Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast pop-ups continually telling me it blocked a suspicious url


  • This topic is locked This topic is locked
30 replies to this topic

#1 SociallyAwkward

SociallyAwkward

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:03:09 PM

Posted 13 February 2015 - 12:24 PM

Hi all!

 

I'm new here and have read about others who have encounter similar issues. I was blown away and didn't realize how vulnerable a pc can be to malware, and how many ways there are to get infected e.g. downloading .exe files using Bit-torrent etc. i thought i was protected pretty well. I have the latest Avast which updates itself, ad-blocker ( i use chrome), DoNotTrackMe and malware bytes. Its amazing how complex it has become just to keep a system free from malicious software and potected from cyber criminals!

 

Anyway lol regarding my issue, Avast kept informing me about malicious URL's that it has blocked, and this happened every few minutes. It happened right after i downloaded and installed some software, which installed other weird programs also. I however uninstalled them all. When the pop-ups started, i ran a full Avast scan and MBAM as well. they both found threats and removed them. The pops-ups still occur but only when i start chrome. 

 

My question is : How can i get id of this issue?

 

I've definitely learnt to be more careful and i read the tips for safely using the internet.

 

Thanks or the help in advance!! (sorry for the long first post lol) :thumbup2:


Edited by SociallyAwkward, 13 February 2015 - 12:31 PM.


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:09 PM

Posted 13 February 2015 - 01:14 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 SociallyAwkward

SociallyAwkward
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:03:09 PM

Posted 13 February 2015 - 01:40 PM

Hi Jurgen! Thanks for your assistance i appreciate it very much!

 

 

This is the  FRST.txt log :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Mikey (administrator) on MIKEY-PC on 13-02-2015 20:35:34
Running from C:\Users\Mikey\Desktop
Loaded Profiles: Mikey (Available profiles: Mikey)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\MSI\OTPService\OTPService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
() C:\ProgramData\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\Widows7Activator.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(BitTorrent Inc.) C:\Users\Mikey\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-01] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-06-27] (Power Software Ltd)
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\MountPoints2: E - E:\SETUP.EXE
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\MountPoints2: G - G:\INSTALL.EXE
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\MountPoints2: {6f2f25b1-2ff4-11e4-9d5d-806e6f6e6963} - D:\ShellExe.exe index.html
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-06] (Microsoft Corporation)
Startup: C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Widows7Activator.lnk
ShortcutTarget: Widows7Activator.lnk -> C:\ProgramData\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\Widows7Activator.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-za/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21849&r=2015/02/11&hid=11054568371115479005&lg=EN&cc=ZA&unqvl=82
SearchScopes: HKU\S-1-5-21-2014530170-318503234-4003923440-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co.za/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MSIM_enZA610
SearchScopes: HKU\S-1-5-21-2014530170-318503234-4003923440-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21849&r=2015/02/11&hid=11054568371115479005&lg=EN&cc=ZA&unqvl=82
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2014530170-318503234-4003923440-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-08-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-18]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-12-31]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
CHR Profile: C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30]
CHR Extension: (Hangman) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceojgheibbfajlkmpfocmdclggokfdij [2015-02-11]
CHR Extension: (AVG Do Not Track) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojjbofkhffmihobdncmbhdocjljhpi [2014-12-21]
CHR Extension: (AdBlock) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-30]
CHR Extension: (Avast Online Security) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-18]
CHR Extension: (Adblock Super) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-12-01]
CHR Extension: (Google Wallet) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30]
CHR Extension: (UUnIDeals  ) - C:\ProgramData\aliilibdlplodpgjgkjgabgjelbkjpep\ [2014-08-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-01] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-01] (Avast Software)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164736 2012-11-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSI_OTPService; C:\Program Files (x86)\MSI\OTPService\OTPService.exe [252432 2012-04-12] ()
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [143416 2012-10-25] (MSI)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S2 serverjo; C:\Users\Mikey\AppData\Roaming\VOPackage\JOSrv.exe [X]
S2 zifikezi; C:\Users\Mikey\AppData\Roaming\VOPackage\nsl2600.tmpfs [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-01] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-01] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-01] ()
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-31] (Qualcomm Atheros)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_T; C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [101376 2011-11-21] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [217088 2011-11-21] (Renesas Electronics Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-11-01] (Avast Software)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-13] ()
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 20:35 - 2015-02-13 20:35 - 00020874 _____ () C:\Users\Mikey\Desktop\FRST.txt
2015-02-13 20:34 - 2015-02-13 20:35 - 00000000 ____D () C:\FRST
2015-02-13 20:29 - 2015-02-13 20:29 - 02134016 _____ (Farbar) C:\Users\Mikey\Desktop\FRST64.exe
2015-02-13 17:55 - 2015-02-13 17:55 - 00479227 _____ () C:\Users\Mikey\Downloads\CSD201T_Assignment2_Sem1_2015.zip
2015-02-13 17:53 - 2015-02-13 17:53 - 00000603 _____ () C:\Users\Mikey\Desktop\Dev-C++.lnk
2015-02-13 17:50 - 2015-02-13 17:50 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-02-13 17:49 - 2015-02-13 17:49 - 00000056 _____ () C:\Windows\setupact.log
2015-02-13 17:49 - 2015-02-13 17:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-13 17:48 - 2015-02-13 17:48 - 00003256 _____ () C:\Windows\PFRO.log
2015-02-13 15:23 - 2015-02-13 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2015-02-13 15:22 - 2015-02-13 16:52 - 00000000 ____D () C:\Dev-Cpp
2015-02-13 15:17 - 2015-02-13 19:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 15:17 - 2015-02-13 15:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-13 15:16 - 2015-02-13 15:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-13 15:16 - 2015-02-13 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-13 15:16 - 2015-02-13 15:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-13 15:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-13 15:16 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-13 15:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-13 15:10 - 2015-02-13 15:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mikey\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-13 14:54 - 2015-02-13 14:56 - 11189643 _____ () C:\Users\Mikey\Downloads\Dev C++.zip
2015-02-12 21:10 - 2015-01-14 07:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 21:10 - 2015-01-14 07:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 21:10 - 2015-01-12 05:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 21:10 - 2015-01-12 05:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 21:10 - 2015-01-12 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 21:10 - 2015-01-12 04:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 21:10 - 2015-01-12 04:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 21:10 - 2015-01-12 04:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 21:10 - 2015-01-12 04:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 21:10 - 2015-01-12 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 21:10 - 2015-01-12 04:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 21:10 - 2015-01-12 04:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 21:10 - 2015-01-12 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 21:10 - 2015-01-12 04:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 21:10 - 2015-01-12 04:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 21:10 - 2015-01-12 04:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 21:10 - 2015-01-12 04:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:10 - 2015-01-12 04:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 21:10 - 2015-01-12 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 21:10 - 2015-01-12 04:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 21:10 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 21:10 - 2015-01-12 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 21:10 - 2015-01-12 04:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 21:10 - 2015-01-12 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 21:10 - 2015-01-12 04:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 21:10 - 2015-01-12 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 21:10 - 2015-01-12 04:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 21:10 - 2015-01-12 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 21:10 - 2015-01-12 04:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 21:10 - 2015-01-12 04:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 21:10 - 2015-01-12 04:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 21:10 - 2015-01-12 03:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 21:10 - 2015-01-12 03:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 21:10 - 2015-01-12 03:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 21:10 - 2015-01-12 03:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 21:10 - 2015-01-12 03:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 21:10 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 21:10 - 2015-01-12 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 21:10 - 2015-01-12 03:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 21:10 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 21:10 - 2015-01-12 03:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 21:10 - 2015-01-12 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 21:10 - 2015-01-12 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 21:10 - 2015-01-12 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 21:10 - 2015-01-12 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 21:10 - 2015-01-12 03:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 21:10 - 2015-01-12 03:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 21:10 - 2015-01-12 03:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 21:10 - 2015-01-12 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 21:10 - 2015-01-12 03:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 21:10 - 2015-01-12 03:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 21:10 - 2015-01-12 03:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 21:10 - 2015-01-12 03:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 21:10 - 2015-01-12 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 21:10 - 2015-01-12 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 21:10 - 2015-01-12 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 22:42 - 2015-02-11 22:42 - 00006376 _____ () C:\Users\Mikey\Documents\Project1_private.res
2015-02-11 22:42 - 2015-02-11 22:42 - 00000595 _____ () C:\Users\Mikey\Documents\Project1_private.h
2015-02-11 22:42 - 2015-02-11 22:42 - 00000135 _____ () C:\Users\Mikey\Documents\Project1_private.rc
2015-02-11 22:25 - 2015-02-12 08:03 - 00136020 _____ () C:\Users\Mikey\Documents\Project1.exe
2015-02-11 20:17 - 2015-01-10 08:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:38 - 2015-02-12 08:03 - 00001546 _____ () C:\Users\Mikey\Documents\main.o
2015-02-11 18:43 - 2015-01-15 10:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 18:43 - 2015-01-15 10:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 18:43 - 2015-01-15 10:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 18:43 - 2015-01-15 10:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 18:43 - 2015-01-15 10:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 18:43 - 2015-01-15 10:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 18:43 - 2015-01-15 10:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 18:43 - 2015-01-15 10:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 18:43 - 2015-01-15 10:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 18:43 - 2015-01-15 10:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 18:43 - 2015-01-15 10:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 18:43 - 2015-01-15 09:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 18:43 - 2015-01-15 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 18:43 - 2015-01-15 09:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 18:43 - 2015-01-15 09:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 18:43 - 2015-01-15 09:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 18:43 - 2015-01-15 09:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 18:43 - 2015-01-15 06:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 18:43 - 2015-01-13 05:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 18:43 - 2015-01-13 04:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 18:08 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 18:08 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 17:45 - 2015-01-14 08:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 17:45 - 2015-01-14 08:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 17:45 - 2015-01-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 17:45 - 2015-01-14 08:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 17:45 - 2015-01-14 07:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 17:45 - 2015-01-14 07:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 17:45 - 2015-01-14 07:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 17:42 - 2015-01-09 04:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 17:40 - 2015-02-11 17:40 - 00424177 __RSH () C:\TFAMR
2015-02-11 17:25 - 2015-02-11 17:25 - 00000000 __SHD () C:\Users\Mikey\AppData\Local\EmieBrowserModeList
2015-02-11 17:23 - 2015-02-11 17:23 - 00000000 ____D () C:\ProgramData\76f99371000007dc
2015-02-11 17:07 - 2015-02-11 17:42 - 00000000 ____D () C:\Program Files (x86)\Hangman
2015-02-11 17:06 - 2015-02-11 17:06 - 00000000 ____D () C:\ProgramData\aliilibdlplodpgjgkjgabgjelbkjpep
2015-02-11 17:06 - 2015-02-11 17:06 - 00000000 ____D () C:\ProgramData\503182876793519035
2015-02-11 17:06 - 2015-02-11 17:06 - 00000000 ____D () C:\Program Files (x86)\UUnIDeals
2015-02-11 17:05 - 2015-02-11 17:39 - 00000000 ____D () C:\ProgramData\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}
2015-02-11 16:59 - 2015-02-11 16:59 - 00000000 ____D () C:\Users\Mikey\AppData\Roaming\Opera Software
2015-02-11 16:59 - 2015-02-11 16:59 - 00000000 ____D () C:\Users\Mikey\AppData\Local\Opera Software
2015-02-11 16:56 - 2015-02-11 16:55 - 00301608 _____ (VuuPC Limited) C:\Users\Mikey\AppData\Local\nsw40AF.tmp
2015-02-11 16:54 - 2015-02-13 16:55 - 00000000 ____D () C:\Users\Mikey\AppData\Roaming\SoftwareUpdater
2015-02-11 16:53 - 2015-02-11 17:25 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-11 16:51 - 2015-02-13 17:52 - 00001334 _____ () C:\Windows\Tasks\JIXP.job
2015-02-11 16:51 - 2015-02-12 19:46 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-02-11 16:51 - 2015-02-11 16:51 - 00004360 _____ () C:\Windows\System32\Tasks\JIXP
2015-02-11 16:51 - 2015-02-11 16:51 - 00000000 ____D () C:\Users\Mikey\AppData\Local\globalUpdate
2015-02-10 21:54 - 2015-02-12 08:03 - 00001345 _____ () C:\Users\Mikey\Documents\Makefile.win
2015-02-10 21:32 - 2015-02-12 08:09 - 00000095 _____ () C:\Users\Mikey\Documents\Project1.layout
2015-02-10 21:25 - 2015-02-12 07:24 - 00001289 _____ () C:\Users\Mikey\Documents\main.c
2015-02-10 21:24 - 2015-02-11 22:42 - 00000987 _____ () C:\Users\Mikey\Documents\Project1.dev
2015-02-09 20:38 - 2015-02-09 20:38 - 01266610 _____ () C:\Users\Mikey\Downloads\PneuDrive Challenge 2013 - Presentation Template(1) (1).pptx
2015-02-07 15:50 - 2015-02-07 15:50 - 00117248 _____ () C:\Users\Mikey\Downloads\2015 Academic Core Calendar.xls
2015-02-04 21:36 - 2015-02-04 22:24 - 00000059 _____ () C:\Users\Mikey\Desktop\New Text Document.txt
2015-02-03 19:28 - 2015-02-03 19:28 - 01266610 _____ () C:\Users\Mikey\Downloads\PneuDrive Challenge 2013 - Presentation Template(1).pptx
2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\Mikey\AppData\Roaming\JIXP
2015-01-14 17:48 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:48 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:48 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:48 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:48 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 17:48 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 20:33 - 2014-11-01 18:52 - 00000000 ____D () C:\Users\Mikey\AppData\Roaming\BitTorrent
2015-02-13 20:32 - 2014-08-30 05:22 - 01829353 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 20:31 - 2014-08-29 21:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 19:52 - 2009-07-14 06:45 - 00054768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 19:52 - 2009-07-14 06:45 - 00054768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 18:15 - 2014-11-14 16:16 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Mikey-PC-Mikey Mikey-PC
2015-02-13 17:52 - 2014-08-29 21:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 17:50 - 2014-08-29 21:42 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-02-13 17:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 16:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2015-02-13 15:03 - 2009-07-14 01:28 - 00006656 _____ () C:\Windows\system32\lpcio.dll
2015-02-13 14:51 - 2014-11-01 19:24 - 00000000 ____D () C:\Users\Mikey\AppData\Local\CrashDumps
2015-02-13 14:51 - 2014-08-30 13:24 - 00000000 ____D () C:\Windows\Minidump
2015-02-13 14:48 - 2009-07-14 07:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 21:32 - 2014-11-08 09:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-12 21:32 - 2014-11-08 09:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 07:15 - 2014-10-18 19:14 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-12 07:04 - 2009-07-14 06:45 - 00455096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 07:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 17:42 - 2014-08-29 21:57 - 00000000 ____D () C:\Program Files (x86)\Atheros
2015-02-11 17:27 - 2014-10-18 18:57 - 00000000 ____D () C:\Users\Mikey\AppData\Roaming\vlc
2015-02-07 11:50 - 2014-08-30 07:16 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-03 19:30 - 2014-12-28 17:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-24 11:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2014-08-30 07:41 - 2014-08-30 07:41 - 6010880 _____ () C:\Program Files (x86)\GUT8DEA.tmp
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Mikey\AppData\Roaming\JIXP
2014-08-29 21:45 - 2014-08-29 21:45 - 0000036 _____ () C:\Users\Mikey\AppData\Local\housecall.guid.cache
2015-02-11 16:56 - 2015-02-11 16:55 - 0301608 _____ (VuuPC Limited) C:\Users\Mikey\AppData\Local\nsw40AF.tmp
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-04 20:11
 
==================== End Of Log ============================

 

 

This is the Addition.txt log :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by Mikey at 2015-02-13 20:35:52
Running from C:\Users\Mikey\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 8.0 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CPUID HWMonitor Pro 1.20 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
Dev C Add-ons (HKLM-x32\...\{3D7C744C-7EDE-4765-BDBF-A9FD2A8FACFE}) (Version: 1.0.0 - Private)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Hitman Blood Money (HKLM-x32\...\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}) (Version: 1.00.0000 - Eidos)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® Smart Connect Technology 3.0 x64 (HKLM\...\{DE788AD4-F7CE-4995-ADF8-56174A7B613C}) (Version: 3.0.41.1571 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
NVIDIA Graphics Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation)
OTPService (HKLM-x32\...\{B05F7750-8800-4520-9732-9C841246C8E2}_is1) (Version: 1.0.004 - MSI)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.208 - Qualcomm Atheros Communications)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.12.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.12.0 - Renesas Electronics Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.014 - MSI)
Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.126 - MSI)
WinRAR 5.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
12-02-2015 21:29:11 Windows Update
13-02-2015 15:25:33 Installed Dev C Add-ons
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0E7C3DEB-D40F-4096-981E-D925740819CA} - System32\Tasks\{4532F012-5FB9-4F67-977F-84DEB5AD0007} => pcalua.exe -a D:\Utility\Google\Toolbar.exe -d D:\Utility\Google -c /r:MSIM /q  /T
Task: {23EC32C6-34FB-4521-ACF8-B8CDD77CBC94} - System32\Tasks\{29098EF2-4114-4933-852D-1A72059FA2B7} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe"
Task: {33337929-2B47-4B26-AE0E-BFEC47D7DD48} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Mikey-PC-Mikey Mikey-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
Task: {3CE3C577-466E-4E29-9230-F7459D461C1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {4A633FD9-CBBE-4CFA-9EAC-E5091B2EED94} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {608F2486-D9CE-4948-966F-2409CE337B42} - System32\Tasks\{CA6B6052-778D-4542-8AA4-D40D6A447D43} => pcalua.exe -a D:\ChipSet\Intel\Patsburg\infinst_autol.exe -d D:\ChipSet\Intel\Patsburg -c -s
Task: {7BBDD7F2-401D-4FCF-A762-997BD7FCA27D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {7F7AE230-EDB7-47C6-AA7D-F4E92FD80C68} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-01] (AVAST Software)
Task: {9BE0CDC6-2C88-4626-AB33-06862E52455D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9EBE1054-E2AF-4057-8BD4-FBCB6DDF603C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B2975333-D3CC-4349-987C-810663FE9994} - System32\Tasks\JIXP => C:\Users\Mikey\AppData\Roaming\JIXP.exe <==== ATTENTION
Task: {C66DE5EE-1254-4E2E-A277-5E2B75C080C2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2014530170-318503234-4003923440-1000
Task: {D04FDA25-850E-482A-BC52-A0AD46F2B117} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DE4C79CF-AC12-4579-9277-C2DFEB005F09} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {F204C4DF-351D-4175-8E9A-747BA2526C0E} - System32\Tasks\{845222CE-9F79-4811-8915-A8127719CB76} => pcalua.exe -a D:\winki\Setup.exe -d D:\winki -c /VERYSILENT
Task: {F917A487-6BBA-445B-BF68-7F8B579DDF12} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JIXP.job => C:\Users\Mikey\AppData\Roaming\JIXP.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2012-08-16 20:36 - 2012-08-16 20:36 - 00149032 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-08-16 20:36 - 2012-08-16 20:36 - 00058920 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-29 21:38 - 2012-04-12 19:59 - 00252432 _____ () C:\Program Files (x86)\MSI\OTPService\OTPService.exe
2014-11-01 18:50 - 2014-11-01 18:50 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-01 18:50 - 2014-11-01 18:50 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-08-30 09:13 - 2013-05-12 22:34 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-11 17:05 - 2014-02-11 17:05 - 01104896 _____ () C:\ProgramData\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\Widows7Activator.exe
2015-01-19 15:41 - 2015-01-19 15:41 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011900\algo.dll
2014-11-01 18:50 - 2014-11-01 18:50 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-01 18:51 - 2014-11-01 18:51 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-29 21:39 - 2012-10-22 07:22 - 01199648 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-13 07:33 - 2014-12-06 03:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 07:33 - 2014-12-06 03:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 07:33 - 2014-12-06 03:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 07:33 - 2014-12-06 03:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 07:33 - 2014-12-06 03:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iSCTsysTray.lnk => C:\Windows\pss\iSCTsysTray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
MSCONFIG\startupreg: BtvStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2014530170-318503234-4003923440-500 - Administrator - Disabled)
Guest (S-1-5-21-2014530170-318503234-4003923440-501 - Limited - Disabled)
Mikey (S-1-5-21-2014530170-318503234-4003923440-1000 - Administrator - Enabled) => C:\Users\Mikey
 
==================== Faulty Device Manager Devices =============
 
Name: Qualcomm Atheros AR3011 Bluetooth 3.0
Description: Qualcomm Atheros AR3011 Bluetooth 3.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/13/2015 02:54:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (02/12/2015 08:01:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (02/12/2015 07:24:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (02/11/2015 06:31:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Project1.exe, version: 0.0.0.0, time stamp: 0x54db83d9
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x0000000000002240
Faulting process id: 0x1184
Faulting application start time: 0xProject1.exe0
Faulting application path: Project1.exe1
Faulting module path: Project1.exe2
Report Id: Project1.exe3
 
Error: (02/11/2015 06:08:43 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F015
Partial Pkey=83HMH
ACID=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Detailed Error[?]
 
Error: (02/11/2015 06:07:48 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F015
Partial Pkey=QM36W
ACID=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Detailed Error[?]
 
Error: (02/11/2015 06:06:19 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F015
Partial Pkey=733WD
ACID=50e329f7-a5fa-46b2-85fd-f224e5da7764
Detailed Error[?]
 
Error: (02/11/2015 06:05:47 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F015
Partial Pkey=FXWHK
ACID=770bc271-8dc1-467d-b574-73cbacbeccd1
Detailed Error[?]
 
Error: (02/11/2015 06:05:30 PM) (Source: Software Protection Platform Service) (EventID: 1012) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
 
Error: (02/11/2015 06:05:30 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0xC004C003
 
 
System errors:
=============
Error: (02/13/2015 05:50:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Noticeboard Personal Digital Assistant service failed to start due to the following error: 
%%2
 
Error: (02/13/2015 05:50:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The JO Service component service failed to start due to the following error: 
%%2
 
Error: (02/13/2015 05:50:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.
 
Error: (02/13/2015 03:27:44 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (02/13/2015 03:27:38 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (02/13/2015 03:27:12 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (02/13/2015 02:45:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Noticeboard Personal Digital Assistant service failed to start due to the following error: 
%%2
 
Error: (02/13/2015 02:45:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The JO Service component service failed to start due to the following error: 
%%2
 
Error: (02/13/2015 02:45:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.
 
Error: (02/12/2015 09:29:32 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Microsoft Office Sessions:
=========================
Error: (02/13/2015 02:54:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (02/12/2015 08:01:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
 
Error: (02/12/2015 07:24:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (02/11/2015 06:31:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Project1.exe0.0.0.054db83d9msvcrt.dll7.0.7601.177444eeb033fc00000050000000000002240118401d046182b7b5685C:\Users\Mikey\Documents\Project1.exeC:\Windows\system32\msvcrt.dll69de96ed-b20b-11e4-b355-d43d7e93dead
 
Error: (02/11/2015 06:08:43 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: 0xC004F01583HMH9abf5984-9c16-46f2-ad1e-7fe15931a8dd?
 
Error: (02/11/2015 06:07:48 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: 0xC004F015QM36W9abf5984-9c16-46f2-ad1e-7fe15931a8dd?
 
Error: (02/11/2015 06:06:19 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: 0xC004F015733WD50e329f7-a5fa-46b2-85fd-f224e5da7764?
 
Error: (02/11/2015 06:05:47 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: 0xC004F015FXWHK770bc271-8dc1-467d-b574-73cbacbeccd1?
 
Error: (02/11/2015 06:05:30 PM) (Source: Software Protection Platform Service) (EventID: 1012) (User: )
Description: hr=0xC004C003ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
 
Error: (02/11/2015 06:05:30 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 18:05:30:223 - http://go.microsoft.com/fwlink/?LinkID=88340)
00020001(0x00000000, 18:05:30:223)
00030001(0x00000000, 18:05:30:223 - http://go.microsoft.com)
00030002(0x00000000, 18:05:30:223 - 1)
00020005(0x00000000, 18:05:30:223 - 0)
0002000C(0x00000000, 18:05:30:553 - 302)
00020001(0x00000000, 18:05:30:553)
00030001(0x00000000, 18:05:30:553 - https://activation.sls.microsoft.com)
00030002(0x00000000, 18:05:30:553 - 1)
00020005(0x00000000, 18:05:30:553 - 0)
0002000C(0x00000000, 18:05:30:903 - 500)
00010002(0x8004FC01, 18:05:30:903 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked.  ---&gt; Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 18:05:30:904)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8140.28 MB
Available physical RAM: 5602.73 MB
Total Pagefile: 16278.75 MB
Available Pagefile: 13349.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:51.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Mathematics3) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive f: (OSBORN) (Removable) (Total:7.44 GB) (Free:1.3 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B1F63164)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 

 

==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:09 PM

Posted 13 February 2015 - 01:58 PM

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 SociallyAwkward

SociallyAwkward
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:03:09 PM

Posted 13 February 2015 - 02:13 PM

When i try to run AdwCleaner.exe , i get a message saying that it is not a valid win32 application.



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:09 PM

Posted 13 February 2015 - 03:03 PM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 SociallyAwkward

SociallyAwkward
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:03:09 PM

Posted 13 February 2015 - 03:13 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Mikey (administrator) on MIKEY-PC on 13-02-2015 22:13:00
Running from C:\Users\Mikey\Desktop
Loaded Profiles: Mikey (Available profiles: Mikey)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\MSI\OTPService\OTPService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
() C:\ProgramData\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\Widows7Activator.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(BitTorrent Inc.) C:\Users\Mikey\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-01] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-06-27] (Power Software Ltd)
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\MountPoints2: E - E:\SETUP.EXE
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\MountPoints2: G - G:\INSTALL.EXE
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\...\MountPoints2: {6f2f25b1-2ff4-11e4-9d5d-806e6f6e6963} - D:\ShellExe.exe index.html
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-06] (Microsoft Corporation)
Startup: C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Widows7Activator.lnk
ShortcutTarget: Widows7Activator.lnk -> C:\ProgramData\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\Widows7Activator.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2014530170-318503234-4003923440-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-za/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21849&r=2015/02/11&hid=11054568371115479005&lg=EN&cc=ZA&unqvl=82
SearchScopes: HKU\S-1-5-21-2014530170-318503234-4003923440-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co.za/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MSIM_enZA610
SearchScopes: HKU\S-1-5-21-2014530170-318503234-4003923440-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21849&r=2015/02/11&hid=11054568371115479005&lg=EN&cc=ZA&unqvl=82
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2014530170-318503234-4003923440-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-08-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-18]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-12-31]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
CHR Profile: C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30]
CHR Extension: (Hangman) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceojgheibbfajlkmpfocmdclggokfdij [2015-02-11]
CHR Extension: (AVG Do Not Track) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojjbofkhffmihobdncmbhdocjljhpi [2014-12-21]
CHR Extension: (AdBlock) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-30]
CHR Extension: (Avast Online Security) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-18]
CHR Extension: (Adblock Super) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-12-01]
CHR Extension: (Google Wallet) - C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30]
CHR Extension: (UUnIDeals  ) - C:\ProgramData\aliilibdlplodpgjgkjgabgjelbkjpep\ [2014-08-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-01] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-01] (Avast Software)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164736 2012-11-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSI_OTPService; C:\Program Files (x86)\MSI\OTPService\OTPService.exe [252432 2012-04-12] ()
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [143416 2012-10-25] (MSI)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S2 serverjo; C:\Users\Mikey\AppData\Roaming\VOPackage\JOSrv.exe [X]
S2 zifikezi; C:\Users\Mikey\AppData\Roaming\VOPackage\nsl2600.tmpfs [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-01] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-01] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-01] ()
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-31] (Qualcomm Atheros)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_T; C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [101376 2011-11-21] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [217088 2011-11-21] (Renesas Electronics Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-11-01] (Avast Software)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-13] ()
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 21:10 - 2015-02-13 21:10 - 02096687 _____ () C:\Users\Mikey\Desktop\adwcleaner_4.110.exe
2015-02-13 20:57 - 2015-02-13 21:03 - 00000000 ____D () C:\Users\Mikey\AppData\Roaming\Dev-Cpp
2015-02-13 20:35 - 2015-02-13 22:13 - 00020913 _____ () C:\Users\Mikey\Desktop\FRST.txt
2015-02-13 20:35 - 2015-02-13 20:36 - 00023561 _____ () C:\Users\Mikey\Desktop\Addition.txt
2015-02-13 20:34 - 2015-02-13 22:13 - 00000000 ____D () C:\FRST
2015-02-13 20:29 - 2015-02-13 20:29 - 02134016 _____ (Farbar) C:\Users\Mikey\Desktop\FRST64.exe
2015-02-13 17:55 - 2015-02-13 17:55 - 00479227 _____ () C:\Users\Mikey\Downloads\CSD201T_Assignment2_Sem1_2015.zip
2015-02-13 17:53 - 2015-02-13 17:53 - 00000603 _____ () C:\Users\Mikey\Desktop\Dev-C++.lnk
2015-02-13 17:50 - 2015-02-13 17:50 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-02-13 17:49 - 2015-02-13 17:49 - 00000056 _____ () C:\Windows\setupact.log
2015-02-13 17:49 - 2015-02-13 17:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-13 17:48 - 2015-02-13 17:48 - 00003256 _____ () C:\Windows\PFRO.log
2015-02-13 15:23 - 2015-02-13 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2015-02-13 15:22 - 2015-02-13 16:52 - 00000000 ____D () C:\Dev-Cpp
2015-02-13 15:17 - 2015-02-13 19:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 15:17 - 2015-02-13 15:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-13 15:16 - 2015-02-13 15:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-13 15:16 - 2015-02-13 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-13 15:16 - 2015-02-13 15:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-13 15:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-13 15:16 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-13 15:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-13 15:10 - 2015-02-13 15:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mikey\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-13 14:54 - 2015-02-13 14:56 - 11189643 _____ () C:\Users\Mikey\Downloads\Dev C++.zip
2015-02-12 21:10 - 2015-01-14 07:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 21:10 - 2015-01-14 07:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 21:10 - 2015-01-12 05:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 21:10 - 2015-01-12 05:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 21:10 - 2015-01-12 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 21:10 - 2015-01-12 04:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 21:10 - 2015-01-12 04:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 21:10 - 2015-01-12 04:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 21:10 - 2015-01-12 04:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 21:10 - 2015-01-12 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 21:10 - 2015-01-12 04:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 21:10 - 2015-01-12 04:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 21:10 - 2015-01-12 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 21:10 - 2015-01-12 04:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 21:10 - 2015-01-12 04:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 21:10 - 2015-01-12 04:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 21:10 - 2015-01-12 04:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:10 - 2015-01-12 04:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 21:10 - 2015-01-12 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 21:10 - 2015-01-12 04:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 21:10 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 21:10 - 2015-01-12 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 21:10 - 2015-01-12 04:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 21:10 - 2015-01-12 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 21:10 - 2015-01-12 04:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 21:10 - 2015-01-12 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 21:10 - 2015-01-12 04:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 21:10 - 2015-01-12 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 21:10 - 2015-01-12 04:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 21:10 - 2015-01-12 04:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 21:10 - 2015-01-12 04:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 21:10 - 2015-01-12 03:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 21:10 - 2015-01-12 03:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 21:10 - 2015-01-12 03:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 21:10 - 2015-01-12 03:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 21:10 - 2015-01-12 03:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 21:10 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 21:10 - 2015-01-12 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 21:10 - 2015-01-12 03:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 21:10 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 21:10 - 2015-01-12 03:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 21:10 - 2015-01-12 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 21:10 - 2015-01-12 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 21:10 - 2015-01-12 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 21:10 - 2015-01-12 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 21:10 - 2015-01-12 03:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 21:10 - 2015-01-12 03:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 21:10 - 2015-01-12 03:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 21:10 - 2015-01-12 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 21:10 - 2015-01-12 03:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 21:10 - 2015-01-12 03:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 21:10 - 2015-01-12 03:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 21:10 - 2015-01-12 03:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 21:10 - 2015-01-12 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 21:10 - 2015-01-12 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 21:10 - 2015-01-12 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 22:42 - 2015-02-11 22:42 - 00006376 _____ () C:\Users\Mikey\Documents\Project1_private.res
2015-02-11 22:42 - 2015-02-11 22:42 - 00000595 _____ () C:\Users\Mikey\Documents\Project1_private.h
2015-02-11 22:42 - 2015-02-11 22:42 - 00000135 _____ () C:\Users\Mikey\Documents\Project1_private.rc
2015-02-11 22:25 - 2015-02-13 20:59 - 00026530 _____ () C:\Users\Mikey\Documents\Project1.exe
2015-02-11 20:17 - 2015-01-10 08:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 20:17 - 2015-01-10 08:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 20:17 - 2015-01-10 08:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:38 - 2015-02-13 20:59 - 00000657 _____ () C:\Users\Mikey\Documents\main.o
2015-02-11 18:43 - 2015-01-15 10:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 18:43 - 2015-01-15 10:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 18:43 - 2015-01-15 10:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 18:43 - 2015-01-15 10:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 18:43 - 2015-01-15 10:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 18:43 - 2015-01-15 10:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 18:43 - 2015-01-15 10:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 18:43 - 2015-01-15 10:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 18:43 - 2015-01-15 10:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 18:43 - 2015-01-15 10:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 18:43 - 2015-01-15 10:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 18:43 - 2015-01-15 09:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 18:43 - 2015-01-15 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 18:43 - 2015-01-15 09:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 18:43 - 2015-01-15 09:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 18:43 - 2015-01-15 09:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 18:43 - 2015-01-15 09:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 18:43 - 2015-01-15 06:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 18:43 - 2015-01-13 05:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 18:43 - 2015-01-13 04:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 18:08 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 18:08 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 17:45 - 2015-01-14 08:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 17:45 - 2015-01-14 08:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 17:45 - 2015-01-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 17:45 - 2015-01-14 08:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 17:45 - 2015-01-14 07:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 17:45 - 2015-01-14 07:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 17:45 - 2015-01-14 07:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 17:42 - 2015-01-09 04:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 17:40 - 2015-02-11 17:40 - 00424177 __RSH () C:\TFAMR
2015-02-11 17:25 - 2015-02-11 17:25 - 00000000 __SHD () C:\Users\Mikey\AppData\Local\EmieBrowserModeList
2015-02-11 17:23 - 2015-02-11 17:23 - 00000000 ____D () C:\ProgramData\76f99371000007dc
2015-02-11 17:07 - 2015-02-11 17:42 - 00000000 ____D () C:\Program Files (x86)\Hangman
2015-02-11 17:06 - 2015-02-11 17:06 - 00000000 ____D () C:\ProgramData\aliilibdlplodpgjgkjgabgjelbkjpep
2015-02-11 17:06 - 2015-02-11 17:06 - 00000000 ____D () C:\ProgramData\503182876793519035
2015-02-11 17:06 - 2015-02-11 17:06 - 00000000 ____D () C:\Program Files (x86)\UUnIDeals
2015-02-11 17:05 - 2015-02-11 17:39 - 00000000 ____D () C:\ProgramData\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}
2015-02-11 16:59 - 2015-02-11 16:59 - 00000000 ____D () C:\Users\Mikey\AppData\Roaming\Opera Software
2015-02-11 16:59 - 2015-02-11 16:59 - 00000000 ____D () C:\Users\Mikey\AppData\Local\Opera Software
2015-02-11 16:56 - 2015-02-11 16:55 - 00301608 _____ (VuuPC Limited) C:\Users\Mikey\AppData\Local\nsw40AF.tmp
2015-02-11 16:54 - 2015-02-13 16:55 - 00000000 ____D () C:\Users\Mikey\AppData\Roaming\SoftwareUpdater
2015-02-11 16:53 - 2015-02-11 17:25 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-11 16:51 - 2015-02-13 17:52 - 00001334 _____ () C:\Windows\Tasks\JIXP.job
2015-02-11 16:51 - 2015-02-12 19:46 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-02-11 16:51 - 2015-02-11 16:51 - 00004360 _____ () C:\Windows\System32\Tasks\JIXP
2015-02-11 16:51 - 2015-02-11 16:51 - 00000000 ____D () C:\Users\Mikey\AppData\Local\globalUpdate
2015-02-10 21:54 - 2015-02-13 20:59 - 00000786 _____ () C:\Users\Mikey\Documents\Makefile.win
2015-02-10 21:32 - 2015-02-13 21:03 - 00000110 _____ () C:\Users\Mikey\Documents\Project1.layout
2015-02-10 21:25 - 2015-02-13 20:59 - 00000239 _____ () C:\Users\Mikey\Documents\main.c
2015-02-10 21:24 - 2015-02-13 20:58 - 00000837 _____ () C:\Users\Mikey\Documents\Project1.dev
2015-02-09 20:38 - 2015-02-09 20:38 - 01266610 _____ () C:\Users\Mikey\Downloads\PneuDrive Challenge 2013 - Presentation Template(1) (1).pptx
2015-02-07 15:50 - 2015-02-07 15:50 - 00117248 _____ () C:\Users\Mikey\Downloads\2015 Academic Core Calendar.xls
2015-02-04 21:36 - 2015-02-04 22:24 - 00000059 _____ () C:\Users\Mikey\Desktop\New Text Document.txt
2015-02-03 19:28 - 2015-02-03 19:28 - 01266610 _____ () C:\Users\Mikey\Downloads\PneuDrive Challenge 2013 - Presentation Template(1).pptx
2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\Mikey\AppData\Roaming\JIXP
2015-01-14 17:48 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:48 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:48 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:48 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:48 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 17:48 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 22:10 - 2014-11-01 18:52 - 00000000 ____D () C:\Users\Mikey\AppData\Roaming\BitTorrent
2015-02-13 21:53 - 2014-08-30 05:22 - 01834073 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 21:52 - 2009-07-14 06:45 - 00054768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 21:52 - 2009-07-14 06:45 - 00054768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 21:31 - 2014-08-29 21:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 18:15 - 2014-11-14 16:16 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Mikey-PC-Mikey Mikey-PC
2015-02-13 17:52 - 2014-08-29 21:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 17:50 - 2014-08-29 21:42 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-02-13 17:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 16:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2015-02-13 15:03 - 2009-07-14 01:28 - 00006656 _____ () C:\Windows\system32\lpcio.dll
2015-02-13 14:51 - 2014-11-01 19:24 - 00000000 ____D () C:\Users\Mikey\AppData\Local\CrashDumps
2015-02-13 14:51 - 2014-08-30 13:24 - 00000000 ____D () C:\Windows\Minidump
2015-02-13 14:48 - 2009-07-14 07:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 21:32 - 2014-11-08 09:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-12 21:32 - 2014-11-08 09:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 07:15 - 2014-10-18 19:14 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-12 07:04 - 2009-07-14 06:45 - 00455096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 07:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 17:42 - 2014-08-29 21:57 - 00000000 ____D () C:\Program Files (x86)\Atheros
2015-02-11 17:27 - 2014-10-18 18:57 - 00000000 ____D () C:\Users\Mikey\AppData\Roaming\vlc
2015-02-07 11:50 - 2014-08-30 07:16 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-03 19:30 - 2014-12-28 17:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-24 11:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2014-08-30 07:41 - 2014-08-30 07:41 - 6010880 _____ () C:\Program Files (x86)\GUT8DEA.tmp
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Mikey\AppData\Roaming\JIXP
2014-08-29 21:45 - 2014-08-29 21:45 - 0000036 _____ () C:\Users\Mikey\AppData\Local\housecall.guid.cache
2015-02-11 16:56 - 2015-02-11 16:55 - 0301608 _____ (VuuPC Limited) C:\Users\Mikey\AppData\Local\nsw40AF.tmp
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-04 20:11
 
==================== End Of Log ============================


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:09 PM

Posted 13 February 2015 - 03:19 PM

2015-02-13 21:10 - 2015-02-13 21:10 - 02096687 _____ () C:\Users\Mikey\Desktop\adwcleaner_4.110.exe

Please download Adwcleaner again. File size must be:

2015-02-13 21:18 - 2015-02-13 21:18 - 02112512 _____ () C:\Users\Win7\Desktop\AdwCleaner_4.110.exe
2015-02-13 21:15 - 2015-02-13 21:15 - 02112512 _____ () C:\Users\Win7\Downloads\adwcleaner_4.110.exe

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 SociallyAwkward

SociallyAwkward
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:03:09 PM

Posted 13 February 2015 - 03:42 PM

I've tried both links and both file sizes..I still get a message saying that adwcleaner is not a valid win32 application :-(


Edited by SociallyAwkward, 13 February 2015 - 03:43 PM.


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:09 PM

Posted 13 February 2015 - 03:51 PM

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 SociallyAwkward

SociallyAwkward
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:03:09 PM

Posted 13 February 2015 - 04:05 PM

Here you go:

 

ComboFix 15-02-13.02 - Mikey 02/13/2015  22:59:44.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8140.5827 [GMT 2:00]
Running from: c:\users\Mikey\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\503182876793519035
c:\programdata\503182876793519035\cd5b15e575e1c3d09969b75d299b4fdd.ini
c:\programdata\ntuser.pol
c:\users\Mikey\AppData\Local\Adobe\AdbeRdr11008_en_US.exe
c:\users\Mikey\AppData\Local\Adobe\downloader.dll
c:\users\Mikey\AppData\Local\Adobe\gccheck.exe
c:\users\Mikey\AppData\Local\Adobe\gtbcheck.exe
c:\users\Mikey\AppData\Local\Adobe\SecurityScan_Release.exe
c:\users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceojgheibbfajlkmpfocmdclggokfdij
c:\users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceojgheibbfajlkmpfocmdclggokfdij\232\background.html
c:\users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceojgheibbfajlkmpfocmdclggokfdij\232\content.js
c:\users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceojgheibbfajlkmpfocmdclggokfdij\232\lsdb.js
c:\users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceojgheibbfajlkmpfocmdclggokfdij\232\manifest.json
c:\users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceojgheibbfajlkmpfocmdclggokfdij\232\NT.js
c:\users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ceojgheibbfajlkmpfocmdclggokfdij_0.localstorage-journal
c:\users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lhgceegfhamoliblhnbcpfmnkpmdpegc_0.localstorage-journal
c:\users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Mikey\AppData\Local\nsw40AF.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-13 to 2015-02-13  )))))))))))))))))))))))))))))))
.
.
2015-02-13 21:03 . 2015-02-13 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-13 20:36 . 2015-02-13 20:36 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2015-02-13 18:57 . 2015-02-13 19:03 -------- d-----w- c:\users\Mikey\AppData\Roaming\Dev-Cpp
2015-02-13 18:34 . 2015-02-13 20:13 -------- d-----w- C:\FRST
2015-02-13 13:22 . 2015-02-13 14:52 -------- d-----w- C:\Dev-Cpp
2015-02-13 13:17 . 2015-02-13 20:36 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-13 13:17 . 2015-02-13 13:17 -------- d-----w- c:\programdata\Microsoft Toolkit
2015-02-13 13:16 . 2015-02-13 13:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-13 13:16 . 2015-02-13 13:16 -------- d-----w- c:\programdata\Malwarebytes
2015-02-13 13:16 . 2014-11-21 04:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-13 13:16 . 2014-11-21 04:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-13 13:16 . 2014-11-21 04:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-11 16:43 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 16:08 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 16:08 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 15:45 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 15:45 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 15:45 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 15:45 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 15:45 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 15:45 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 15:45 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 15:42 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-11 15:25 . 2015-02-11 15:25 -------- d-sh--w- c:\users\Mikey\AppData\Local\EmieBrowserModeList
2015-02-11 15:23 . 2015-02-11 15:23 -------- d-----w- c:\programdata\76f99371000007dc
2015-02-11 15:07 . 2015-02-11 15:42 -------- d-----w- c:\program files (x86)\Hangman
2015-02-11 15:06 . 2015-02-11 15:06 -------- d-----w- c:\program files (x86)\UUnIDeals
2015-02-11 15:06 . 2015-02-11 15:06 -------- d-----w- c:\programdata\aliilibdlplodpgjgkjgabgjelbkjpep
2015-02-11 15:05 . 2015-02-11 15:39 -------- d-----w- c:\programdata\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}
2015-02-11 14:59 . 2015-02-11 14:59 -------- d-----w- c:\users\Mikey\AppData\Roaming\Opera Software
2015-02-11 14:59 . 2015-02-11 14:59 -------- d-----w- c:\users\Mikey\AppData\Local\Opera Software
2015-02-11 14:54 . 2015-02-13 14:55 -------- d-----w- c:\users\Mikey\AppData\Roaming\SoftwareUpdater
2015-02-11 14:53 . 2015-02-11 15:25 -------- d-----w- c:\program files (x86)\Opera
2015-02-11 14:51 . 2015-02-12 17:46 -------- d-----w- c:\program files (x86)\globalUpdate
2015-02-11 14:51 . 2015-02-11 14:51 -------- d-----w- c:\users\Mikey\AppData\Local\globalUpdate
2015-01-21 13:05 . 2015-01-21 13:05 5736144 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2015-01-21 13:05 . 2015-01-21 13:05 5435576 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2015-01-21 13:02 . 2015-01-21 13:02 877808 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEES.DLL
2015-01-21 13:02 . 2015-01-21 13:02 532704 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEEXCL.DLL
2015-01-21 13:02 . 2015-01-21 13:02 445664 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL
2015-01-21 13:02 . 2015-01-21 13:02 2272456 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACECORE.DLL
2015-01-21 13:02 . 2015-01-21 13:02 203480 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACETXT.DLL
2015-01-21 13:01 . 2015-01-21 13:01 617720 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEDAO.DLL
2015-01-21 13:01 . 2015-01-21 13:01 235192 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
2015-01-21 13:01 . 2015-01-21 13:01 853200 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\WXPNSE.DLL
2015-01-21 13:01 . 2015-01-21 13:01 7838928 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2015-01-21 13:01 . 2015-01-21 13:01 7603896 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2015-01-21 13:01 . 2015-01-21 13:01 2226848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\RICHED20.DLL
2015-01-21 13:01 . 2015-01-21 13:01 111848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-13 20:36 . 2014-08-29 19:42 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2015-02-13 13:03 . 2009-07-13 23:28 6656 ----a-w- c:\windows\system32\lpcio.dll
2014-12-20 15:06 . 2014-11-03 16:10 236080 ----a-w- c:\windows\RegBootClean64.exe
2014-12-19 03:06 . 2015-01-14 15:48 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 15:48 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 15:48 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 15:48 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 15:48 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 15:48 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2014-12-05 11:26 . 2014-12-05 11:26 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-12-04 02:50 . 2014-12-19 18:19 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-19 18:19 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-19 18:19 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-19 18:19 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-19 18:19 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-19 18:19 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-19 18:19 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-19 18:19 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-22 05:37 . 2014-10-18 17:08 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-18 18:47 . 2014-11-18 18:47 1691816 ----a-w- c:\windows\system32\FM20.DLL
2014-08-30 05:41 . 2014-08-30 05:41 6010880 ----a-w- c:\program files (x86)\GUT8DEA.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 13:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 13:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 13:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-01 5223016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2014-06-27 408888]
.
c:\users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Widows7Activator.lnk - c:\programdata\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\Widows7Activator.exe --startup=1 [2014-2-11 1104896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 51cdb72;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 serverjo;JO Service component;c:\users\Mikey\AppData\Roaming\VOPackage\JOSrv.exe;c:\users\Mikey\AppData\Roaming\VOPackage\JOSrv.exe [x]
R2 zifikezi;Noticeboard Personal Digital Assistant;c:\users\Mikey\AppData\Roaming\VOPackage\nsl2600.tmpfs;c:\users\Mikey\AppData\Roaming\VOPackage\nsl2600.tmpfs [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys;c:\windows\SYSNATIVE\DRIVERS\TMEBC64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 MSI_OTPService;MSI_OTPService;c:\program files (x86)\MSI\OTPService\OTPService.exe;c:\program files (x86)\MSI\OTPService\OTPService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_T;NTIOLib_1_0_T;c:\program files (x86)\MSI\OTPService\NTIOLib_X64.sys;c:\program files (x86)\MSI\OTPService\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NTIOLIB_1_0_3
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 05:32 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29 15:19]
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 13:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 13:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 13:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-01 16:51 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2013-09-16 1382568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-08-29 216928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-{259C0ABB-A3B2-4D70-008F-BF7EE491B70B} - c:\program files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\zifikezi]
"ImagePath"="c:\users\Mikey\AppData\Roaming\VOPackage\nsl2600.tmpfs"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-13  23:04:50
ComboFix-quarantined-files.txt  2015-02-13 21:04
.
Pre-Run: 55,053,041,664 bytes free
Post-Run: 54,906,970,112 bytes free
.
- - End Of File - - B1D9C9F1F1F75E5BADCBE8604358600E
A36C5E4F47E84449FF07ED3517B43A31


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:09 PM

Posted 13 February 2015 - 05:25 PM

Step 1

 

combofix.pngCFScript
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\programdata\76f99371000007dc
c:\program files (x86)\Hangman
c:\program files (x86)\UUnIDeals
c:\programdata\aliilibdlplodpgjgkjgabgjelbkjpep
c:\programdata\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}
c:\users\Mikey\AppData\Roaming\Opera Software
c:\users\Mikey\AppData\Local\Opera Software
c:\users\Mikey\AppData\Roaming\SoftwareUpdater
c:\program files (x86)\Opera
c:\program files (x86)\globalUpdate
c:\users\Mikey\AppData\Local\globalUpdate
c:\Program Files (x86)\Optimizer Pro 3.11
C:\Users\Mikey\AppData\Roaming\VOPackage

Driver::
51cdb72
serverjo

Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 SociallyAwkward

SociallyAwkward
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:03:09 PM

Posted 14 February 2015 - 12:43 AM

Here are the results:

 

ComboFix 15-02-13.02 - Mikey 02/14/2015   7:29.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8140.6042 [GMT 2:00]
Running from: c:\users\Mikey\Desktop\ComboFix.exe
Command switches used :: c:\users\Mikey\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\globalUpdate
c:\program files (x86)\Hangman
c:\program files (x86)\Hangman\Hangman.dat
c:\program files (x86)\Opera
c:\program files (x86)\Opera\installer_prefs.json
c:\program files (x86)\Opera\server_tracking_data
c:\program files (x86)\UUnIDeals
c:\programdata\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}
c:\programdata\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\6ad19f0d5e0723d0
c:\programdata\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\a72c395879d3c404
c:\programdata\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\Widows7Activator.dat
c:\programdata\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\Widows7Activator.exe
c:\programdata\76f99371000007dc
c:\programdata\76f99371000007dc\BIT66DA.tmp
c:\programdata\aliilibdlplodpgjgkjgabgjelbkjpep
c:\programdata\aliilibdlplodpgjgkjgabgjelbkjpep\background.html
c:\programdata\aliilibdlplodpgjgkjgabgjelbkjpep\content.js
c:\programdata\aliilibdlplodpgjgkjgabgjelbkjpep\lsdb.js
c:\programdata\aliilibdlplodpgjgkjgabgjelbkjpep\manifest.json
c:\programdata\aliilibdlplodpgjgkjgabgjelbkjpep\nVYf1idi.js
c:\users\Mikey\AppData\Local\globalUpdate
c:\users\Mikey\AppData\Local\Opera Software
c:\users\Mikey\AppData\Roaming\Opera Software
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Bookmarks
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Bookmarks.bak
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Cookies
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\dictionaries\dictionaries.xml
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Favicons
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\favorites.db
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\History
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Local State
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Local Storage\opera_startpage_0.localstorage
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Login Data
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\opera_autoupdate.log
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\opera_shutdown_ms.txt
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Origin Bound Certs
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Preferences
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\ssdfp4212.5.342931843
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\stash.db
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000005.ldb
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\000008.log
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\CURRENT
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\LOCK
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\LOG
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\LOG.old
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Sync Extension Settings\knohfebhibeknbfioecpdmdkjkjdnjnl\MANIFEST-000007
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\thumbnails.db
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\TransportSecurity
c:\users\Mikey\AppData\Roaming\Opera Software\Opera Stable\Web Data
c:\users\Mikey\AppData\Roaming\SoftwareUpdater
c:\users\Mikey\AppData\Roaming\SoftwareUpdater\SoftwareUpdater.exe
c:\users\Mikey\AppData\Roaming\SoftwareUpdater\surunasu.exe
c:\users\Mikey\AppData\Roaming\SoftwareUpdater\SUSetup.exe
c:\users\Mikey\AppData\Roaming\SoftwareUpdater\UpdateNotifier.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_51cdb72
-------\Service_serverjo
-------\Service_zifikezi
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-14 to 2015-02-14  )))))))))))))))))))))))))))))))
.
.
2015-02-14 05:36 . 2015-02-14 05:36 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2015-02-13 18:57 . 2015-02-13 19:03 -------- d-----w- c:\users\Mikey\AppData\Roaming\Dev-Cpp
2015-02-13 18:34 . 2015-02-13 20:13 -------- d-----w- C:\FRST
2015-02-13 14:33 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-13 14:33 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-13 14:33 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-13 14:33 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-13 13:22 . 2015-02-13 14:52 -------- d-----w- C:\Dev-Cpp
2015-02-13 13:17 . 2015-02-14 05:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-13 13:17 . 2015-02-13 13:17 -------- d-----w- c:\programdata\Microsoft Toolkit
2015-02-13 13:16 . 2015-02-13 13:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-13 13:16 . 2015-02-13 13:16 -------- d-----w- c:\programdata\Malwarebytes
2015-02-13 13:16 . 2014-11-21 04:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-13 13:16 . 2014-11-21 04:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-13 13:16 . 2014-11-21 04:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-11 16:43 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 16:08 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 16:08 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 15:45 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 15:45 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 15:45 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 15:45 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 15:45 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 15:45 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 15:45 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 15:42 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-11 15:25 . 2015-02-11 15:25 -------- d-sh--w- c:\users\Mikey\AppData\Local\EmieBrowserModeList
2015-01-21 13:05 . 2015-01-21 13:05 5736144 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2015-01-21 13:05 . 2015-01-21 13:05 5435576 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2015-01-21 13:02 . 2015-01-21 13:02 877808 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEES.DLL
2015-01-21 13:02 . 2015-01-21 13:02 532704 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEEXCL.DLL
2015-01-21 13:02 . 2015-01-21 13:02 445664 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL
2015-01-21 13:02 . 2015-01-21 13:02 2272456 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACECORE.DLL
2015-01-21 13:02 . 2015-01-21 13:02 203480 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACETXT.DLL
2015-01-21 13:01 . 2015-01-21 13:01 617720 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEDAO.DLL
2015-01-21 13:01 . 2015-01-21 13:01 235192 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
2015-01-21 13:01 . 2015-01-21 13:01 853200 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\WXPNSE.DLL
2015-01-21 13:01 . 2015-01-21 13:01 7838928 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2015-01-21 13:01 . 2015-01-21 13:01 7603896 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2015-01-21 13:01 . 2015-01-21 13:01 2226848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\RICHED20.DLL
2015-01-21 13:01 . 2015-01-21 13:01 111848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-14 05:36 . 2014-08-29 19:42 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2015-02-13 13:03 . 2009-07-13 23:28 6656 ----a-w- c:\windows\system32\lpcio.dll
2014-12-20 15:06 . 2014-11-03 16:10 236080 ----a-w- c:\windows\RegBootClean64.exe
2014-12-19 03:06 . 2015-01-14 15:48 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 15:48 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 15:48 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 15:48 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 15:48 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 15:48 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2014-12-05 11:26 . 2014-12-05 11:26 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-12-04 02:50 . 2014-12-19 18:19 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-19 18:19 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-19 18:19 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-19 18:19 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-19 18:19 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-19 18:19 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-19 18:19 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-19 18:19 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-22 05:37 . 2014-10-18 17:08 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-18 18:47 . 2014-11-18 18:47 1691816 ----a-w- c:\windows\system32\FM20.DLL
2014-08-30 05:41 . 2014-08-30 05:41 6010880 ----a-w- c:\program files (x86)\GUT8DEA.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 13:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 13:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 13:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-01 5223016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2014-06-27 408888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys;c:\windows\SYSNATIVE\DRIVERS\TMEBC64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 MSI_OTPService;MSI_OTPService;c:\program files (x86)\MSI\OTPService\OTPService.exe;c:\program files (x86)\MSI\OTPService\OTPService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_T;NTIOLib_1_0_T;c:\program files (x86)\MSI\OTPService\NTIOLib_X64.sys;c:\program files (x86)\MSI\OTPService\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NTIOLIB_1_0_3
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 05:32 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29 15:19]
.
2015-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 13:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 13:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 13:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-01 16:51 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2013-09-16 1382568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-08-29 216928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Widows7Activator.lnk - c:\programdata\{7852d5a7-a85e-ca60-7852-2d5a7a85569e}\Widows7Activator.exe --startup=1
AddRemove-{259C0ABB-A3B2-4D70-008F-BF7EE491B70B} - c:\program files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-02-14  07:40:44 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-14 05:40
ComboFix2.txt  2015-02-13 21:04
.
Pre-Run: 52,878,454,784 bytes free
Post-Run: 52,731,977,728 bytes free
.
- - End Of File - - D383F682FE5C79A2F32940B0AA393732
A36C5E4F47E84449FF07ED3517B43A31


#14 SociallyAwkward

SociallyAwkward
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:03:09 PM

Posted 14 February 2015 - 04:21 AM

Oh it also seems as if the pop-ups have stopped for now...


Edited by SociallyAwkward, 14 February 2015 - 04:21 AM.


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:09 PM

Posted 14 February 2015 - 04:21 AM

Please try to run AdwCleaner.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users