Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google web search compromised


  • This topic is locked This topic is locked
15 replies to this topic

#1 haxxo

haxxo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 09 February 2015 - 07:15 PM

this started yesterday, when I go to search anything on google or google.com i received a untrusted certificate error from google.ca & .com . I put an exemption in Firefox so i can use google, but everything in "Web" search looks weird and i don’t even see my account on the top right, but in every other category everything is fine.

Yahoo and bing simply do not work, or act very strange and produce no real results.

 

i believe this is some kind of malware, i scanned with avast, mbam and NPE. NPE found 2 system32 files that it could not clean.

 

this is what my google web search looks like side by side with image search, i highlited the diffrences.

 

after attempting search on yahoo, firefox says unable to connect, for bing i just see a gray background and a search bar, nothing i do on bing changes has any effect, its allways same gray backgounrd but the URL does change.

MrguujY.jpg

 

 

 

I scanned with hijack this and found a few things that may cause this issue, but I don’t want to screw anything up so I came here. I will post the FRST logs that are requested in the sticky.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by 280gb ssd (administrator) on 280GBSSD-PC on 09-02-2015 17:07:15
Running from C:\Users\280gb ssd\Downloads
Loaded Profiles: 280gb ssd & crossfire & Guest (Available profiles: 280gb ssd & crossfire & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\Core Temp\Core Temp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Windows\SysWOW64\HsMgr.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\system\HsMgr64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
() C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(BitTorrent Inc.) C:\Users\280gb ssd\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(South Bay Software) C:\Program Files (x86)\AutoSizer\AutoSizer.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Dropbox, Inc.) C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Giulio Sosio) C:\Users\280gb ssd\Desktop\XonarSwitch.exe
() C:\Program Files (x86)\Mechanical Gaming Keyboard\HID.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Symantec Corporation) C:\Users\280gb ssd\Downloads\NPE.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Waterfox Ltd) C:\Program Files\Waterfox\waterfox.exe
(Trend Micro Inc.) C:\Users\280gb ssd\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Mechanical] => C:\Program Files (x86)\Mechanical Gaming Keyboard\HID.exe [1720832 2013-09-27] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3581816 2013-05-03] (Tonec Inc.)
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Run: [RoccatPowerGrid] => C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe [4960880 2013-10-28] ()
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Run: [uTorrent] => C:\Users\280gb ssd\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-02-02] (BitTorrent Inc.)
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Run: [XonarSwitch] => C:\Users\280gb ssd\Desktop\XonarSwitch.exe [1122304 2015-01-13] (Giulio Sosio)
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Run: [AutoSizer] => C:\Program Files (x86)\AutoSizer\AutoSizer.exe [131072 2015-02-02] (South Bay Software)
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\MountPoints2: {69cb6c33-5478-11e2-ac5e-806e6f6e6963} - G:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\MountPoints2: {8bb31401-a6d4-11e4-982b-c86000a1a2e1} - F:\setup.exe
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\MountPoints2: {c19a4681-5486-11e2-95d2-c86000a1a2e1} - H:\setup.exe
HKU\S-1-5-21-3842482016-565817156-3172154989-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3581816 2013-05-03] (Tonec Inc.)
HKU\S-1-5-21-3842482016-565817156-3172154989-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-3842482016-565817156-3172154989-1001\...\MountPoints2: {69cb6c33-5478-11e2-ac5e-806e6f6e6963} - G:\.\Bin\ASSETUP.exe
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [531688 2013-11-26] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [482536 2013-11-26] (Lucidlogix Inc.)
Startup: C:\Users\280gb ssd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\280gb ssd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XonarSwitch.lnk
ShortcutTarget: XonarSwitch.lnk -> C:\Users\280gb ssd\Desktop\XonarSwitch.exe (Giulio Sosio)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk
ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://dev.windowsphone.com/en-us/ApplicationList?logged_in=1
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp&tc=4
HKU\S-1-5-21-3842482016-565817156-3172154989-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp&tc=4
HKU\S-1-5-21-3842482016-565817156-3172154989-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Winsock: Catalog9 11 %SystemRoot%\system32\nutafun4.dll File Not found ()
Winsock: Catalog9 12 %SystemRoot%\system32\nutafun4.dll File Not found ()
Winsock: Catalog9-x64 11 %SystemRoot%\system32\nutafun4.dll File Not found ()
Winsock: Catalog9-x64 12 %SystemRoot%\system32\nutafun4.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9

FireFox:
========
FF ProfilePath: C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3842482016-565817156-3172154989-1000: @torrentstream.net/tsplugin,version=2.0.8.11.1 -> C:\Users\280gb ssd\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3842482016-565817156-3172154989-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\280gb ssd\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\searchplugins\bingp.xml
FF Extension: FoxyProxy Standard - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\foxyproxy@eric.h.jung [2015-02-08]
FF Extension: IDM CC - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\mozilla_cc@internetdownloadmanager.com [2014-11-23]
FF Extension: Cookies Manager+ - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-07-22]
FF Extension: Check4Change - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\check4change-owner@mozdev.org.xpi [2013-10-31]
FF Extension: Lightbeam - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-10-26]
FF Extension: Open in Browser - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\openinbrowser@www.spasche.net.xpi [2013-12-20]
FF Extension: Saved Password Editor - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2013-01-23]
FF Extension: Session Manager - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-01-17]
FF Extension: RightToClick - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-04-05]
FF Extension: Adblock Plus - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-01]
FF Extension: DownThemAll! - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-01]
FF HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\280gb ssd\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\280gb ssd\AppData\Roaming\IDM\idmmzcc5 [2014-11-23]
FF HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\280gb ssd\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\280gb ssd\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-3842482016-565817156-3172154989-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\crossfire\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\crossfire\AppData\Roaming\IDM\idmmzcc5 [2014-04-04]
FF HKU\S-1-5-21-3842482016-565817156-3172154989-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\crossfire\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\280gb ssd\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in 2) - C:\Users\280gb ssd\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Profile: C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23]
CHR Extension: (Google Drive) - C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google Search) - C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (AdBlock) - C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-27]
CHR Extension: (IDM Integration) - C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]
CHR HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-04-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-01-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe [381824 2013-01-01] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-03] (AVAST Software)
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-11-12] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
S3 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-21] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 LucidSvc; C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe [20712 2013-11-26] (LucidLogix)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [83952 2014-03-27] (Micro-Star International)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-14] ()
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
S4 SandraAgentSrv; C:\Benchmark toosl\multi\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe [72344 2008-11-25] (SiSoftware) [File not signed]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [980672 2014-08-11] (@ByELDI) [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-11-30] (SolidWorks) [File not signed]
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 CoordinatorServiceHost; E:\solidowrks\SolidWorks\swScheduler\DTSCoordinatorService.exe [X]
S2 PortmapperService; E:\ptc/PTC Portmapper/i486_nt/obj/portmap.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-20] (Advanced Micro Devices)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-01-01] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-01] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-03] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-03] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2014-12-13] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-19] (C-Media Inc)
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
R3 I1KBFLTR; C:\Windows\System32\drivers\I1KBFLTR.sys [29440 2013-09-27] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [89072 2013-03-21] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-09-08] ()
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [20352 2009-09-30] (Razer USA Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-12-18] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-04] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-04] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-04] (Razer Inc)
S3 SANDRA; C:\Benchmark toosl\multi\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2015-02-09] (Symantec Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-01] (Duplex Secure Ltd.)
U3 a9bz8myo; C:\Windows\System32\Drivers\a9bz8myo.sys [0 ] (Asmedia Technology) <==== ATTENTION (zero size file/folder)
R3 ALSysIO; \??\C:\Users\280GBS~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 aswEmHWID2; \??\C:\Windows\TEMP\aswEmHWID.sys [X]
S3 atillk64; \??\C:\Users\280gb ssd\Desktop\msi ln2\WIN\atillk64.sys [X]
S3 GPU-Z; \??\C:\Users\280GBS~1\AppData\Local\Temp\GPU-Z.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 17:07 - 2015-02-09 17:07 - 00032854 _____ () C:\Users\280gb ssd\Downloads\FRST.txt
2015-02-09 17:06 - 2015-02-09 17:07 - 00000000 ____D () C:\FRST
2015-02-09 17:06 - 2015-02-09 17:06 - 02132992 _____ (Farbar) C:\Users\280gb ssd\Downloads\FRST64.exe
2015-02-09 17:02 - 2015-02-09 17:02 - 00013677 _____ () C:\Users\280gb ssd\Downloads\hijackthis.log
2015-02-09 17:00 - 2015-02-09 17:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\280gb ssd\Downloads\HijackThis.exe
2015-02-09 16:56 - 2015-02-09 16:56 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2015-02-09 16:56 - 2015-02-09 16:56 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2015-02-09 16:44 - 2015-02-09 16:44 - 00000000 ____D () C:\NPE
2015-02-09 16:36 - 2015-02-09 16:55 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\NPE
2015-02-09 16:36 - 2015-02-09 16:36 - 03060320 ____N (Symantec Corporation) C:\Users\280gb ssd\Downloads\NPE.exe
2015-02-09 16:36 - 2015-02-09 16:36 - 00000000 ____D () C:\ProgramData\Norton
2015-02-09 16:36 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-09 16:36 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-09 16:36 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-09 16:36 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-09 16:36 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-09 16:36 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-09 16:36 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-09 16:36 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-09 16:36 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-09 16:36 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-09 16:36 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-09 16:36 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-09 16:36 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-09 16:36 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-09 16:36 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-09 16:36 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-09 16:36 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-09 16:36 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-09 16:36 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-09 16:36 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-09 16:36 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-09 16:36 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-09 16:36 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-09 16:36 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-09 16:36 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-09 16:36 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-09 16:36 - 2014-11-21 19:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-09 16:36 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-09 16:36 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-09 16:36 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-09 16:36 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-09 16:36 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-09 16:36 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-09 16:36 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-09 16:36 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-09 16:36 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-09 16:36 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-09 16:36 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-09 16:36 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-09 16:36 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-09 16:36 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-09 16:36 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-09 16:36 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-09 16:36 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-09 16:36 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-09 16:36 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-09 16:36 - 2014-11-21 18:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-09 16:36 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-09 16:36 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-09 16:36 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-09 16:36 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-09 16:36 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-09 16:36 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-09 16:36 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-09 16:36 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-09 16:36 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-09 16:36 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-09 16:36 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-09 16:36 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-09 16:36 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-09 16:36 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-09 16:36 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-09 16:36 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-09 16:36 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-09 16:36 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-09 16:36 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-09 16:36 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-09 16:36 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-09 16:36 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-09 16:36 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-09 16:36 - 2014-11-10 20:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-09 16:36 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-02-09 16:36 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-09 16:36 - 2014-11-10 19:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-09 16:36 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-02-09 15:55 - 2015-02-09 16:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 15:55 - 2015-02-09 15:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-09 15:55 - 2015-02-09 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 15:55 - 2015-02-09 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 15:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 15:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 15:05 - 2015-02-09 15:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\280gb ssd\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-09 12:18 - 2015-02-09 12:25 - 00000000 ____D () C:\Users\280gb ssd\Desktop\hades
2015-02-08 23:08 - 2015-02-08 23:08 - 00001050 _____ () C:\Users\Public\Desktop\Remote Mouse.lnk
2015-02-08 23:08 - 2015-02-08 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse
2015-02-08 23:08 - 2015-02-08 23:08 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse
2015-02-08 23:07 - 2015-02-08 23:07 - 00712719 _____ (Remote Mouse ) C:\Users\280gb ssd\Downloads\RemoteMouse.exe
2015-02-08 21:48 - 2014-12-10 13:43 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2015-02-08 21:48 - 2014-12-09 15:21 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2015-02-04 17:07 - 2015-02-04 17:07 - 00000000 ____D () C:\ProgramData\REVOLT
2015-02-02 14:11 - 2015-02-09 16:57 - 00003756 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-02 14:11 - 2015-02-02 15:12 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-02 14:10 - 2015-02-07 12:00 - 00000428 _____ () C:\Windows\Tasks\InstallShield Update Task.job
2015-02-02 14:10 - 2015-02-02 14:10 - 00003180 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
2015-02-02 14:10 - 2015-02-02 14:10 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-02 14:10 - 2015-02-02 14:10 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-02 12:17 - 2015-02-02 12:19 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\AutoSizer
2015-02-02 12:17 - 2015-02-02 12:17 - 00286720 _____ (South Bay Software) C:\Users\280gb ssd\Downloads\assetup.exe
2015-02-02 12:17 - 2015-02-02 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoSizer
2015-02-02 12:17 - 2015-02-02 12:17 - 00000000 ____D () C:\Program Files (x86)\AutoSizer
2015-02-02 12:11 - 2015-02-02 12:15 - 00000000 ____D () C:\Program Files (x86)\Sizer
2015-01-30 01:43 - 2015-01-30 01:43 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\DOSBox
2015-01-30 01:43 - 2015-01-30 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2015-01-30 01:43 - 2015-01-30 01:43 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2015-01-30 01:42 - 2015-01-30 01:42 - 01448809 _____ (DOSBox Team) C:\Users\280gb ssd\Downloads\DOSBox-0.74-install.exe
2015-01-30 01:07 - 2015-01-30 01:07 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Castle Crashers
2015-01-30 00:37 - 2015-01-30 01:03 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Nidhogg
2015-01-30 00:37 - 2015-01-30 00:37 - 00000561 _____ () C:\Users\Public\Desktop\Nidhogg v1.004.lnk
2015-01-30 00:37 - 2015-01-30 00:37 - 00000561 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nidhogg v1.004.lnk
2015-01-28 03:46 - 2015-01-28 03:46 - 00000655 _____ () C:\Users\Public\Desktop\Play Resident Evil HD.lnk
2015-01-28 03:46 - 2015-01-28 03:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom
2015-01-28 03:04 - 2015-01-28 03:04 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\CAPCOM
2015-01-27 23:34 - 2015-01-27 23:34 - 00100439 _____ () C:\Users\280gb ssd\Downloads\burger-wars-the-cheap-chicken-nuggets-phase.htm
2015-01-27 22:42 - 2015-01-27 22:43 - 24658468 _____ () C:\Users\280gb ssd\Downloads\vlc-2.1.5-win64(1).exe
2015-01-22 14:45 - 2015-01-22 14:45 - 00014235 _____ () C:\Users\280gb ssd\Desktop\FolderSize - Shortcut.lnk
2015-01-21 17:27 - 2015-01-21 17:56 - 00000400 __RSH () C:\ProgramData\ntuser.pol
2015-01-21 17:26 - 2015-01-21 17:26 - 06431728 _____ (Microsoft Corporation) C:\Users\280gb ssd\Downloads\OSGS14-WindowsSetupBox-32bitand64bit-English-4141408.exe
2015-01-20 09:23 - 2015-01-20 09:23 - 00029501 _____ () C:\Users\280gb ssd\Downloads\File Panama_Canal_Lock_Forms.jpeg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-07-24 19:24 - 2013-12-18 01:46 - 00000000 ____D () C:\Users\280gb ssd\Downloads\Guru3D.com
2015-02-09 17:07 - 2013-01-10 21:37 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\uTorrent
2015-02-09 17:06 - 2013-10-14 23:08 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-02-09 17:02 - 2013-01-01 19:53 - 00000000 _____ () C:\Windows\Path.idx
2015-02-09 17:01 - 2013-01-01 18:07 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\VirtualStore
2015-02-09 16:59 - 2013-01-01 18:09 - 01474978 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 16:59 - 2009-07-13 22:13 - 00007210 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 16:58 - 2013-10-01 17:40 - 00000554 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2015-02-09 16:57 - 2013-01-01 18:43 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-02-09 16:57 - 2009-07-13 21:45 - 00020432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 16:57 - 2009-07-13 21:45 - 00020432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 16:56 - 2014-09-19 19:19 - 00038911 _____ () C:\Windows\setupact.log
2015-02-09 16:56 - 2014-02-20 18:06 - 00000124 _____ () C:\HaxLogs.log
2015-02-09 16:56 - 2013-11-28 19:32 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Raptr
2015-02-09 16:56 - 2013-08-14 20:39 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Dropbox
2015-02-09 16:56 - 2013-07-23 23:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 16:56 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 16:55 - 2014-04-04 16:02 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-09 16:55 - 2013-01-01 19:35 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\DMCache
2015-02-09 16:43 - 2014-10-04 13:20 - 00015718 _____ () C:\Windows\PFRO.log
2015-02-09 16:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-09 16:41 - 2013-01-30 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-09 16:40 - 2013-07-19 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-09 16:31 - 2013-07-23 23:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 16:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PLA
2015-02-09 15:55 - 2013-10-28 01:20 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Malwarebytes
2015-02-09 15:55 - 2013-10-28 01:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 15:09 - 2013-01-01 17:43 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-02-09 13:07 - 2013-01-07 21:14 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\vlc
2015-02-09 12:24 - 2013-01-01 19:35 - 00000000 ____D () C:\Users\280gb ssd\Downloads\Compressed
2015-02-09 12:13 - 2013-01-01 17:42 - 00638976 _____ () C:\Users\280gb ssd\Desktop\cert8.db
2015-02-08 21:56 - 2013-04-11 17:14 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\Razer
2015-02-08 21:56 - 2009-07-13 21:45 - 00488632 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-08 21:50 - 2013-01-01 17:40 - 00135048 _____ () C:\Users\280gb ssd\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-08 21:48 - 2013-01-01 17:43 - 00000000 ____D () C:\ProgramData\Razer
2015-02-08 21:48 - 2013-01-01 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-02-08 21:30 - 2013-01-30 21:41 - 00003945 _____ () C:\Users\280gb ssd\Documents\ax_files.xml
2015-02-08 18:46 - 2014-10-04 13:16 - 00216982 _____ () C:\Windows\DPINST.LOG
2015-02-08 18:45 - 2013-01-01 18:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-06 19:55 - 2013-01-01 19:53 - 00003235 _____ () C:\Windows\MB.idx
2015-02-06 15:14 - 2014-12-21 19:53 - 00000000 ___HD () C:\jexepackres
2015-02-06 15:14 - 2014-12-21 19:53 - 00000000 ____D () C:\Users\280gb ssd\REW
2015-02-04 01:26 - 2013-07-23 23:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 01:26 - 2013-07-23 23:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 15:07 - 2013-01-01 18:33 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-02-02 15:07 - 2013-01-01 18:33 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-02-02 15:07 - 2013-01-01 18:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-02-02 15:07 - 2013-01-01 18:33 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-02-02 15:07 - 2013-01-01 18:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2015-02-02 11:57 - 2013-11-28 19:32 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-02-02 11:39 - 2015-01-05 13:32 - 00000000 ____D () C:\Program Files\KMSpico
2015-02-02 11:37 - 2015-01-05 13:32 - 00003372 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-02-02 11:37 - 2015-01-05 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-01-30 01:07 - 2013-01-01 19:52 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-29 15:27 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-28 03:46 - 2014-10-16 21:30 - 00041413 _____ () C:\Windows\DirectX.log
2015-01-28 03:46 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2015-01-28 02:58 - 2013-06-05 22:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 17:27 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-21 17:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-13 11:04 - 2014-10-05 15:45 - 01122304 _____ (Giulio Sosio) C:\Users\280gb ssd\Desktop\XonarSwitch.exe

==================== Files in the root of some directories =======

2014-03-27 17:51 - 2014-03-27 17:51 - 0000000 _____ () C:\Program Files (x86)\GUM6F.tmp
2014-09-24 01:07 - 2014-09-24 01:09 - 0000132 _____ () C:\Users\280gb ssd\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-23 20:24 - 2014-12-06 14:06 - 0000132 _____ () C:\Users\280gb ssd\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-17 12:46 - 2013-12-17 14:45 - 14077952 _____ () C:\Users\280gb ssd\AppData\Roaming\Sandra.mdb
2013-04-14 01:22 - 2013-04-14 01:22 - 0008069 _____ () C:\Users\280gb ssd\AppData\Local\CleanupUninstall.txt
2014-04-04 19:17 - 2014-12-31 16:14 - 1065984 _____ () C:\Users\280gb ssd\AppData\Local\file__0.localstorage
2014-02-01 14:04 - 2014-02-01 14:04 - 0000000 ___SH () C:\Users\280gb ssd\AppData\Local\LumaEmu
2013-01-01 20:44 - 2014-06-10 19:32 - 0007618 _____ () C:\Users\280gb ssd\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\280gb ssd\AppData\Local\setup.txt
2013-12-05 16:43 - 2013-12-05 16:56 - 0000000 _____ () C:\Users\280gb ssd\AppData\Local\Temptable.xml
2014-09-16 15:55 - 2014-09-24 23:16 - 0000080 _____ () C:\Users\280gb ssd\AppData\Local\X-Plane Installer.prf
2014-09-24 23:11 - 2014-09-24 23:11 - 0000016 _____ () C:\Users\280gb ssd\AppData\Local\x-plane_install_10.txt
2013-12-08 23:41 - 2013-02-14 09:47 - 0000000 _____ () C:\ProgramData\193847656
2013-10-05 10:41 - 2013-10-05 10:41 - 0000040 _____ () C:\ProgramData\ra3.ini

Some content of TEMP:
====================
C:\Users\280gb ssd\AppData\Local\Temp\cpuz.exe
C:\Users\280gb ssd\AppData\Local\Temp\cpuz165.exe
C:\Users\280gb ssd\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd2l_m6.dll
C:\Users\280gb ssd\AppData\Local\Temp\Installer_Windows.exe
C:\Users\280gb ssd\AppData\Local\Temp\Microsoft Toolkit.exe
C:\Users\280gb ssd\AppData\Local\Temp\SRLDetectionLibrary5212704078659989384.dll
C:\Users\280gb ssd\AppData\Local\Temp\__pythonRunner.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 02:00

==================== End Of Log ============================

Attached Files


Edited by haxxo, 10 February 2015 - 01:32 PM.


BC AdBot (Login to Remove)

 


#2 haxxo

haxxo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 13 February 2015 - 03:27 PM

i would also like to add that this malware seems to effect video playback as  well. on youtube its fine, but on most sites epically liveleak, the videos take a very long time to start up, sometimes they never start and keep displaying the loading icon.

 

there are 2 very strange things in my hijack this report i would like looked at.

 

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

 

thanks for reading.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 14 February 2015 - 10:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Winsock: Catalog9 11 %SystemRoot%\system32\nutafun4.dll File Not found ()
Winsock: Catalog9 12 %SystemRoot%\system32\nutafun4.dll File Not found ()
Winsock: Catalog9-x64 11 %SystemRoot%\system32\nutafun4.dll File Not found ()
Winsock: Catalog9-x64 12 %SystemRoot%\system32\nutafun4.dll File Not found ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\searchplugins\bingp.xml
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [980672 2014-08-11] (@ByELDI) [File not signed]
S3 CoordinatorServiceHost; E:\solidowrks\SolidWorks\swScheduler\DTSCoordinatorService.exe [X]
S2 PortmapperService; E:\ptc/PTC Portmapper/i486_nt/obj/portmap.exe [X]
U3 a9bz8myo; C:\Windows\System32\Drivers\a9bz8myo.sys [0 ] (Asmedia Technology) <==== ATTENTION (zero size file/folder)
R3 ALSysIO; \??\C:\Users\280GBS~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 aswEmHWID2; \??\C:\Windows\TEMP\aswEmHWID.sys [X]
S3 atillk64; \??\C:\Users\280gb ssd\Desktop\msi ln2\WIN\atillk64.sys [X]
S3 GPU-Z; \??\C:\Users\280GBS~1\AppData\Local\Temp\GPU-Z.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X][/B]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

If still having problems with Firefox reset it.

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

How is the computer running now?

#4 haxxo

haxxo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 14 February 2015 - 03:05 PM

i did as you suggested and nothing changed. i tested with IE and FF and they both seem to show the same google web search issue. i cant click on "more" or "search tools" or any other google features during web search. and it still shows the strange results with pictures for allmost each search. this malware seems to have effect certian video playbacks as well, some flash videos constatnly stay on the loading/fetching part before the video starts and they never play. ive tested on a diffrent device and thoes videos are fine.

 

this is the log from FRST after fixing

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by 280gb ssd at 2015-02-14 12:40:43 Run:1
Running from C:\Users\280gb ssd\Desktop\frst
Loaded Profiles: 280gb ssd (Available profiles: 280gb ssd & crossfire & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Winsock: Catalog9 11 %SystemRoot%\system32\nutafun4.dll File Not found ()
Winsock: Catalog9 12 %SystemRoot%\system32\nutafun4.dll File Not found ()
Winsock: Catalog9-x64 11 %SystemRoot%\system32\nutafun4.dll File Not found ()
Winsock: Catalog9-x64 12 %SystemRoot%\system32\nutafun4.dll File Not found ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\searchplugins\bingp.xml
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [980672 2014-08-11] (@ByELDI) [File not signed]
S3 CoordinatorServiceHost; E:\solidowrks\SolidWorks\swScheduler\DTSCoordinatorService.exe [X]
S2 PortmapperService; E:\ptc/PTC Portmapper/i486_nt/obj/portmap.exe [X]
U3 a9bz8myo; C:\Windows\System32\Drivers\a9bz8myo.sys [0 ] (Asmedia Technology) <==== ATTENTION (zero size file/folder)
R3 ALSysIO; \??\C:\Users\280GBS~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 aswEmHWID2; \??\C:\Windows\TEMP\aswEmHWID.sys [X]
S3 atillk64; \??\C:\Users\280gb ssd\Desktop\msi ln2\WIN\atillk64.sys [X]
S3 GPU-Z; \??\C:\Users\280GBS~1\AppData\Local\Temp\GPU-Z.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X][/B]

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
Winsock: Catalog entry 000000000011 => Deleted successfully.
Winsock: Catalog entry 000000000012 => Deleted successfully.
Winsock: Catalog entry 000000000011 => Deleted successfully.
Winsock: Catalog entry 000000000012 => Deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\eok1afa9.default\searchplugins\bingp.xml => Moved successfully.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll not found.
"HKU\S-1-5-21-3842482016-565817156-3172154989-1000\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion" => Key deleted successfully.
Service KMSELDI => Service not found.
CoordinatorServiceHost => Service deleted successfully.
PortmapperService => Service deleted successfully.
a9bz8myo => Service not found.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
aswEmHWID2 => Service deleted successfully.
atillk64 => Service deleted successfully.
GPU-Z => Service deleted successfully.
IntcAzAudAddService => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 12:40:44 ====

 

 

 

 

 

 

 

 

 

and this is the log from ADW cleaner

 

# AdwCleaner v4.110 - Logfile created 14/02/2015 at 12:55:47
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : 280gb ssd - 280GBSSD-PC
# Running from : C:\Users\280gb ssd\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\280gb ssd\AppData\Local\CrashRpt
File Deleted : C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [magicplayer@torrentstream.org]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v40.0.2214.111

[C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\280gb ssd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2647 bytes] - [10/02/2015 18:36:37]
AdwCleaner[R1].txt - [2595 bytes] - [14/02/2015 12:53:54]
AdwCleaner[S0].txt - [2511 bytes] - [14/02/2015 12:55:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2570  bytes] ##########
 


Edited by haxxo, 14 February 2015 - 04:47 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 15 February 2015 - 09:40 AM

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

Keep me posted.

#6 haxxo

haxxo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 15 February 2015 - 11:05 AM

hi, i did as you suggested and resetting IE/FF do nothing (i stopped using chrome along time ago), but running firefox in safe mode did solve the problem.  after resetting firefox google.ca/com gave me the same certificate issue when this problem started, if i accept the untrusted certificate i get the messed up google results.

 

 

 

EDIT: after testing around with both firefox and waterfox, they both show the same symptons except for firefox asks me to install avast add-on every time it starts.  if i accept and install the add-on and restart firefox, then the problem is gone (gone in FF but still in IE). if i decline to install the avast add-on the strange google results are back.

 

i know this means that all i have to do is use firefox and install avast add-on each time, but this would just be a bandaid and i would be restricted to only 32 bit FF (no IE or WF).  help is appreciated to remove this annoying malware.

 

here is the log you requested.

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Call of Duty: Ghosts - Multiplayer
 Java 7 Update 67  
 Visual Studio Extensions for Windows Library for JavaScript
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

 


Edited by haxxo, 15 February 2015 - 12:03 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 15 February 2015 - 02:14 PM

i know this means that all i have to do is use firefox and install avast add-on each time, but this would just be a bandaid and i would be restricted to only 32 bit FF (no IE or WF). help is appreciated to remove this annoying malware.


Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>>

Remove the olv version of Java 7 Update 67 using the Add/Remove programs applet.

===

Keep me posted.

#8 haxxo

haxxo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 15 February 2015 - 04:31 PM

i uninstalled firefox and waterfox, deleted everything in program files. i restarted PC, then tested google search with IE and nothing changed. i reinstalled both firefox and waterfox, same behavior.

 

i also uninstalled java 7 update 67.

 

i dont think this issue is browser specific as it the excat same on IE and FF and WF. something is messing up my google websearch, but avast is able to stop it in regular firefox but not WF or IE(i dont think avast supports WF or IE).

 

there has to be something doing this to all browsers, something avast seems to be able to stop but not remove or detect.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 16 February 2015 - 08:39 AM

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

#10 haxxo

haxxo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 16 February 2015 - 03:19 PM

i have a telus v100h, i got the manual and it had 2 options for reset. first was just press the reset button, which did cut off the internet for a minute on my pc while it reset, same issue. the 2nd option was to press and hold reset for 10 seconds, i tried that and the reset took a little longer then last time, but still the same issue.

 

id also like to bring some strange proxy settings to your attention. in internet properties/connections at the very bottom it says "some settings are managed by your system administrator".  then in lan settings i have the option  "use a proxy server you for LAN" checked off then clicking ok, but when i check back its allways enabled. i don't use proxys, so this seems strange to me.  there is also no system administrator (my acc is admin), unless they mean my ISP.

 

i tired setting proxy settings for each user in regedit so i can disable proxy, it worked but google results were still weird and after a restart the proxy was back.

 

BK40pLz.png


Edited by haxxo, 16 February 2015 - 11:44 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 17 February 2015 - 09:12 AM

Create a restore point before proceeding with these instructions. Windows 7.
http://windows.microsoft.com/en-ca/windows7/create-a-restore-point
===


- Open regedit.exe (Type Regedit in the Start > run box) This will open your registry tool.
- Navigate to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- Right Click --> Permissions...
- In "Group or user names" select SYSTEM
- Tick deny check boxes for full control and read --> Click ok
- Deleted ProxySettingsPerUser
- Restart the computer normally to reset the registry.

<<<>>>

Run the Farbar tool one more time and post a fresh FRST log for my review.

How is the computer running now?

#12 haxxo

haxxo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 17 February 2015 - 03:09 PM

Awesome Thank you very much, i really appreciated the help. problem is finally solved.

 

mind if i ask how this could of happened/ what i can do to prevent it in the future?

 

here is the new FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by 280gb ssd (administrator) on 280GBSSD-PC on 17-02-2015 13:05:03
Running from C:\Users\280gb ssd\Downloads
Loaded Profiles: 280gb ssd (Available profiles: 280gb ssd & crossfire & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: waterfox.exe)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\loggingserver.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
() C:\Program Files\Core Temp\Core Temp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
() C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe
(BitTorrent Inc.) C:\Users\280gb ssd\AppData\Roaming\uTorrent\uTorrent.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(South Bay Software) C:\Program Files (x86)\AutoSizer\AutoSizer.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Giulio Sosio) C:\Users\280gb ssd\Desktop\XonarSwitch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Mechanical Gaming Keyboard\HID.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Waterfox) C:\Program Files\Waterfox\waterfox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Mechanical] => C:\Program Files (x86)\Mechanical Gaming Keyboard\HID.exe [1720832 2013-09-27] ()
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2491416 2015-02-15] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3581816 2013-05-03] (Tonec Inc.)
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Run: [RoccatPowerGrid] => C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe [4960880 2013-10-28] ()
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Run: [uTorrent] => C:\Users\280gb ssd\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-02-02] (BitTorrent Inc.)
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Run: [XonarSwitch] => C:\Users\280gb ssd\Desktop\XonarSwitch.exe [1122304 2015-01-13] (Giulio Sosio)
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Run: [AutoSizer] => C:\Program Files (x86)\AutoSizer\AutoSizer.exe [131072 2015-02-02] (South Bay Software)
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\MountPoints2: {69cb6c33-5478-11e2-ac5e-806e6f6e6963} - G:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\MountPoints2: {8bb31401-a6d4-11e4-982b-c86000a1a2e1} - F:\setup.exe
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\MountPoints2: {c19a4681-5486-11e2-95d2-c86000a1a2e1} - H:\setup.exe
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [531688 2013-11-26] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [482536 2013-11-26] (Lucidlogix Inc.)
Startup: C:\Users\280gb ssd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\280gb ssd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XonarSwitch.lnk
ShortcutTarget: XonarSwitch.lnk -> C:\Users\280gb ssd\Desktop\XonarSwitch.exe (Giulio Sosio)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk
ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\280gb ssd\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://dev.windowsphone.com/en-us/ApplicationList?logged_in=1
HKU\S-1-5-21-3842482016-565817156-3172154989-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp&tc=4
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3842482016-565817156-3172154989-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9795D62F-41A5-49BE-912F-EB4A568FDDC6}&mid=f776a831eb6947cdadb8192946454b12-38629230af595748284c7b88ce822dc3cb481d2a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-15 14:36:03&v=18.2.2.846&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.2\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9

FireFox:
========
FF ProfilePath: C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.2\\npsitesafety.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3842482016-565817156-3172154989-1000: @torrentstream.net/tsplugin,version=2.0.8.11.1 -> C:\Users\280gb ssd\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3842482016-565817156-3172154989-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\280gb ssd\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: AVG SafeGuard toolbar - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\fomvldxk.default-1424015675148\Extensions\avg@toolbar [2015-02-15]
FF Extension: FoxyProxy Standard - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\foxyproxy@eric.h.jung [2015-02-15]
FF Extension: IDM CC - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\mozilla_cc@internetdownloadmanager.com [2015-02-15]
FF Extension: Cookies Manager+ - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2015-02-15]
FF Extension: Check4Change - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\check4change-owner@mozdev.org.xpi [2015-02-15]
FF Extension: Lightbeam - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-02-15]
FF Extension: Open in Browser - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\openinbrowser@www.spasche.net.xpi [2015-02-15]
FF Extension: Saved Password Editor - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\savedpasswordeditor@daniel.dawson.xpi [2015-02-15]
FF Extension: Session Manager - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-02-15]
FF Extension: RightToClick - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-02-15]
FF Extension: Adblock Plus - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-15]
FF Extension: DownThemAll! - C:\Users\280gb ssd\AppData\Roaming\Mozilla\Firefox\Profiles\qxi572zn.Default User\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-02-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-01]
FF HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\280gb ssd\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\280gb ssd\AppData\Roaming\IDM\idmmzcc5 [2014-11-23]
FF HKU\S-1-5-21-3842482016-565817156-3172154989-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\280gb ssd\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-04-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-01-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe [381824 2013-01-01] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-03] (AVAST Software)
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-11-12] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
S3 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-21] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 LucidSvc; C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe [20712 2013-11-26] (LucidLogix)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [83952 2014-03-27] (Micro-Star International)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-14] ()
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
S4 SandraAgentSrv; C:\Benchmark toosl\multi\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe [72344 2008-11-25] (SiSoftware) [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-11-30] (SolidWorks) [File not signed]
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
R2 vToolbarUpdater18.2.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\ToolbarUpdater.exe [1789464 2015-02-15] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-20] (Advanced Micro Devices)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-01-01] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-01] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-03] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-03] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2014-12-13] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-19] (C-Media Inc)
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
R3 I1KBFLTR; C:\Windows\System32\drivers\I1KBFLTR.sys [29440 2013-09-27] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [89072 2013-03-21] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-09-08] ()
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [20352 2009-09-30] (Razer USA Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-12-18] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-04] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-04] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-04] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-04] (Razer Inc)
S3 SANDRA; C:\Benchmark toosl\multi\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-01] (Duplex Secure Ltd.)
U3 aianptk3; C:\Windows\System32\Drivers\aianptk3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
R3 ALSysIO; \??\C:\Users\280GBS~1\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 13:04 - 2015-02-17 13:04 - 02085888 _____ (Farbar) C:\Users\280gb ssd\Downloads\FRST64.exe

2015-02-15 14:36 - 2015-02-15 14:38 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-02-15 14:36 - 2015-02-15 14:36 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\AVG SafeGuard toolbar
2015-02-15 14:36 - 2015-02-15 14:36 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-02-15 14:36 - 2015-02-15 14:36 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2015-02-15 14:35 - 2015-02-15 14:35 - 00207640 _____ () C:\Users\280gb ssd\Downloads\AVG Secure Search.exe
2015-02-15 14:28 - 2015-02-15 14:28 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2015-02-15 14:28 - 2015-02-15 14:28 - 00000882 _____ () C:\Users\Public\Desktop\Waterfox.lnk
2015-02-15 14:28 - 2015-02-15 14:28 - 00000000 ____D () C:\Program Files\Waterfox
2015-02-15 14:26 - 2015-02-15 14:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-15 14:26 - 2015-02-15 14:26 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-15 14:26 - 2015-02-15 14:26 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-15 14:19 - 2015-02-15 14:20 - 58867704 _____ () C:\Users\280gb ssd\Downloads\Waterfox 35.0 Setup(1).exe
2015-02-15 14:15 - 2015-02-15 14:15 - 00112681 _____ () C:\Users\280gb ssd\Documents\bookmarks.html
2015-02-15 09:57 - 2015-02-17 12:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 09:57 - 2015-02-15 09:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-15 09:26 - 2015-02-15 09:26 - 58867704 _____ () C:\Users\280gb ssd\Downloads\Waterfox 35.0 Setup.exe
2015-02-15 08:54 - 2015-02-15 08:54 - 00000000 ____D () C:\Users\280gb ssd\Desktop\Old Firefox Data
2015-02-15 08:40 - 2015-02-15 08:40 - 00852594 _____ () C:\Users\280gb ssd\Desktop\SecurityCheck.exe
2015-02-14 12:53 - 2015-02-14 12:53 - 02112512 _____ () C:\Users\280gb ssd\Downloads\adwcleaner_4.110.exe
2015-02-14 12:53 - 2015-02-14 12:53 - 02112512 _____ () C:\Users\280gb ssd\Desktop\adwcleaner_4.110.exe
2015-02-14 12:41 - 2015-02-17 11:39 - 00000672 _____ () C:\Windows\setupact.log
2015-02-14 12:41 - 2015-02-15 14:24 - 00021342 _____ () C:\Windows\PFRO.log
2015-02-14 12:41 - 2015-02-14 12:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-14 12:39 - 2015-02-14 12:40 - 00000000 ____D () C:\Users\280gb ssd\Desktop\frst
2015-02-14 02:53 - 2015-02-14 02:53 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\CrashDumps
2015-02-13 23:38 - 2015-02-13 23:38 - 00060152 _____ () C:\Users\280gb ssd\Documents\cc_20150213_233844.reg
2015-02-13 17:43 - 2015-02-13 17:43 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\LumaEmu_SteamCloud
2015-02-13 17:23 - 2015-02-13 17:23 - 00000773 _____ () C:\Users\280gb ssd\Desktop\Play Life Is Strange.lnk
2015-02-13 17:23 - 2015-02-13 17:23 - 00000742 _____ () C:\Users\280gb ssd\Desktop\visit www.nosteam.ro.lnk
2015-02-13 17:20 - 2015-02-13 17:20 - 00001032 _____ () C:\Users\Public\Desktop\Fahrenheit Indigo Prophecy Remastered.lnk
2015-02-13 17:20 - 2015-02-13 17:20 - 00000000 ____D () C:\Users\280gb ssd\Documents\Aspyr
2015-02-13 17:04 - 2015-02-13 17:04 - 00000000 ____D () C:\Users\280gb ssd\Documents\DyingLight
2015-02-13 17:02 - 2015-02-13 17:02 - 00000929 _____ () C:\Users\Public\Desktop\Dying Light Manager.lnk
2015-02-13 17:02 - 2015-02-13 17:02 - 00000914 _____ () C:\Users\Public\Desktop\Dying Light.lnk
2015-02-12 21:06 - 2015-02-12 21:06 - 00000502 _____ () C:\Users\280gb ssd\Desktop\hera - Shortcut.lnk
2015-02-11 22:20 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-11 22:20 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-11 22:20 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-11 22:20 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-11 22:20 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-11 22:20 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-11 22:20 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-11 22:20 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-11 22:20 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-11 22:20 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-11 22:20 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-02-11 22:20 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-02-11 22:15 - 2015-01-15 01:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 22:15 - 2015-01-15 01:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 22:15 - 2015-01-15 01:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 22:15 - 2015-01-15 01:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 22:15 - 2015-01-15 01:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 22:15 - 2015-01-15 01:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 22:15 - 2015-01-15 01:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 22:15 - 2015-01-15 01:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 22:15 - 2015-01-15 01:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 22:15 - 2015-01-15 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 22:15 - 2015-01-15 01:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 22:15 - 2015-01-15 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 22:15 - 2015-01-15 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 22:15 - 2015-01-15 00:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 22:15 - 2015-01-15 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 22:15 - 2015-01-15 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 22:15 - 2015-01-15 00:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 22:15 - 2015-01-14 21:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 22:15 - 2015-01-13 22:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 22:15 - 2015-01-13 22:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 22:15 - 2015-01-12 20:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 22:15 - 2015-01-12 19:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 22:15 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 22:15 - 2015-01-11 20:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 22:15 - 2015-01-11 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 22:15 - 2015-01-11 19:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 22:15 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 22:15 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 22:15 - 2015-01-11 19:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 22:15 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 22:15 - 2015-01-11 19:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 22:15 - 2015-01-11 19:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 22:15 - 2015-01-11 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 22:15 - 2015-01-11 19:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 22:15 - 2015-01-11 19:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 22:15 - 2015-01-11 19:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 22:15 - 2015-01-11 19:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 22:15 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 22:15 - 2015-01-11 19:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 22:15 - 2015-01-11 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 22:15 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 22:15 - 2015-01-11 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 22:15 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 22:15 - 2015-01-11 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 22:15 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 22:15 - 2015-01-11 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 22:15 - 2015-01-11 19:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 22:15 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 22:15 - 2015-01-11 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 22:15 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 22:15 - 2015-01-11 19:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 22:15 - 2015-01-11 18:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 22:15 - 2015-01-11 18:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 22:15 - 2015-01-11 18:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 22:15 - 2015-01-11 18:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 22:15 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 22:15 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 22:15 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 22:15 - 2015-01-11 18:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 22:15 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 22:15 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 22:15 - 2015-01-11 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 22:15 - 2015-01-11 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 22:15 - 2015-01-11 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 22:15 - 2015-01-11 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 22:15 - 2015-01-11 18:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 22:15 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 22:15 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 22:15 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 22:15 - 2015-01-11 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 22:15 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 22:15 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 22:15 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 22:15 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 22:15 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 22:15 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 22:15 - 2015-01-09 23:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 22:15 - 2015-01-09 23:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 22:15 - 2015-01-09 23:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 22:15 - 2015-01-09 23:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 22:15 - 2015-01-09 23:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 22:15 - 2015-01-09 23:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 22:15 - 2015-01-09 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 22:15 - 2015-01-09 23:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 22:15 - 2015-01-09 23:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 22:15 - 2015-01-09 23:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 22:15 - 2015-01-09 23:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 22:15 - 2015-01-09 23:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 22:15 - 2015-01-09 23:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 22:15 - 2015-01-09 23:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 22:15 - 2015-01-08 20:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 22:15 - 2015-01-08 20:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 22:15 - 2015-01-08 20:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 22:15 - 2015-01-08 19:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 22:15 - 2014-12-11 22:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 22:15 - 2014-12-11 22:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 22:15 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 22:15 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 22:15 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 22:15 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 22:15 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-11 22:15 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-11 22:15 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-11 22:15 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-11 22:15 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-11 22:15 - 2014-10-13 19:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-11 22:15 - 2014-10-13 18:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-11 22:15 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-11 22:15 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-11 22:15 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-11 22:15 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-11 22:15 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-11 22:15 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-11 22:15 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-11 22:15 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-11 22:15 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-11 22:15 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-11 22:15 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-02-11 22:15 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-02-11 22:15 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 22:15 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 22:15 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-02-11 22:15 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-02-11 22:15 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-02-11 22:15 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-02-11 22:15 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-02-11 22:15 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-02-11 22:15 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-02-11 22:15 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-02-11 22:15 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-02-11 22:15 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-02-11 22:15 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-02-11 22:15 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-11 22:15 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 22:15 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 22:15 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 22:15 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 22:15 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-11 22:15 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-02-11 22:15 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-11 22:15 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-02-11 22:14 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 22:14 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 22:14 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 22:14 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 22:14 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 22:14 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 22:14 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 22:13 - 2015-01-08 19:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 12:19 - 2015-02-11 12:19 - 00007384 _____ () C:\Users\280gb ssd\Downloads\ckfiles.txt
2015-02-11 12:14 - 2015-02-11 12:14 - 00468480 _____ () C:\Users\280gb ssd\Downloads\CKScanner.exe
2015-02-10 18:36 - 2015-02-14 12:55 - 00000000 ____D () C:\AdwCleaner
2015-02-10 18:36 - 2015-02-10 18:36 - 02112512 _____ () C:\Users\280gb ssd\Downloads\AdwCleaner.exe
2015-02-09 23:08 - 2015-02-09 23:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\280gb ssd\Downloads\tdsskiller.exe
2015-02-09 23:07 - 2015-02-09 23:07 - 00111688 _____ (Duckware) C:\Users\280gb ssd\x.exe
2015-02-09 21:38 - 2015-02-09 21:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-09 21:37 - 2015-02-09 21:42 - 00000000 ____D () C:\Users\280gb ssd\Desktop\mbar
2015-02-09 21:36 - 2015-02-09 21:36 - 16466552 _____ (Malwarebytes Corp.) C:\Users\280gb ssd\Downloads\mbar-1.08.3.1004.exe
2015-02-09 17:15 - 2015-02-09 17:15 - 00013677 _____ () C:\Users\280gb ssd\Desktop\hijackthis.log
2015-02-09 17:14 - 2015-02-09 17:14 - 00067425 _____ () C:\Users\280gb ssd\Desktop\Addition.txt
2015-02-09 17:07 - 2015-02-17 13:05 - 00027381 _____ () C:\Users\280gb ssd\Downloads\FRST.txt
2015-02-09 17:07 - 2015-02-09 17:08 - 00067425 _____ () C:\Users\280gb ssd\Downloads\Addition.txt
2015-02-09 17:06 - 2015-02-17 13:05 - 00000000 ____D () C:\FRST
2015-02-09 17:02 - 2015-02-09 17:02 - 00013677 _____ () C:\Users\280gb ssd\Downloads\hijackthis.log
2015-02-09 17:00 - 2015-02-09 17:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\280gb ssd\Downloads\HijackThis.exe
2015-02-09 16:44 - 2015-02-09 16:44 - 00000000 ____D () C:\NPE
2015-02-09 16:36 - 2015-02-09 23:08 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\NPE
2015-02-09 16:36 - 2015-02-09 16:36 - 03060320 ____N (Symantec Corporation) C:\Users\280gb ssd\Downloads\NPE.exe
2015-02-09 16:36 - 2015-02-09 16:36 - 00000000 ____D () C:\ProgramData\Norton
2015-02-09 16:36 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-09 16:36 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-09 16:36 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-09 16:36 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-09 16:36 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-09 16:36 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-09 16:36 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-02-09 16:36 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-02-09 15:55 - 2015-02-09 21:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 15:55 - 2015-02-09 21:37 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 15:55 - 2015-02-09 15:55 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-09 15:55 - 2015-02-09 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 15:55 - 2015-02-09 15:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 15:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 15:05 - 2015-02-09 15:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\280gb ssd\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-09 12:18 - 2015-02-09 12:25 - 00000000 ____D () C:\Users\280gb ssd\Desktop\hades
2015-02-08 23:08 - 2015-02-08 23:08 - 00001050 _____ () C:\Users\Public\Desktop\Remote Mouse.lnk
2015-02-08 23:08 - 2015-02-08 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse
2015-02-08 23:08 - 2015-02-08 23:08 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse
2015-02-08 23:07 - 2015-02-08 23:07 - 00712719 _____ (Remote Mouse ) C:\Users\280gb ssd\Downloads\RemoteMouse.exe
2015-02-04 17:07 - 2015-02-04 17:07 - 00000000 ____D () C:\ProgramData\REVOLT
2015-02-02 14:11 - 2015-02-17 11:41 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-02 14:11 - 2015-02-02 15:12 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-02 14:10 - 2015-02-17 12:00 - 00000428 _____ () C:\Windows\Tasks\InstallShield Update Task.job
2015-02-02 14:10 - 2015-02-02 14:10 - 00003180 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
2015-02-02 14:10 - 2015-02-02 14:10 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-02 14:10 - 2015-02-02 14:10 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-02 12:17 - 2015-02-02 12:19 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\AutoSizer
2015-02-02 12:17 - 2015-02-02 12:17 - 00286720 _____ (South Bay Software) C:\Users\280gb ssd\Downloads\assetup.exe
2015-02-02 12:17 - 2015-02-02 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoSizer
2015-02-02 12:17 - 2015-02-02 12:17 - 00000000 ____D () C:\Program Files (x86)\AutoSizer
2015-02-02 12:11 - 2015-02-02 12:15 - 00000000 ____D () C:\Program Files (x86)\Sizer
2015-01-30 01:43 - 2015-01-30 01:43 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\DOSBox
2015-01-30 01:43 - 2015-01-30 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2015-01-30 01:43 - 2015-01-30 01:43 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2015-01-30 01:42 - 2015-01-30 01:42 - 01448809 _____ (DOSBox Team) C:\Users\280gb ssd\Downloads\DOSBox-0.74-install.exe
2015-01-30 01:07 - 2015-01-30 01:07 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Castle Crashers
2015-01-30 00:37 - 2015-01-30 01:03 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Nidhogg
2015-01-30 00:37 - 2015-01-30 00:37 - 00000561 _____ () C:\Users\Public\Desktop\Nidhogg v1.004.lnk
2015-01-30 00:37 - 2015-01-30 00:37 - 00000561 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nidhogg v1.004.lnk
2015-01-28 03:46 - 2015-01-28 03:46 - 00000655 _____ () C:\Users\Public\Desktop\Play Resident Evil HD.lnk
2015-01-28 03:46 - 2015-01-28 03:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom
2015-01-28 03:04 - 2015-01-28 03:04 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\CAPCOM
2015-01-27 23:34 - 2015-01-27 23:34 - 00100439 _____ () C:\Users\280gb ssd\Downloads\burger-wars-the-cheap-chicken-nuggets-phase.htm
2015-01-27 22:42 - 2015-01-27 22:43 - 24658468 _____ () C:\Users\280gb ssd\Downloads\vlc-2.1.5-win64(1).exe
2015-01-22 14:45 - 2015-01-22 14:45 - 00014235 _____ () C:\Users\280gb ssd\Desktop\FolderSize - Shortcut.lnk
2015-01-21 17:27 - 2015-01-21 17:56 - 00000400 __RSH () C:\ProgramData\ntuser.pol
2015-01-21 17:26 - 2015-01-21 17:26 - 06431728 _____ (Microsoft Corporation) C:\Users\280gb ssd\Downloads\OSGS14-WindowsSetupBox-32bitand64bit-English-4141408.exe
2015-01-20 09:23 - 2015-01-20 09:23 - 00029501 _____ () C:\Users\280gb ssd\Downloads\File Panama_Canal_Lock_Forms.jpeg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-07-24 19:24 - 2013-12-18 01:46 - 00000000 ____D () C:\Users\280gb ssd\Downloads\Guru3D.com
2015-02-17 13:04 - 2013-10-14 23:08 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-02-17 13:04 - 2013-01-10 21:37 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\uTorrent
2015-02-17 11:46 - 2013-01-01 19:53 - 00000000 _____ () C:\Windows\Path.idx
2015-02-17 11:46 - 2009-07-13 22:13 - 00007210 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 11:41 - 2013-10-01 17:40 - 00000554 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2015-02-17 11:41 - 2013-01-01 18:43 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-02-17 11:41 - 2009-07-13 21:45 - 00020432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 11:41 - 2009-07-13 21:45 - 00020432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 11:40 - 2013-11-28 19:32 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Raptr
2015-02-17 11:39 - 2014-02-20 18:06 - 00000124 _____ () C:\HaxLogs.log
2015-02-17 11:39 - 2013-08-14 20:39 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Dropbox
2015-02-17 11:39 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 11:38 - 2014-04-04 16:02 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-17 11:38 - 2013-01-01 19:35 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\DMCache
2015-02-17 11:38 - 2013-01-01 18:09 - 01214608 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 04:10 - 2013-01-07 21:14 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\vlc
2015-02-16 22:38 - 2013-01-01 19:35 - 00000000 ____D () C:\Users\280gb ssd\Downloads\Compressed
2015-02-16 13:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-15 15:36 - 2013-01-01 17:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-15 09:58 - 2014-12-06 14:24 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Adobe
2015-02-15 09:58 - 2014-12-06 14:24 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\Adobe
2015-02-15 09:58 - 2014-12-06 14:24 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-15 09:58 - 2013-01-01 20:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-15 09:58 - 2013-01-01 20:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-15 09:06 - 2013-07-23 23:21 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\Google
2015-02-15 09:06 - 2013-07-23 23:21 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-14 18:34 - 2013-01-01 19:53 - 00003235 _____ () C:\Windows\MB.idx
2015-02-14 12:41 - 2009-07-13 21:45 - 00484184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 23:40 - 2013-01-06 20:42 - 00003102 _____ () C:\Windows\System32\Tasks\{DF5AE04C-2CCF-41EC-A184-DD800DBD942D}
2015-02-13 23:36 - 2013-01-01 23:21 - 00000000 ____D () C:\Windows\Minidump
2015-02-13 23:36 - 2013-01-01 19:35 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\IDM
2015-02-13 17:43 - 2013-01-01 20:23 - 00000000 ____D () C:\Users\280gb ssd\Documents\My Games
2015-02-13 17:03 - 2013-06-05 22:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-13 16:50 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2015-02-12 03:59 - 2014-09-20 18:19 - 00000000 ____D () C:\Windows\rescache
2015-02-11 22:46 - 2013-04-11 17:14 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\Razer
2015-02-11 22:46 - 2013-01-01 17:43 - 00000000 ____D () C:\ProgramData\Razer
2015-02-11 22:46 - 2013-01-01 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-02-11 22:46 - 2013-01-01 17:43 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-02-11 22:46 - 2013-01-01 17:40 - 00134600 _____ () C:\Users\280gb ssd\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-11 22:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 22:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-02-11 22:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-02-11 22:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 22:22 - 2013-01-30 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 22:20 - 2013-07-19 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 22:19 - 2013-08-14 20:39 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 22:16 - 2013-01-05 18:15 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 23:10 - 2013-01-30 21:41 - 00003945 _____ () C:\Users\280gb ssd\Documents\ax_files.xml
2015-02-09 23:07 - 2014-12-21 19:53 - 00000000 ___HD () C:\jexepackres
2015-02-09 23:07 - 2014-12-21 19:53 - 00000000 ____D () C:\Users\280gb ssd\REW
2015-02-09 23:07 - 2014-12-21 19:53 - 00000000 ____D () C:\Program Files (x86)\Room EQ Wizard V5
2015-02-09 23:07 - 2013-01-01 18:07 - 00000000 ____D () C:\Users\280gb ssd
2015-02-09 17:01 - 2013-01-01 18:07 - 00000000 ____D () C:\Users\280gb ssd\AppData\Local\VirtualStore
2015-02-09 16:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PLA
2015-02-09 15:55 - 2013-10-28 01:20 - 00000000 ____D () C:\Users\280gb ssd\AppData\Roaming\Malwarebytes
2015-02-09 15:55 - 2013-10-28 01:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 12:13 - 2013-01-01 17:42 - 00638976 _____ () C:\Users\280gb ssd\Desktop\cert8.db
2015-02-08 18:45 - 2013-01-01 18:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-02 15:07 - 2013-01-01 18:33 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-02-02 15:07 - 2013-01-01 18:33 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-02-02 15:07 - 2013-01-01 18:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-02-02 15:07 - 2013-01-01 18:33 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-02-02 15:07 - 2013-01-01 18:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2015-02-02 11:57 - 2013-11-28 19:32 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 01:07 - 2013-01-01 19:52 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-29 15:27 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-21 17:27 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-21 17:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

==================== Files in the root of some directories =======

2014-03-27 17:51 - 2014-03-27 17:51 - 0000000 _____ () C:\Program Files (x86)\GUM6F.tmp
2014-09-24 01:07 - 2014-09-24 01:09 - 0000132 _____ () C:\Users\280gb ssd\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-23 20:24 - 2014-12-06 14:06 - 0000132 _____ () C:\Users\280gb ssd\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-17 12:46 - 2013-12-17 14:45 - 14077952 _____ () C:\Users\280gb ssd\AppData\Roaming\Sandra.mdb
2013-04-14 01:22 - 2013-04-14 01:22 - 0008069 _____ () C:\Users\280gb ssd\AppData\Local\CleanupUninstall.txt
2014-04-04 19:17 - 2014-12-31 16:14 - 1065984 _____ () C:\Users\280gb ssd\AppData\Local\file__0.localstorage
2014-02-01 14:04 - 2014-02-01 14:04 - 0000000 ___SH () C:\Users\280gb ssd\AppData\Local\LumaEmu
2013-01-01 20:44 - 2014-06-10 19:32 - 0007618 _____ () C:\Users\280gb ssd\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\280gb ssd\AppData\Local\setup.txt
2013-12-05 16:43 - 2013-12-05 16:56 - 0000000 _____ () C:\Users\280gb ssd\AppData\Local\Temptable.xml
2014-09-16 15:55 - 2014-09-24 23:16 - 0000080 _____ () C:\Users\280gb ssd\AppData\Local\X-Plane Installer.prf
2014-09-24 23:11 - 2014-09-24 23:11 - 0000016 _____ () C:\Users\280gb ssd\AppData\Local\x-plane_install_10.txt
2013-12-08 23:41 - 2013-02-14 09:47 - 0000000 _____ () C:\ProgramData\193847656
2013-10-05 10:41 - 2013-10-05 10:41 - 0000040 _____ () C:\ProgramData\ra3.ini

Files to move or delete:
====================
C:\Users\280gb ssd\x.exe


Some content of TEMP:
====================
C:\Users\280gb ssd\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpllut2t.dll
C:\Users\280gb ssd\AppData\Local\Temp\oi_{F1F660EB-257D-4CAE-A130-7334336B707E}.exe
C:\Users\280gb ssd\AppData\Local\Temp\Quarantine.exe
C:\Users\280gb ssd\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 12:24

==================== End Of Log ============================


Edited by haxxo, 17 February 2015 - 03:11 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 18 February 2015 - 08:39 AM


We have no way of identifying what cause this infection.

Your last FRST log is still reporting these entries.
Please run this fix and post the Fixlog.txt for my review.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\loggingserver.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2491416 2015-02-15] ()
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3842482016-565817156-3172154989-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9795D62F-41A5-49BE-912F-EB4A568FDDC6}&mid=f776a831eb6947cdadb8192946454b12-38629230af595748284c7b88ce822dc3cb481d2a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-15 14:36:03&v=18.2.2.846&pid=safeguard&sg=&sap=dsp&q={searchTerms}
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.2\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.2\\npsitesafety.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-04-30]
R2 vToolbarUpdater18.2.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\ToolbarUpdater.exe [1789464 2015-02-15] (AVG Secure Search)
U3 aianptk3; C:\Windows\System32\Drivers\aianptk3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
R3 ALSysIO; \??\C:\Users\280GBS~1\AppData\Local\Temp\ALSysIO64.sys [X]
C:\Users\280gb ssd\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpllut2t.dll
C:\Users\280gb ssd\AppData\Local\Temp\oi_{F1F660EB-257D-4CAE-A130-7334336B707E}.exe
C:\Windows\System32\Drivers\aianptk3.sys

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#14 haxxo

haxxo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 18 February 2015 - 02:23 PM

its strange that FRST still reported the issue, its completely gone from my browser.  i did as you suggested and here is the new fixlog.txt.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by 280gb ssd at 2015-02-18 12:16:49 Run:2
Running from C:\Users\280gb ssd\Desktop
Loaded Profiles: 280gb ssd & crossfire (Available profiles: 280gb ssd & crossfire & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\loggingserver.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2491416 2015-02-15] ()
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3842482016-565817156-3172154989-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9795D62F-41A5-49BE-912F-EB4A568FDDC6}&mid=f776a831eb6947cdadb8192946454b12-38629230af595748284c7b88ce822dc3cb481d2a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-15 14:36:03&v=18.2.2.846&pid=safeguard&sg=&sap=dsp&q={searchTerms}
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.2\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.2\\npsitesafety.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-04-30]
R2 vToolbarUpdater18.2.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\ToolbarUpdater.exe [1789464 2015-02-15] (AVG Secure Search)
U3 aianptk3; C:\Windows\System32\Drivers\aianptk3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
R3 ALSysIO; \??\C:\Users\280GBS~1\AppData\Local\Temp\ALSysIO64.sys [X]
C:\Users\280gb ssd\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpllut2t.dll
C:\Users\280gb ssd\AppData\Local\Temp\oi_{F1F660EB-257D-4CAE-A130-7334336B707E}.exe
C:\Windows\System32\Drivers\aianptk3.sys

End
*****************

Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.2\loggingserver.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3842482016-565817156-3172154989-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmolcgpienlcieaajfkkdamlngancncm" => Key deleted successfully.
C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx => Moved successfully.
vToolbarUpdater18.2.2 => Service deleted successfully.
aianptk3 => Service deleted successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
C:\Users\280gb ssd\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpllut2t.dll => Moved successfully.
C:\Users\280gb ssd\AppData\Local\Temp\oi_{F1F660EB-257D-4CAE-A130-7334336B707E}.exe => Moved successfully.
Could not move "C:\Windows\System32\Drivers\aianptk3.sys" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-18 12:18:53)<=

C:\Windows\System32\Drivers\aianptk3.sys => Is moved successfully.

==== End of Fixlog 12:18:53 ====

 

Thanks again for the help.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 19 February 2015 - 08:25 AM

It looks clean now.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users