ISODisk
2015-01-18 16:57 - 2006-04-26 01:03 - 00009600 _____ () C:\Windows\system32\Drivers\ISODisk.sys
2015-01-14 21:24 - 2014-12-19 13:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 21:24 - 2014-12-19 12:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 21:24 - 2014-12-12 16:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 21:24 - 2014-12-12 16:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 21:24 - 2014-12-12 04:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:24 - 2014-12-06 14:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:24 - 2012-10-04 03:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 21:24 - 2012-10-04 03:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 08:04 - 2010-07-11 22:18 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\uTorrent
2015-02-04 07:18 - 2010-05-14 23:41 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 07:10 - 2010-05-14 23:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 00:08 - 2009-07-14 15:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 00:08 - 2009-07-14 15:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 00:04 - 2010-05-06 23:19 - 01259526 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 00:01 - 2013-07-31 20:12 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-04 00:01 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 00:01 - 2009-07-14 15:39 - 00241616 _____ () C:\Windows\setupact.log
2015-02-03 20:57 - 2014-12-25 13:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 19:37 - 2011-05-03 09:58 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-02-03 07:06 - 2010-03-06 06:23 - 00104448 _____ () C:\Windows\PFRO.log
2015-02-02 07:51 - 2010-05-14 23:37 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Skype
2015-02-01 23:44 - 2014-09-27 14:56 - 00000000 ___RD () C:\Program Files\Skype
2015-02-01 23:44 - 2010-05-14 15:19 - 00000000 ____D () C:\ProgramData\Skype
2015-01-31 20:46 - 2013-06-12 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-31 20:46 - 2013-06-12 08:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-30 22:03 - 2012-04-26 11:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-24 19:49 - 2014-03-14 08:59 - 00000000 ____D () C:\Users\Daniel\Training and Fitness
2015-01-22 00:02 - 2010-03-06 04:09 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 23:59 - 2010-05-15 19:33 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc
2015-01-18 23:16 - 2010-05-14 13:42 - 00000000 ____D () C:\Users\Daniel\Setup Files
2015-01-18 19:45 - 2011-03-24 03:55 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-15 09:33 - 2013-08-20 20:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 09:29 - 2010-03-06 06:12 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-07 23:19 - 2011-12-07 23:24 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-21 01:19 - 2013-06-21 01:19 - 0026900 _____ () C:\Users\Daniel\AppData\Local\dt.dat
2010-06-10 00:24 - 2010-10-15 08:05 - 0007631 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2011-07-22 06:27 - 2011-07-22 06:28 - 0000000 _____ () C:\Users\Daniel\AppData\Local\{30AD88CB-7A21-46D7-9333-379450294948}
2010-05-14 17:13 - 2010-06-16 19:07 - 0000041 ___SH () C:\ProgramData\.zreglib
2010-07-02 03:51 - 2013-10-01 03:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Files to move or delete:
====================
C:\Users\Daniel\delfile.bat
C:\Users\Daniel\delfle.bat


Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\temp\AutoRun.exe
C:\Users\Daniel\AppData\Local\temp\AutoRunGUI.dll
C:\Users\Daniel\AppData\Local\temp\bitool.dll
C:\Users\Daniel\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\temp\Quarantine.exe
C:\Users\Daniel\AppData\Local\temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\temp\sqlite3.dll
C:\Users\Daniel\AppData\Local\temp\vlc-2.0.7-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:03

==================== End Of Log ============================



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:40 AM

Posted 06 February 2015 - 08:25 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-1929423053-4057178227-3398327298-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll No File
    C:\Users\Daniel\delfile.bat
    C:\Users\Daniel\delfle.bat
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Bane88

Bane88
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 08 February 2015 - 03:53 PM

Thanks for your help.

 

Computer is running as normal. The only thing to note is that it sometimes it hangs when I try and switch tabs in Firefox and I need to switch tabs again for it to unhang. Also it just hangs more frequently than it used to. Both of these started a few months ago but I have no idea if it is malware related or not.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Daniel (administrator) on DANIEL-LAPTOP on 08-02-2015 23:02:09
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available profiles: Daniel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-

farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file

will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696

2009-10-02] (Intel Corporation)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-03] (Realtek

Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-03] (Realtek

Semiconductor)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

/runcleanupscript
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ,

s.r.o.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-03-08] (Synaptics

Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720

2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-

07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05]

(Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Run: [uTorrent] => C:\Program Files\uTorrent

\uTorrent.exe [802136 2013-06-14] (BitTorrent Inc.)
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON

Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?

prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?

prd=ie&ar=msnhome
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.aldi.com
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer

\Main,Default_Secondary_Page_URL = http://medion.msn.com
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files\AVG\AVG2012\avgdtiex.dll

(AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin

\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin

\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG

Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger

\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger

\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

(Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

(Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle

Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll (

Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

(Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update

\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update

\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox

\Profiles\a02ypaz2.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2012-09-24]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default

\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-19]
FF Extension: DownThemAll! - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default

\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-05-18]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG

\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-10-14]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG

\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-10-26]

Chrome:
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be

moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S2 gupdate1caf31cbe210d3c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [602624 2010-03-30] (Hauppauge

Computer Works) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04]

(Macrovision Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer

Networking Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be

moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o.

)
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o.

)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-21] (B.H.A Corporation) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-01-18] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-18] (Elaborate Bytes AG)
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [12800 2013-02-06] (Marvell Semiconductor, Inc.)
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [13824 2013-02-06] (Marvell Semiconductor, Inc.)
R1 ISODisk; C:\Windows\system32\Drivers\ISODisk.sys [9600 2006-04-26] () [File not signed]
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-14] (DiBcom SA)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.) [File not

signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.) [File not signed]
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [582400 2010-03-31] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [136064 2010-03-31] (Hauppauge Computer Works, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\usbccid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be

listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 08:06 - 2015-02-08 16:53 - 00000000 ____D () C:\Users\Daniel\Desktop\FRST-OlderVersion
2015-02-04 08:04 - 2015-02-04 08:04 - 00001059 _____ () C:\Users\Daniel\Desktop\JRT.txt
2015-02-03 21:55 - 2015-02-03 21:55 - 01388274 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2015-02-02 23:10 - 2015-02-03 07:05 - 00000000 ____D () C:\AdwCleaner
2015-02-02 23:03 - 2015-02-02 23:04 - 02194432 _____ () C:\Users\Daniel\Desktop\AdwCleaner.exe
2015-01-27 19:41 - 2015-01-27 19:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 16:30 - 2015-01-25 16:31 - 00029284 _____ () C:\Users\Daniel\Desktop\Addition.txt
2015-01-25 16:29 - 2015-02-08 23:02 - 00016621 _____ () C:\Users\Daniel\Desktop\FRST.txt
2015-01-25 16:28 - 2015-02-08 23:02 - 00000000 ____D () C:\FRST
2015-01-25 15:02 - 2015-02-08 16:53 - 01124352 _____ (Farbar) C:\Users\Daniel\Desktop\FRST.exe
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\XBCD
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\XBCD
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Program Files\XBCD
2015-01-18 19:46 - 2015-01-18 22:51 - 00000000 ____D () C:\Users\Daniel\Documents\NHL 2004
2015-01-18 19:45 - 2015-01-18 19:45 - 00001439 _____ () C:\Users\Public\Desktop\NHL 2004.lnk
2015-01-18 19:45 - 2015-01-18 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA

SPORTS
2015-01-18 19:43 - 2015-01-19 00:18 - 00000000 ____D () C:\NHL 2004
2015-01-18 19:43 - 2015-01-18 19:43 - 00000476 _____ () C:\Windows\eReg.dat
2015-01-18 18:21 - 2015-01-18 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\DAEMON Tools Lite
2015-01-18 18:20 - 2015-01-18 19:40 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
2015-01-18 18:20 - 2015-01-18 18:20 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers

\dtsoftbus01.sys
2015-01-18 18:20 - 2015-01-18 18:20 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-01-18 18:19 - 2015-01-18 19:41 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-18 16:57 - 2015-01-18 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\ISODisk
2015-01-18 16:57 - 2015-01-18 16:57 - 00000000 ____D () C:\Program Files\ISODisk
2015-01-18 16:57 - 2006-04-26 01:03 - 00009600 _____ () C:\Windows\system32\Drivers\ISODisk.sys
2015-01-14 21:24 - 2014-12-19 13:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 21:24 - 2014-12-19 12:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\mrxdav.sys
2015-01-14 21:24 - 2014-12-12 16:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 21:24 - 2014-12-12 16:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 21:24 - 2014-12-12 04:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:24 - 2014-12-06 14:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:24 - 2012-10-04 03:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 21:24 - 2012-10-04 03:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 23:00 - 2010-07-11 22:18 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\uTorrent
2015-02-08 22:18 - 2010-05-14 23:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 20:29 - 2009-07-14 15:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-

9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 20:29 - 2009-07-14 15:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-

9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 20:25 - 2011-05-03 09:58 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-02-08 20:21 - 2013-07-31 20:12 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-08 20:21 - 2010-05-14 23:41 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 20:20 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 20:20 - 2009-07-14 15:39 - 00242008 _____ () C:\Windows\setupact.log
2015-02-08 17:13 - 2010-05-06 23:19 - 01417890 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 16:54 - 2010-05-06 23:20 - 00000000 ____D () C:\Users\Daniel
2015-02-07 15:17 - 2013-06-12 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows

\system32\FlashPlayerApp.exe
2015-02-07 15:17 - 2013-06-12 08:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows

\system32\FlashPlayerCPLApp.cpl
2015-02-06 08:02 - 2014-03-14 08:59 - 00000000 ____D () C:\Users\Daniel\Training and Fitness
2015-02-03 20:57 - 2014-12-25 13:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\MBAMSwissArmy.sys
2015-02-03 07:06 - 2010-03-06 06:23 - 00104448 _____ () C:\Windows\PFRO.log
2015-02-02 07:51 - 2010-05-14 23:37 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Skype
2015-02-01 23:44 - 2014-09-27 14:56 - 00000000 ___RD () C:\Program Files\Skype
2015-02-01 23:44 - 2010-05-14 15:19 - 00000000 ____D () C:\ProgramData\Skype
2015-01-30 22:03 - 2012-04-26 11:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-22 00:02 - 2010-03-06 04:09 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 23:59 - 2010-05-15 19:33 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc
2015-01-18 23:16 - 2010-05-14 13:42 - 00000000 ____D () C:\Users\Daniel\Setup Files
2015-01-18 19:45 - 2011-03-24 03:55 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Games
2015-01-15 09:33 - 2013-08-20 20:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 09:29 - 2010-03-06 06:12 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-07 23:19 - 2011-12-07 23:24 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-

E0D61DEA3FDF.ini
2013-06-21 01:19 - 2013-06-21 01:19 - 0026900 _____ () C:\Users\Daniel\AppData\Local\dt.dat
2010-06-10 00:24 - 2010-10-15 08:05 - 0007631 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2011-07-22 06:27 - 2011-07-22 06:28 - 0000000 _____ () C:\Users\Daniel\AppData\Local\{30AD88CB-7A21-46D7-9333-

379450294948}
2010-05-14 17:13 - 2010-06-16 19:07 - 0000041 ___SH () C:\ProgramData\.zreglib
2010-07-02 03:51 - 2013-10-01 03:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:03

==================== End Of Log ============================

 

 

 

 

 

ESET LOG

 

 

 

 

C:\Users\Daniel\Setup Files\Daemon Tools\DTLite4491-0356.exe    Win32/DownWare.L potentially unwanted application    deleted - quarantined
C:\Users\Daniel\Setup Files\Youtube Downloader\YouTubeDownloaderSetup256.exe    a variant of Win32/Toolbar.Widgi potentially unwanted application    deleted - quarantined
 



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:40 AM

Posted 08 February 2015 - 04:02 PM

The FRST Log is unreadable. Can you please repost it? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Bane88

Bane88
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 09 February 2015 - 04:44 AM

Sorry again. I turned off word wrap before copying this time. Hope this is better.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Daniel (administrator) on DANIEL-LAPTOP on 08-02-2015 23:02:09
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available profiles: Daniel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-03] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-03-08] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [802136 2013-06-14] (BitTorrent Inc.)
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
HKU\S-1-5-21-1929423053-4057178227-3398327298-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2012-09-24]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-19]
FF Extension: DownThemAll! - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a02ypaz2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-05-18]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-10-14]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-10-26]

Chrome:
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S2 gupdate1caf31cbe210d3c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [602624 2010-03-30] (Hauppauge Computer Works) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-21] (B.H.A Corporation) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-01-18] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-18] (Elaborate Bytes AG)
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [12800 2013-02-06] (Marvell Semiconductor, Inc.)
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [13824 2013-02-06] (Marvell Semiconductor, Inc.)
R1 ISODisk; C:\Windows\system32\Drivers\ISODisk.sys [9600 2006-04-26] () [File not signed]
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-14] (DiBcom SA)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.) [File not signed]
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [582400 2010-03-31] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [136064 2010-03-31] (Hauppauge Computer Works, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\usbccid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 08:06 - 2015-02-08 16:53 - 00000000 ____D () C:\Users\Daniel\Desktop\FRST-OlderVersion
2015-02-04 08:04 - 2015-02-04 08:04 - 00001059 _____ () C:\Users\Daniel\Desktop\JRT.txt
2015-02-03 21:55 - 2015-02-03 21:55 - 01388274 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2015-02-02 23:10 - 2015-02-03 07:05 - 00000000 ____D () C:\AdwCleaner
2015-02-02 23:03 - 2015-02-02 23:04 - 02194432 _____ () C:\Users\Daniel\Desktop\AdwCleaner.exe
2015-01-27 19:41 - 2015-01-27 19:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 16:30 - 2015-01-25 16:31 - 00029284 _____ () C:\Users\Daniel\Desktop\Addition.txt
2015-01-25 16:29 - 2015-02-08 23:02 - 00016621 _____ () C:\Users\Daniel\Desktop\FRST.txt
2015-01-25 16:28 - 2015-02-08 23:02 - 00000000 ____D () C:\FRST
2015-01-25 15:02 - 2015-02-08 16:53 - 01124352 _____ (Farbar) C:\Users\Daniel\Desktop\FRST.exe
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBCD
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XBCD
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Program Files\XBCD
2015-01-18 19:46 - 2015-01-18 22:51 - 00000000 ____D () C:\Users\Daniel\Documents\NHL 2004
2015-01-18 19:45 - 2015-01-18 19:45 - 00001439 _____ () C:\Users\Public\Desktop\NHL 2004.lnk
2015-01-18 19:45 - 2015-01-18 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS
2015-01-18 19:43 - 2015-01-19 00:18 - 00000000 ____D () C:\NHL 2004
2015-01-18 19:43 - 2015-01-18 19:43 - 00000476 _____ () C:\Windows\eReg.dat
2015-01-18 18:21 - 2015-01-18 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-18 18:20 - 2015-01-18 19:40 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
2015-01-18 18:20 - 2015-01-18 18:20 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2015-01-18 18:20 - 2015-01-18 18:20 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-01-18 18:19 - 2015-01-18 19:41 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-18 16:57 - 2015-01-18 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISODisk
2015-01-18 16:57 - 2015-01-18 16:57 - 00000000 ____D () C:\Program Files\ISODisk
2015-01-18 16:57 - 2006-04-26 01:03 - 00009600 _____ () C:\Windows\system32\Drivers\ISODisk.sys
2015-01-14 21:24 - 2014-12-19 13:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 21:24 - 2014-12-19 12:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 21:24 - 2014-12-12 16:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 21:24 - 2014-12-12 16:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 21:24 - 2014-12-12 04:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:24 - 2014-12-06 14:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:24 - 2012-10-04 03:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 21:24 - 2012-10-04 03:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 23:00 - 2010-07-11 22:18 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\uTorrent
2015-02-08 22:18 - 2010-05-14 23:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 20:29 - 2009-07-14 15:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 20:29 - 2009-07-14 15:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 20:25 - 2011-05-03 09:58 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-02-08 20:21 - 2013-07-31 20:12 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-08 20:21 - 2010-05-14 23:41 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 20:20 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 20:20 - 2009-07-14 15:39 - 00242008 _____ () C:\Windows\setupact.log
2015-02-08 17:13 - 2010-05-06 23:19 - 01417890 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 16:54 - 2010-05-06 23:20 - 00000000 ____D () C:\Users\Daniel
2015-02-07 15:17 - 2013-06-12 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-07 15:17 - 2013-06-12 08:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-06 08:02 - 2014-03-14 08:59 - 00000000 ____D () C:\Users\Daniel\Training and Fitness
2015-02-03 20:57 - 2014-12-25 13:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 07:06 - 2010-03-06 06:23 - 00104448 _____ () C:\Windows\PFRO.log
2015-02-02 07:51 - 2010-05-14 23:37 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Skype
2015-02-01 23:44 - 2014-09-27 14:56 - 00000000 ___RD () C:\Program Files\Skype
2015-02-01 23:44 - 2010-05-14 15:19 - 00000000 ____D () C:\ProgramData\Skype
2015-01-30 22:03 - 2012-04-26 11:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-22 00:02 - 2010-03-06 04:09 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 23:59 - 2010-05-15 19:33 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc
2015-01-18 23:16 - 2010-05-14 13:42 - 00000000 ____D () C:\Users\Daniel\Setup Files
2015-01-18 19:45 - 2011-03-24 03:55 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-15 09:33 - 2013-08-20 20:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 09:29 - 2010-03-06 06:12 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-07 23:19 - 2011-12-07 23:24 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-21 01:19 - 2013-06-21 01:19 - 0026900 _____ () C:\Users\Daniel\AppData\Local\dt.dat
2010-06-10 00:24 - 2010-10-15 08:05 - 0007631 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2011-07-22 06:27 - 2011-07-22 06:28 - 0000000 _____ () C:\Users\Daniel\AppData\Local\{30AD88CB-7A21-46D7-9333-379450294948}
2010-05-14 17:13 - 2010-06-16 19:07 - 0000041 ___SH () C:\ProgramData\.zreglib
2010-07-02 03:51 - 2013-10-01 03:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:03

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users