Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsolicited Outbound Web Attempts


  • This topic is locked This topic is locked
2 replies to this topic

#1 AZBeagle

AZBeagle

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Desert
  • Local time:01:34 PM

Posted 08 February 2015 - 05:56 PM

Hi, I'm hoping someone can help with this.  Every 10 minutes, exactly, I see 5 pop-ups in the lower right corner of my screen.  They are generated by MBAM.  I've inserted a sample of the warning below.  They are always for the same IP addresses, which are as follows:

 

5.150.195.167      0427d7.se

185.57.82.55        movie4k.to

91.202.63.7          cy-pr.com

119.145.147.181  mama.cn

5.254.96.36          tukif.com

 

Attached File  MBAM Warning.JPG   20.58KB   0 downloads

 

MBAM prevents the access, so there is no harm being done to my computer (I hope), but I cannot figure out which process or service is initiating the attempt.  As I said, it's exactly every 10 minutes, 24x7, and always to the same sites.  I thought that maybe I could just add a new Outbound Rule to Windows Firewall, which I did.  I created a Custom Outbound Rule that blocks the 5 above IP addresses.  But that didn't stop the attempts from occuring.  I still get the warnings from MBAM.  Since adding the new rule, however, I did notice that the IP address for the first item above (0427d7.se) changes each time now.  The other 4 IP addresses are always the same.  And in all cases, the initiating process or service is always trying to use Port 0.  The only tangible problem I can detect is that the browser, IE9, freezes while the access is attempted, and sometimes the iexplore process crashes.  Usually, if I wait a minute or so the browser unfreezes and I can go back to using it normally.  So I'd really like to identify the source of where this is coming from so I can get rid of the offending process or service.

 

Following is the FRST report.  By the way, Avast wouldn't even let me download the .exe file, let alone run it.  I had to turn off all shields in Avast before I could download it.  I inserted the Avast message below.

 

Attached File  Avast FRST Message.JPG   39.17KB   0 downloads

 

Finally, I attached the Addition report from FRST as requested.  I look forward to your assistance.  Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Alan (administrator) on ALAN-DEN on 08-02-2015 14:40:56
Running from C:\Users\Alan\Desktop
Loaded Profiles: Alan (Available profiles: Alan & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Nalpeiron Ltd.) C:\Windows\System32\ASTSRV.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
(IObit) C:\ProgramData\IObit\IObit Uninstaller\UninstallMonitor.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\RunOnce: [Adobe Speed Launcher] => 1423421433
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Policies\system: [NoDispSettingPage] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\ProgramData\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4265388098-4104772770-3007106771-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {06305358-99CE-4C47-B59C-939B76856C2B} http://download.microsoft.com/download/A/C/4/AC43418A-8C86-4205-803E-249B637EE96B/pmupd806.exe
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BB608966-BC14-4875-9F63-853E5851A2B6} http://download.microsoft.com/download/C/3/0/C30CEB8E-483C-471A-B066-1E8B13AAD093/pmupd806.exe
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://amexweb.webex.com/client/T25L10NSP41EP13-amexweb/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3066DC4-25CB-42DB-B5E7-976C3A4C388B}: [NameServer] 4.2.2.2,4.2.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4265388098-4104772770-3007106771-1000: @yahoo.com/BrowserPlus,version=2.9.2 -> C:\Users\Alan\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qx6nyxdb.default-1386188455640\searchplugins\google-avast.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [{FCCA5BFA-3F70-406F-BA8D-157EDF51B6FC}] - C:\Users\Alan\AppData\Local\{FCCA5BFA-3F70-406F-BA8D-157EDF51B6FC}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-15]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010-11-06]
FF HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4265388098-4104772770-3007106771-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-26] (SUPERAntiSpyware.com) [File not signed]
S2 acdservice; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S4 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 astcc; C:\Windows\system32\astsrv.exe [57344 2010-09-28] (Nalpeiron Ltd.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
S2 CiscoVpnInstallService; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-11-14] (Macrovision Europe Ltd.) [File not signed]
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-07-09] (Citrix Online, a division of Citrix Systems, Inc.)
S2 gupdate1c9863f58c21da0; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
R2 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-27] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 modemcsa; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [693512 2008-12-31] (Raxco Software, Inc.)
S3 PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [910600 2008-12-31] (Raxco Software, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
S4 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S4 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [573280 2014-08-13] (Copyright 2013 SAMSUNG)
S4 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S4 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [382320 2008-08-18] (SupportSoft, Inc.)
S2 umpusbxp; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [386560 1999-12-31] (Conexant Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [103360 2008-12-29] (SlySoft, Inc.)
R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-25] ()
R2 DefragFS; C:\Windows\system32\Drivers\DefragFS.sys [71184 2008-08-28] (Raxco Software, Inc.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [163616 2015-01-24] (Digiarty Software, Inc.)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24392 2008-07-21] (Elaborate Bytes AG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [980992 1999-12-31] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWBS2; C:\Windows\System32\DRIVERS\HSXHWBS2.sys [266752 1999-12-31] (Conexant Systems, Inc.) [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-01] (REALiX™)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraMobileCsrDfuX86.sys [32624 2014-01-09] (GN Netcom A/S)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2008-07-22] (NVIDIA Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2007-11-09] (Padus, Inc.) [File not signed]
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [13528 2014-07-21] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [33052 2007-08-06] (PowerISO Computing, Inc.) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-22] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [479232 2007-06-22] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [28288 2007-02-06] (eMPIA Technology, Inc.)
S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2013-09-05] (Microsoft Corporation)
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 1999-12-31] (Conexant Systems, Inc.) [File not signed]
R2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [8704 1999-12-31] (Conexant Systems, Inc.) [File not signed]
S3 ALSysIO; \??\C:\Users\Alan\AppData\Local\Temp\ALSysIO.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Alan\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Alan\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904 2009-02-18] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PalmUSBD; No ImagePath
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [X]
S3 TMPassthruMP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: ssm_bus -> No Registry Path.
NETSVC: umpusbxp -> No Registry Path.
NETSVC: acdservice -> No Registry Path.
NETSVC: CiscoVpnInstallService -> No Registry Path.
NETSVC: modemcsa -> No Registry Path.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 14:40 - 2015-02-08 14:41 - 00024203 _____ () C:\Users\Alan\Desktop\FRST.txt
2015-02-08 14:40 - 2015-02-08 14:40 - 01124352 _____ (Farbar) C:\Users\Alan\Desktop\FRST.exe
2015-02-03 11:27 - 2015-02-03 11:27 - 00000822 _____ () C:\Users\Alan\Desktop\IObitUninstaller.lnk
2015-02-02 08:21 - 2015-02-02 07:49 - 00156560 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys
2015-01-27 14:12 - 2015-01-27 14:12 - 00000949 _____ () C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-27 14:04 - 2015-01-27 14:04 - 00000000 ____D () C:\Users\Alan\AppData\IObit
2015-01-27 13:07 - 2015-01-27 13:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-27 10:59 - 2015-01-27 10:59 - 00000766 _____ () C:\Users\Alan\Desktop\CCleaner.lnk
2015-01-26 12:34 - 2015-02-08 13:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 10:52 - 2015-01-25 10:52 - 00159768 _____ () C:\Windows\Minidump\Mini012515-01.dmp
2015-01-23 16:52 - 2015-01-23 16:52 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-23 11:28 - 2015-01-23 11:28 - 00000000 ____D () C:\NVIDIA
2015-01-23 11:28 - 2010-04-03 15:55 - 11647592 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 11:28 - 2010-04-03 15:55 - 11573800 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\SETF136.tmp
2015-01-23 11:28 - 2010-04-03 15:55 - 00227944 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod1914.dll
2015-01-23 11:28 - 2010-04-03 15:55 - 00056424 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-01-23 11:28 - 2010-04-03 15:55 - 00007772 _____ () C:\Windows\system32\nvinfo.pb
2015-01-21 15:05 - 2015-01-22 14:46 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-19 15:21 - 2015-01-19 15:21 - 00012967 _____ () C:\Users\Alan\AppData\Roaming\Comma Separated Values (Windows).CAL
2015-01-18 17:20 - 2015-01-23 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-01-18 17:20 - 2015-01-18 17:20 - 00001784 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk
2015-01-18 17:19 - 2015-01-18 17:20 - 00000000 ____D () C:\Program Files\HRBlock2014
2015-01-17 13:01 - 2015-01-17 13:01 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-17 13:00 - 1999-12-31 17:00 - 02888536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-01-17 13:00 - 1999-12-31 17:00 - 02547928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 02328792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-01-17 13:00 - 1999-12-31 17:00 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00681905 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-17 13:00 - 1999-12-31 17:00 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00124632 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-01-17 13:00 - 1999-12-31 17:00 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00331544 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2015-01-17 12:59 - 1999-12-31 17:00 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 02395680 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-01-17 12:58 - 1999-12-31 17:00 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-14 08:17 - 2014-12-18 17:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:09 - 2014-12-05 20:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:09 - 2014-12-05 20:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:09 - 2014-12-05 20:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 08:09 - 2014-12-05 20:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 14:40 - 2007-10-29 15:12 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{972B2B68-B87F-4026-91D5-08D964DD998C}.job
2015-02-08 14:11 - 2013-10-18 11:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 13:47 - 2012-04-29 08:36 - 00000000 ____D () C:\Users\Alan\AppData\Local\CrashDumps
2015-02-08 13:23 - 2006-11-02 05:47 - 00005520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 13:23 - 2006-11-02 05:47 - 00005520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 13:17 - 2008-01-20 18:35 - 01359104 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 12:46 - 2014-06-16 18:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 10:42 - 2010-09-18 11:07 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\vlc
2015-02-08 10:40 - 2007-11-09 11:20 - 00000000 ____D () C:\Users\Alan\Temp
2015-02-08 02:11 - 2013-10-18 11:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 15:04 - 2013-07-19 15:23 - 00000406 _____ () C:\Windows\Tasks\Incremental Image xml.job
2015-02-05 15:23 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 15:22 - 2009-10-14 07:39 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-05 15:21 - 2006-11-02 06:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-05 00:51 - 2012-04-09 09:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 00:51 - 2011-05-19 08:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 17:22 - 2012-12-07 16:15 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\dvdcss
2015-02-04 12:59 - 2013-06-30 11:21 - 00002415 _____ () C:\Users\Alan\Desktop\Reflect.lnk
2015-02-03 14:34 - 2014-02-14 11:35 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-02 20:07 - 2013-07-19 15:24 - 00000396 _____ () C:\Windows\Tasks\Full Image xml.job
2015-02-01 15:04 - 2012-05-08 12:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-30 11:59 - 2009-08-21 18:20 - 00187392 _____ () C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-27 14:10 - 2013-06-14 18:42 - 00000000 ____D () C:\Program Files\IObit
2015-01-27 14:04 - 2011-02-05 08:12 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\IObit
2015-01-27 10:59 - 2008-06-09 10:08 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 12:32 - 2014-08-22 11:27 - 00000000 ____D () C:\Users\Alan\AppData\Local\Adobe
2015-01-25 10:52 - 2009-08-24 14:43 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 10:41 - 2014-07-06 11:33 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Spotify
2015-01-24 10:00 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-24 09:34 - 2010-08-19 11:03 - 00002393 _____ () C:\Users\Alan\Desktop\Magic File Renamer.lnk
2015-01-24 09:34 - 2007-10-14 11:40 - 00000000 ____D () C:\Windows\pss
2015-01-24 09:33 - 2011-01-13 16:01 - 00000000 ____D () C:\Users\Alan\Documents\Any DVD Cloner Platinum
2015-01-24 09:32 - 2013-07-05 11:27 - 00002285 _____ () C:\Users\Public\Desktop\SlimDrivers.lnk
2015-01-24 09:30 - 2014-07-06 11:34 - 00000000 ____D () C:\Users\Alan\AppData\Local\Spotify
2015-01-24 09:29 - 2013-09-12 13:25 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Hoyle Puzzle and Board Games 2012
2015-01-24 09:28 - 2014-08-06 10:32 - 00000000 ___RD () C:\Users\Alan\Dropbox
2015-01-24 09:28 - 2013-09-12 14:02 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Hoyle Card Games 2012
2015-01-24 09:28 - 2013-09-12 13:22 - 00002593 _____ () C:\Users\Public\Desktop\Hoyle Puzzle and Board Games.lnk
2015-01-24 09:28 - 2013-09-12 13:19 - 00002513 _____ () C:\Users\Public\Desktop\Hoyle Card Games.lnk
2015-01-24 09:27 - 2014-08-06 10:29 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Dropbox
2015-01-24 09:25 - 2014-09-03 12:08 - 00000000 ____D () C:\Program Files\JSoko
2015-01-24 09:23 - 2013-11-14 11:53 - 00001534 _____ () C:\ProgramData\ss.ini
2015-01-24 09:23 - 2008-10-28 11:44 - 00004675 _____ () C:\Windows\cdplayer.ini
2015-01-24 09:22 - 2014-08-21 11:06 - 00163616 _____ (Digiarty Software, Inc.) C:\Windows\system32\Drivers\DigiartyVirtualCDBus.sys
2015-01-24 09:22 - 2009-01-26 09:48 - 00000000 ____D () C:\Program Files\Avidemux 2.4
2015-01-23 16:52 - 2014-12-06 07:53 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-23 16:51 - 2013-03-09 14:41 - 00000000 ____D () C:\Program Files\Java
2015-01-23 16:45 - 2014-12-04 10:06 - 00001755 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-01-23 11:30 - 2007-10-02 04:31 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-23 11:29 - 2009-08-21 13:38 - 00000000 ____D () C:\Users\Alan
2015-01-23 09:58 - 2007-10-10 10:14 - 00000000 ____D () C:\Users\Alan\AppData\Local\Apps\2.0
2015-01-21 13:59 - 2012-01-05 16:49 - 00000000 ____D () C:\Users\Alan\Documents\My Faxes
2015-01-21 13:41 - 2006-11-02 04:18 - 00000000 __RHD () C:\Users\Default
2015-01-21 13:41 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Public
2015-01-21 13:32 - 2006-11-02 03:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-18 17:32 - 2015-01-02 07:19 - 00157744 _____ () C:\Users\Alan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-18 17:21 - 2008-01-29 18:32 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\TaxCut
2015-01-18 17:06 - 2008-01-29 18:27 - 00000000 ____D () C:\ProgramData\TaxCut
2015-01-17 16:00 - 2014-09-24 14:33 - 00001085 _____ () C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
2015-01-17 13:03 - 2009-01-31 18:32 - 00000000 ___HD () C:\Program Files\Temp
2015-01-17 13:00 - 2009-01-31 19:48 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-01-16 15:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Provisioning
2015-01-16 14:32 - 2012-01-05 15:35 - 00000000 ____D () C:\ProgramData\HP
2015-01-15 11:22 - 2009-02-09 19:12 - 00000000 ____D () C:\Users\Alan\Unzipped
2015-01-14 15:29 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 08:17 - 2013-08-13 15:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:10 - 2006-11-02 03:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 11:10 - 2012-01-18 08:58 - 00000796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-11 17:53 - 2009-01-19 11:11 - 00000000 ____D () C:\Users\Alan\Documents\Reflect

==================== Files in the root of some directories =======

2009-04-12 10:46 - 2010-02-22 11:04 - 0000388 _____ () C:\Users\Alan\AppData\Roaming\burnaware.ini
2012-04-15 13:23 - 2012-04-15 13:23 - 0000000 _____ () C:\Users\Alan\AppData\Roaming\cLxxK.txt
2011-04-16 08:15 - 2014-12-01 12:15 - 0038435 _____ () C:\Users\Alan\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-01-19 15:21 - 2015-01-19 15:21 - 0012967 _____ () C:\Users\Alan\AppData\Roaming\Comma Separated Values (Windows).CAL
2007-12-29 09:01 - 2008-09-24 05:28 - 0672813 _____ () C:\Users\Alan\AppData\Roaming\datasafeupdate.msi
2010-01-22 09:00 - 2010-04-15 10:55 - 0001013 _____ () C:\Users\Alan\AppData\Roaming\DVDSubEdit.ini
2007-10-17 16:36 - 2014-09-24 14:40 - 0007887 _____ () C:\Users\Alan\AppData\Roaming\pcouffin.cat
2007-10-17 16:36 - 2014-09-24 14:40 - 0001144 _____ () C:\Users\Alan\AppData\Roaming\pcouffin.inf
2007-10-17 16:36 - 2014-09-24 14:40 - 0000055 _____ () C:\Users\Alan\AppData\Roaming\pcouffin.log
2007-10-17 16:36 - 2014-09-24 14:40 - 0047360 _____ (VSO Software) C:\Users\Alan\AppData\Roaming\pcouffin.sys
2013-06-29 12:31 - 2013-06-29 12:31 - 0022408 _____ () C:\Users\Alan\AppData\Roaming\UserTile.png
2013-12-09 12:40 - 2013-12-09 12:40 - 0001456 _____ () C:\Users\Alan\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-05-24 11:12 - 2013-05-24 11:12 - 64330619 _____ () C:\Users\Alan\AppData\Local\AdobeSetupUtility.zip.aamdownload
2013-05-24 11:12 - 2013-05-24 11:12 - 0000914 _____ () C:\Users\Alan\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd
2009-08-21 18:20 - 2015-01-30 11:59 - 0187392 _____ () C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-08-19 11:08 - 2010-08-19 11:08 - 0000092 _____ () C:\Users\Alan\AppData\Local\fusioncache.dat
2010-05-01 08:07 - 2010-05-01 08:07 - 0000036 _____ () C:\Users\Alan\AppData\Local\housecall.guid.cache
2009-08-21 18:09 - 2012-01-05 16:52 - 0047036 _____ () C:\ProgramData\hpzinstall.log
2011-12-28 17:42 - 2012-04-28 14:54 - 0000296 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-11-14 11:53 - 2015-01-24 09:23 - 0001534 _____ () C:\ProgramData\ss.ini

Some content of TEMP:
====================
C:\Users\Alan\AppData\Local\temp\dllnt_dump.dll
C:\Users\Alan\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1vtmvr.dll
C:\Users\Alan\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2km4eb.dll
C:\Users\Alan\AppData\Local\temp\nvStInst.exe
C:\Users\Alan\AppData\Local\temp\reflectPatch.exe
C:\Users\Alan\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-08 03:49

==================== End Of Log ============================

 

Additon.txt is attached

 

Attached File  Addition.txt   47.44KB   1 downloads

 

 

 



BC AdBot (Login to Remove)

 


#2 AZBeagle

AZBeagle
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Desert
  • Local time:01:34 PM

Posted 11 February 2015 - 12:28 PM

I am being assisted with this problem on the Malwarebytes Anti Malware site, so this issue can be closed here.  Thanks.



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:34 PM

Posted 11 February 2015 - 12:34 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users