Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Long boot time, interference with file download


  • This topic is locked This topic is locked
7 replies to this topic

#1 teebe

teebe

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 19 February 2015 - 12:38 AM

This is my second ticket with you, I wish you will not charge me...

- 10+ minutes to complete boot, including the items in Start menu, it was less 3 min (after last ticket with you).

- Java JRE zip could not be downloaded, the resulting file is (repeatedly) corrupt - only online setup worked

- Most of malware download is not completed, Combofix, JRT, Emisoft Emergency Update and other are ruined before use

- Slowness everywhere, looks like a 386

Thank you

Attached File  Addition.txt   55.79KB   3 downloads

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by alee (administrator) on ALEE-PC on 19-02-2015 12:19:45
Running from C:\Users\alee\Desktop
Loaded Profiles: alee (Available profiles: alee)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-10-31] (Lenovo (Beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [4031336 2015-02-03] (LINE Corporation)
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-10-21] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\Run: [Google Update] => C:\Users\alee\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-03] (Google Inc.)
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\Run: [PoivY] => "C:\Program Files (x86)\PoivY.com\PoivY\poivy.exe" -nosplash -minimized
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe [23048288 2014-12-04] (VoipConnect)
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10387752 2014-12-26] (SecureMix LLC)
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\Policies\Explorer: []
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-02-09] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-02-09] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-02-09] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-02-09] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-02-09] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-02-09] (NVIDIA Corporation)
Startup: C:\Users\alee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\alee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\alee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Activate nuvi1200.cmd ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dispcalGUI Profile Loader.lnk
ShortcutTarget: dispcalGUI Profile Loader.lnk -> C:\Program Files\Zero Install\0install-win.exe (0install.de)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\i1Profiler Tray.lnk
ShortcutTarget: i1Profiler Tray.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alee\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alee\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alee\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alee\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alee\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alee\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alee\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alee\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/WOL_WCP
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/getmodule.aspx?lang=en
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.66.254
Tcpip\..\Interfaces\{5A1BCD3F-16A3-457F-BA72-EE6C04B6F4A1}: [NameServer] 8.8.8.8,208.67.222.222
Tcpip\..\Interfaces\{743FF323-61C9-4423-AEFA-9826A4C8EA1D}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{BC5C78D4-BB84-4E1E-8300-40236F92A2E0}: [NameServer] 8.8.8.8,208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\alee\AppData\Roaming\Mozilla\Firefox\Profiles\4djwsool.default-1423815337281
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2915537779-2898195281-3898161190-1000: @tools.google.com/Google Update;version=3 -> C:\Users\alee\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2915537779-2898195281-3898161190-1000: @tools.google.com/Google Update;version=9 -> C:\Users\alee\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: IE Tab + - C:\Users\alee\AppData\Roaming\Mozilla\Firefox\Profiles\2nsgtlpg.default\Extensions\coralietab@mozdev.org [2014-07-08]
FF Extension: LastPass - C:\Users\alee\AppData\Roaming\Mozilla\Firefox\Profiles\2nsgtlpg.default\Extensions\support@lastpass.com [2014-07-08]
FF Extension: Google™ Translator - C:\Users\alee\AppData\Roaming\Mozilla\Firefox\Profiles\2nsgtlpg.default\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2014-07-06]
FF Extension: HTML5 Video Everywhere! - C:\Users\alee\AppData\Roaming\Mozilla\Firefox\Profiles\4djwsool.default-1423815337281\Extensions\html5-video-everywhere@lejenome.me.xpi [2015-02-18]
FF Extension: S3.Google Translator - C:\Users\alee\AppData\Roaming\Mozilla\Firefox\Profiles\4djwsool.default-1423815337281\Extensions\s3google@translator.xpi [2015-02-18]
FF Extension: No Name - C:\Users\alee\AppData\Roaming\Mozilla\Firefox\Profiles\4djwsool.default-1423815337281\Extensions\vwof@drev.com.xpi [2015-02-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-13]

Chrome:
=======
CHR Profile: C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-08]
CHR Extension: (YouTube) - C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google Search) - C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-08]
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-07-08]
CHR Extension: (Google Wallet) - C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
CHR HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\alee\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0store-service; C:\Program Files\Zero Install\0store-service.exe [41472 2014-10-13] (0install.de) [File not signed]
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-09-03] (Adobe Systems) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2012-02-22] (SEIKO EPSON CORPORATION) [File not signed]
S4 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6296872 2014-12-26] (SecureMix LLC)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-28] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2014-12-17] (The OpenVPN Project)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-01-03] (Enigma Software Group USA, LLC.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2014-06-23] (X-Rite Inc.)
S2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-10] (Check Point Software Technologies, Ltd.)
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S2 hasplms; C:\Windows\system32\hasplms.exe  -run [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-22] (Emsisoft GmbH)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16512 2002-07-17] (Adaptec) [File not signed]
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-22] (Emsisoft GmbH)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2014-04-07] (EldoS Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-01-03] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-03] ()
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33296 2014-12-25] (SecureMix LLC)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
R1 RegHiveRecovery; C:\Windows\system32\drivers\RegHiveRecovery.sys [48304 2014-02-20] (Microsoft Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-30] ()
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2012-12-05] (Seiko Epson Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-25] (Check Point Software Technologies Ltd.)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40552 2013-08-22] (Microsoft Corporation)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2014-07-11] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2014-07-11] (Nicomsoft Ltd.) [File not signed]
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [101840 2012-07-05] ("CyberLink)
S3 ALSysIO; \??\C:\Users\alee\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 12:19 - 2015-02-19 12:20 - 00031528 _____ () C:\Users\alee\Desktop\FRST.txt
2015-02-19 12:19 - 2015-02-19 12:19 - 02086912 _____ (Farbar) C:\Users\alee\Desktop\FRST64.exe
2015-02-19 11:45 - 2015-02-19 11:46 - 00000000 ___SD () C:\100
2015-02-19 11:16 - 2015-02-19 11:16 - 00000756 _____ () C:\Users\alee\Desktop\JRT.txt
2015-02-19 11:10 - 2015-02-19 11:10 - 00000000 _____ () C:\Users\alee\Desktop\rkill.exe
2015-02-18 21:44 - 2015-02-18 21:45 - 05611903 ____R (Swearware) C:\Users\alee\Desktop\100.exe
2015-02-17 18:40 - 2015-02-17 18:40 - 00000000 ____D () C:\ProgramData\WorldWindData
2015-02-17 18:39 - 2015-02-17 20:52 - 00000220 _____ () C:\Users\alee\ovtr.properties
2015-02-17 18:37 - 2015-02-17 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-17 18:37 - 2015-02-17 18:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-17 18:35 - 2015-02-17 18:35 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-17 01:08 - 2015-02-17 01:09 - 57375399 _____ () C:\Users\alee\Desktop\jre-8u31-windows-x64.tar.gz
2015-02-17 01:06 - 2015-02-17 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-02-17 01:06 - 2015-02-17 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Visual Traceroute
2015-02-17 01:06 - 2015-02-17 01:06 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-02-17 01:06 - 2015-02-17 01:06 - 00000000 ____D () C:\Program Files (x86)\Open Visual Traceroute
2015-02-17 00:48 - 2015-02-17 00:53 - 37634836 _____ (Leo Lewis ) C:\Users\alee\Desktop\OpenVisualTraceroute1.6.0.exe
2015-02-16 13:16 - 2015-02-18 06:09 - 00000000 ____D () C:\Program Files\Hola
2015-02-16 13:16 - 2015-02-16 13:17 - 00000000 ____D () C:\Users\alee\Downloads\Hola
2015-02-15 15:52 - 2015-02-15 15:52 - 00000000 ____D () C:\Users\alee\Documents\Updater
2015-02-15 15:21 - 2015-02-15 15:21 - 00002115 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2015-02-15 15:21 - 2015-02-15 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2015-02-14 09:10 - 2015-01-15 15:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-14 09:10 - 2015-01-15 15:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-14 09:10 - 2015-01-15 15:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-14 09:10 - 2015-01-15 15:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-14 09:10 - 2015-01-15 15:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-14 09:10 - 2015-01-15 15:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-14 09:10 - 2015-01-15 15:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-14 09:10 - 2015-01-15 15:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-14 09:10 - 2015-01-15 15:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-14 09:10 - 2015-01-15 15:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-14 09:10 - 2015-01-15 15:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-14 09:10 - 2015-01-15 14:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-14 09:10 - 2015-01-15 14:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-14 09:10 - 2015-01-15 14:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-14 09:10 - 2015-01-15 14:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-14 09:10 - 2015-01-15 14:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-14 09:10 - 2015-01-15 14:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-14 09:10 - 2015-01-15 11:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-13 15:05 - 2015-02-16 07:41 - 00000000 ____D () C:\ProgramData\purevpn
2015-02-13 15:05 - 2015-02-13 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureVPN
2015-02-13 15:05 - 2015-02-13 15:06 - 00000000 ____D () C:\Program Files (x86)\PureVPN
2015-02-13 15:05 - 2015-02-13 15:05 - 00001051 _____ () C:\Users\Public\Desktop\PureVPN.lnk
2015-02-13 12:47 - 2015-01-23 11:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 12:47 - 2015-01-23 11:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 12:47 - 2015-01-23 10:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 12:47 - 2015-01-23 10:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 08:16 - 2015-02-13 08:16 - 00000024 _____ () C:\Users\alee\pass.conf
2015-02-13 07:55 - 2015-02-13 17:44 - 00001105 _____ () C:\Users\alee\Desktop\OpenVPN GUI.lnk
2015-02-13 07:53 - 2015-02-13 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-02-13 07:53 - 2015-02-13 07:55 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2015-02-12 22:48 - 2015-02-12 22:48 - 00000943 _____ () C:\Users\alee\Documents\vpn.txt
2015-02-12 16:01 - 2015-01-10 13:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 16:01 - 2015-01-10 13:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 16:01 - 2015-01-10 13:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 16:01 - 2015-01-10 13:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 16:01 - 2015-01-10 13:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 16:01 - 2015-01-10 13:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 16:01 - 2015-01-10 13:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 16:01 - 2015-01-10 13:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 16:01 - 2015-01-10 13:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 16:01 - 2015-01-10 13:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 16:01 - 2015-01-10 13:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 16:01 - 2015-01-10 13:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 16:01 - 2015-01-10 13:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 16:01 - 2015-01-10 13:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 15:58 - 2015-01-14 12:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 15:58 - 2015-01-14 12:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 15:58 - 2015-01-12 10:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 15:58 - 2015-01-12 10:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 15:58 - 2015-01-12 10:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 15:58 - 2015-01-12 09:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 15:58 - 2015-01-12 09:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 15:58 - 2015-01-12 09:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 15:58 - 2015-01-12 09:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 15:58 - 2015-01-12 09:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 15:58 - 2015-01-12 09:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 15:58 - 2015-01-12 09:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 15:58 - 2015-01-12 09:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 15:58 - 2015-01-12 09:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 15:58 - 2015-01-12 09:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 15:58 - 2015-01-12 09:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 15:58 - 2015-01-12 09:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 15:58 - 2015-01-12 09:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 15:58 - 2015-01-12 09:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 15:58 - 2015-01-12 09:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 15:58 - 2015-01-12 09:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 15:58 - 2015-01-12 09:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 15:58 - 2015-01-12 09:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 15:58 - 2015-01-12 09:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 15:58 - 2015-01-12 09:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 15:58 - 2015-01-12 09:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 15:58 - 2015-01-12 09:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 15:58 - 2015-01-12 09:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 15:58 - 2015-01-12 09:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 15:58 - 2015-01-12 08:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 15:58 - 2015-01-12 08:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 15:58 - 2015-01-12 08:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 15:58 - 2015-01-12 08:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 15:58 - 2015-01-12 08:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 15:58 - 2015-01-12 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 15:58 - 2015-01-12 08:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 15:58 - 2015-01-12 08:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 15:58 - 2015-01-12 08:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 15:58 - 2015-01-12 08:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 15:58 - 2015-01-12 08:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 15:58 - 2015-01-12 08:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 15:58 - 2015-01-12 08:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 15:58 - 2015-01-12 08:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 15:58 - 2015-01-12 08:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 15:58 - 2015-01-12 08:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 15:58 - 2015-01-12 08:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 15:58 - 2015-01-12 08:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 15:58 - 2015-01-12 08:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 15:58 - 2015-01-12 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 15:58 - 2015-01-12 08:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 15:58 - 2015-01-12 07:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 15:58 - 2015-01-12 07:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 15:55 - 2015-01-13 10:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 15:55 - 2015-01-13 09:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 15:53 - 2014-11-26 10:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 15:53 - 2014-11-26 10:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 23:20 - 2015-02-11 23:20 - 00000885 _____ () C:\Users\Public\Desktop\AIMP3.lnk
2015-02-11 23:20 - 2015-02-11 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-02-11 23:17 - 2015-02-11 23:17 - 00000000 ____D () C:\Users\alee\AppData\Roaming\KMTL Technologies
2015-02-11 21:12 - 2014-12-08 10:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 21:12 - 2014-12-08 09:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 21:11 - 2014-12-12 12:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 21:11 - 2014-12-12 12:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 21:08 - 2015-01-14 13:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 21:08 - 2015-01-14 13:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 21:08 - 2015-01-14 13:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 21:08 - 2015-01-14 13:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 21:08 - 2015-01-14 12:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 21:08 - 2015-01-14 12:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 21:08 - 2015-01-14 12:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 21:08 - 2015-01-09 09:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 08:06 - 2015-02-11 08:06 - 00001881 _____ () C:\Users\alee\Desktop\GlassWire.lnk
2015-02-11 08:06 - 2015-02-11 08:06 - 00000000 ____D () C:\Users\alee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
2015-02-11 08:06 - 2015-02-11 08:06 - 00000000 ____D () C:\ProgramData\GlassWire
2015-02-11 08:06 - 2014-12-26 15:42 - 00008704 _____ () C:\Windows\system32\Drivers\gwdrv.cat
2015-02-11 08:06 - 2014-12-25 18:28 - 00033296 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2015-02-11 07:43 - 2015-02-19 11:38 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-05 23:23 - 2015-02-05 23:23 - 00001959 _____ () C:\Users\alee\Desktop\thailand-05022015.txt
2015-02-04 22:11 - 2015-02-04 22:11 - 00000558 _____ () C:\Users\alee\Desktop\gmax.lnk
2015-02-04 22:11 - 2015-02-04 22:11 - 00000000 ____D () C:\Users\alee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\discreet
2015-02-04 22:10 - 2015-02-04 22:11 - 00000000 ____D () C:\gmax
2015-01-28 22:01 - 2015-01-28 22:05 - 00000000 ____D () C:\Users\alee\Documents\Flight Simulator X - Steam Edition Files
2015-01-28 19:35 - 2015-01-28 19:35 - 00002414 _____ () C:\Users\Public\Desktop\Microsoft Flight Simulator X Steam Edition.lnk
2015-01-28 19:35 - 2015-01-28 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dovetail Games - Flight
2015-01-28 19:09 - 2015-01-28 19:09 - 00000000 ____D () C:\Program Files (x86)\Dovetail Games - Flight
2015-01-28 16:14 - 2015-01-28 16:14 - 00001744 _____ () C:\Windows\system32\.crusader
2015-01-28 14:34 - 2015-01-28 18:29 - 00001907 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-28 14:34 - 2015-01-28 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-28 14:34 - 2015-01-28 14:34 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-28 14:06 - 2015-02-19 11:55 - 00000000 ____D () C:\EEK
2015-01-28 14:06 - 2015-01-28 14:06 - 00000749 _____ () C:\Users\alee\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-28 14:00 - 2015-01-28 16:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-28 13:58 - 2015-01-28 14:02 - 11225840 _____ (SurfRight B.V.) C:\Users\alee\Desktop\HitmanPro_x64.exe
2015-01-27 23:36 - 2015-01-27 23:36 - 00000000 ____D () C:\Users\alee\Documents\Flight Simulator X Demo Files
2015-01-27 23:35 - 2015-01-27 23:36 - 00098878 _____ () C:\Windows\DirectX.log
2015-01-27 23:35 - 2015-01-27 23:35 - 00002263 _____ () C:\Users\Public\Desktop\Microsoft Flight Simulator X Demo.lnk
2015-01-27 23:35 - 2015-01-27 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-01-27 23:23 - 2015-01-27 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-01-27 16:44 - 2015-01-27 16:44 - 00262144 _____ () C:\Windows\Minidump\012715-65863-01.dmp
2015-01-25 23:18 - 2015-02-11 08:06 - 00000000 ____D () C:\Program Files (x86)\GlassWire
2015-01-24 21:20 - 2015-01-28 16:13 - 00000000 ____D () C:\Users\alee\AppData\Local\31058
2015-01-24 20:48 - 2015-01-24 20:48 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-01-24 18:22 - 2015-02-18 21:55 - 00000000 ____D () C:\ComboFix
2015-01-23 16:37 - 2015-01-23 16:37 - 00000110 _____ () C:\Users\alee\Desktop\RCF.pls
2015-01-22 23:24 - 2015-01-22 23:25 - 00288376 _____ () C:\Windows\Minidump\012215-58952-01.dmp
2015-01-22 20:42 - 2015-01-22 20:43 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\alee\Desktop\tdsskiller.exe
2015-01-22 20:04 - 2015-01-22 20:04 - 00003398 _____ () C:\Windows\aksdrvsetup.log
2015-01-22 19:56 - 2015-01-22 19:56 - 00000000 ____D () C:\Users\alee\AppData\Local\GlassWire
2015-01-22 19:52 - 2015-01-22 19:53 - 16644584 _____ (SecureMix LLC) C:\Users\alee\Desktop\GlassWireSetup.exe
2015-01-22 19:50 - 2015-01-22 19:50 - 00000000 ____D () C:\Users\alee\Desktop\GiveMePower-v2.0
2015-01-22 19:49 - 2015-01-22 19:49 - 00332171 _____ () C:\Users\alee\Desktop\GiveMePower-v2.0.exe
2015-01-21 23:55 - 2015-01-21 23:56 - 00287696 _____ () C:\Windows\Minidump\012115-42120-01.dmp
2015-01-21 16:28 - 2015-01-21 16:29 - 00026830 _____ () C:\Windows\DPINST.LOG

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2030-04-15 12:58 - 2014-04-01 01:53 - 00001492 _____ () C:\ProgramData\content.ie5
2015-02-19 12:19 - 2014-08-26 20:40 - 00000000 ____D () C:\FRST
2015-02-19 12:10 - 2013-09-20 18:58 - 00000000 ____D () C:\_Dwnlod_
2015-02-19 11:50 - 2009-07-14 11:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-19 11:50 - 2009-07-14 11:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-19 11:47 - 2014-04-26 19:03 - 01698474 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 11:45 - 2013-09-20 17:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 11:42 - 2013-10-15 22:26 - 00000000 ___RD () C:\Users\alee\Dropbox
2015-02-19 11:41 - 2013-10-15 22:12 - 00000000 ____D () C:\Users\alee\AppData\Roaming\Dropbox
2015-02-19 11:38 - 2013-09-20 17:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-19 11:37 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-19 11:36 - 2015-01-06 10:53 - 00078670 _____ () C:\Windows\PFRO.log
2015-02-19 11:36 - 2015-01-06 10:53 - 00003596 _____ () C:\Windows\setupact.log
2015-02-19 11:23 - 2014-07-03 05:17 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915537779-2898195281-3898161190-1000UA.job
2015-02-19 10:59 - 2014-01-04 14:37 - 00000000 ____D () C:\Users\alee\AppData\Roaming\EditPlus 3
2015-02-19 10:58 - 2015-01-06 01:00 - 00002784 _____ () C:\Users\alee\Desktop\Rkill.txt
2015-02-19 10:56 - 2015-01-08 17:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 09:21 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\tracing
2015-02-19 09:12 - 2014-10-08 06:53 - 00000600 _____ () C:\Users\alee\AppData\Roaming\winscp.rnd
2015-02-19 09:06 - 2013-09-20 17:52 - 00000000 ____D () C:\Program Files (x86)\NeoSmart Technologies
2015-02-19 08:34 - 2014-04-16 11:57 - 00000000 ____D () C:\Users\alee\AppData\Roaming\AIMP3
2015-02-19 08:24 - 2013-10-13 22:40 - 00007615 _____ () C:\Users\alee\AppData\Local\resmon.resmoncfg
2015-02-19 08:00 - 2014-10-18 11:56 - 00000388 _____ () C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2015-02-19 02:33 - 2014-08-20 14:46 - 00000000 ____D () C:\Users\alee\AppData\Local\Adobe
2015-02-18 22:23 - 2014-07-03 05:17 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915537779-2898195281-3898161190-1000Core.job
2015-02-18 21:55 - 2014-06-07 18:48 - 00000000 ____D () C:\Qoobox
2015-02-18 21:39 - 2014-02-14 15:36 - 00003414 _____ () C:\Users\alee\.rubberband.wisdom.d
2015-02-18 21:39 - 2014-02-14 13:42 - 00000000 ____D () C:\Users\alee\.Sonic Visualiser
2015-02-18 21:39 - 2013-09-21 00:12 - 00000000 ____D () C:\Users\alee\AppData\Local\CrashDumps
2015-02-18 21:37 - 2013-10-17 00:41 - 00006846 _____ () C:\Users\alee\Desktop\New Text Document.txt
2015-02-18 20:55 - 2013-09-20 17:38 - 00000000 ____D () C:\Users\alee\AppData\Local\Deployment
2015-02-18 05:56 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-18 00:38 - 2013-10-13 22:46 - 00000000 ____D () C:\Users\alee\AppData\Roaming\Skype
2015-02-17 18:39 - 2013-09-20 05:20 - 00000000 ____D () C:\Users\alee
2015-02-17 18:36 - 2013-10-20 12:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-17 14:53 - 2009-07-14 12:13 - 00867512 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 22:36 - 2014-11-13 07:32 - 00005916 _____ () C:\Users\alee\Desktop\New Text Document.txt.bak
2015-02-15 15:21 - 2013-09-20 17:47 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-15 13:39 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 07:37 - 2013-10-15 22:26 - 00001021 _____ () C:\Users\alee\Desktop\Dropbox.lnk
2015-02-14 07:37 - 2013-10-15 22:13 - 00000000 ____D () C:\Users\alee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 21:12 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\Registration
2015-02-13 18:08 - 2013-09-20 18:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 18:06 - 2013-09-20 20:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 17:58 - 2013-09-20 20:45 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 15:15 - 2014-07-12 21:03 - 00000000 ____D () C:\Users\alee\Desktop\Old Firefox Data
2015-02-12 19:34 - 2014-01-02 09:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 03:50 - 2014-05-12 08:27 - 05183304 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:47 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 23:20 - 2014-04-16 11:56 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2015-02-11 20:36 - 2014-06-20 15:35 - 00003828 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1403253303
2015-02-11 20:36 - 2014-06-20 15:35 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-09 08:13 - 2013-11-16 23:01 - 00000000 ____D () C:\Program Files (x86)\PoivY.com
2015-02-09 00:58 - 2014-02-14 11:04 - 00000000 ____D () C:\Users\alee\AppData\Roaming\Audacity
2015-02-08 20:26 - 2013-11-04 17:05 - 00000000 ____D () C:\Users\alee\AppData\Roaming\vlc
2015-02-08 19:20 - 2013-07-09 00:41 - 00000000 ____D () C:\LRCATALOG2012
2015-02-07 19:06 - 2014-08-11 11:42 - 00004560 _____ () C:\Users\alee\Documents\com.robcole.MetadataExtensions.log
2015-02-07 19:06 - 2014-08-07 20:21 - 00055459 _____ () C:\Users\alee\Documents\PiwigoExport.log
2015-02-07 19:06 - 2014-07-19 07:22 - 00004092 _____ () C:\Users\alee\Documents\com.robcole.lightroom.ExifMeta.log
2015-02-07 08:24 - 2014-05-16 06:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 20:44 - 2015-01-14 16:48 - 00000000 ____D () C:\Users\alee\AppData\Roaming\VoipConnect
2015-02-06 20:34 - 2014-05-16 06:58 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 20:34 - 2013-10-16 21:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 20:34 - 2013-10-16 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 08:09 - 2014-01-14 07:46 - 00000000 ____D () C:\BKK
2015-02-05 22:18 - 2014-07-03 05:17 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2915537779-2898195281-3898161190-1000UA
2015-02-05 22:18 - 2014-07-03 05:17 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2915537779-2898195281-3898161190-1000Core
2015-02-05 02:40 - 2013-09-20 17:47 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 02:40 - 2013-09-20 17:47 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 08:46 - 2014-06-03 12:17 - 00001043 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-02-04 08:46 - 2014-06-03 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-02-01 07:31 - 2013-09-20 05:21 - 00000000 ____D () C:\Users\alee\AppData\Local\VirtualStore
2015-01-29 16:38 - 2014-03-01 14:14 - 00000000 ____D () C:\_dwnld_folders
2015-01-29 16:37 - 2013-05-30 00:10 - 00000000 ____D () C:\_DownloadedMedia
2015-01-28 21:55 - 2009-07-14 10:20 - 00000000 ____D () C:\ProgramData\Microsoft
2015-01-28 14:23 - 2013-12-30 01:30 - 00000000 ____D () C:\Users\alee\AppData\Local\SlimWare Utilities Inc
2015-01-28 09:55 - 2014-04-02 12:48 - 00000000 ____D () C:\Users\alee\AppData\Roaming\uTorrent
2015-01-28 00:48 - 2014-04-02 12:48 - 00000857 _____ () C:\Users\alee\Desktop\µTorrent.lnk
2015-01-28 00:48 - 2014-04-02 12:48 - 00000837 _____ () C:\Users\alee\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-28 00:47 - 2014-05-11 19:16 - 00153296 _____ () C:\Users\alee\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-28 00:27 - 2014-07-06 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 23:36 - 2013-09-20 05:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-27 23:35 - 2009-07-14 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 17:29 - 2014-11-11 08:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 16:44 - 2013-09-20 21:30 - 00000000 ____D () C:\Windows\Minidump
2015-01-24 18:53 - 2013-09-20 17:38 - 00000000 ____D () C:\Users\alee\AppData\Local\Apps\2.0
2015-01-24 18:50 - 2015-01-09 19:49 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.FUK
2015-01-24 18:50 - 2009-07-14 09:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-21 23:15 - 2014-11-08 10:06 - 00000000 ___RD () C:\Users\alee\Desktop\garmin
2015-01-21 16:28 - 2013-11-30 20:22 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk
2015-01-21 16:28 - 2013-11-30 20:22 - 00000983 _____ () C:\Users\Public\Desktop\VueScan x64.lnk
2015-01-21 16:27 - 2013-11-30 20:22 - 00000000 ____D () C:\Program Files\VueScan
2015-01-20 14:52 - 2015-01-04 22:14 - 00001024 _____ () C:\Users\alee\.rnd

==================== Files in the root of some directories =======

2014-07-08 09:28 - 2014-07-08 09:28 - 15824384 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-07-26 09:19 - 2014-07-26 09:19 - 0001942 _____ () C:\Users\alee\AppData\Roaming\.thetimelineproj.cfg
2014-05-03 22:59 - 2014-05-03 22:59 - 0000132 _____ () C:\Users\alee\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-04-13 08:56 - 2014-05-10 02:34 - 0000132 _____ () C:\Users\alee\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-10-13 23:03 - 2014-03-13 21:09 - 0000000 _____ () C:\Users\alee\AppData\Roaming\bitlord_log.txt
2014-01-04 14:34 - 2014-01-05 18:20 - 0038465 _____ () C:\Users\alee\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-01-12 15:01 - 2014-01-12 15:01 - 0004352 _____ () C:\Users\alee\AppData\Roaming\Comma Separated Values (DOS).NOT
2013-12-18 16:26 - 2014-01-05 19:22 - 0037879 _____ () C:\Users\alee\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-05-28 19:15 - 2014-05-29 13:23 - 0000628 _____ () C:\Users\alee\AppData\Roaming\Contact Sheet II.xml
2014-05-28 19:15 - 2014-05-29 13:23 - 0008079 _____ () C:\Users\alee\AppData\Roaming\ContactSheetII.log
2014-05-24 22:59 - 2014-05-24 22:59 - 0000268 ___RH () C:\Users\alee\AppData\Roaming\Filesystems
2014-11-09 09:49 - 2015-01-19 14:22 - 0000103 _____ () C:\Users\alee\AppData\Roaming\GMTK.conf
2014-11-09 09:44 - 2015-01-19 14:37 - 0000091 _____ () C:\Users\alee\AppData\Roaming\jdm.conf
2014-01-05 20:15 - 2014-10-02 06:00 - 0006571 _____ () C:\Users\alee\AppData\Roaming\Microsoft Excel 97-2003.EML
2013-11-26 03:55 - 2014-01-12 09:26 - 0000539 _____ () C:\Users\alee\AppData\Roaming\Rim.Desktop.Exception.log
2013-11-26 03:54 - 2014-10-28 10:26 - 0003125 _____ () C:\Users\alee\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-11-26 03:55 - 2014-01-12 09:26 - 0000539 _____ () C:\Users\alee\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-01-02 09:32 - 2014-01-02 09:32 - 0000028 _____ () C:\Users\alee\AppData\Roaming\WB.CFG
2014-10-08 06:53 - 2015-02-19 09:12 - 0000600 _____ () C:\Users\alee\AppData\Roaming\winscp.rnd
2014-08-20 08:54 - 2014-08-20 08:54 - 0000038 ___SH () C:\Users\alee\AppData\Local\134e6589520e51682091c0.32666518
2014-08-21 08:01 - 2014-08-21 08:01 - 0224755 _____ () C:\Users\alee\AppData\Local\ars.cache
2014-08-21 08:01 - 2014-08-21 08:01 - 0349505 _____ () C:\Users\alee\AppData\Local\census.cache
2013-12-02 19:47 - 2014-08-20 16:30 - 0007680 _____ () C:\Users\alee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-21 07:38 - 2014-08-21 07:38 - 0000036 _____ () C:\Users\alee\AppData\Local\housecall.guid.cache
2014-03-09 08:57 - 2014-03-09 08:57 - 0004096 ____H () C:\Users\alee\AppData\Local\keyfile3.drm
2014-09-06 23:24 - 2014-09-06 23:24 - 0001954 _____ () C:\Users\alee\AppData\Local\recently-used.xbel
2013-10-13 22:40 - 2015-02-19 08:24 - 0007615 _____ () C:\Users\alee\AppData\Local\resmon.resmoncfg
2014-08-21 07:53 - 2014-08-21 07:53 - 0000010 _____ () C:\Users\alee\AppData\Local\sponge.last.runtime.cache
2014-04-01 01:53 - 2030-04-15 12:58 - 0001492 _____ () C:\ProgramData\content.ie5
2014-05-24 22:59 - 2014-05-24 22:59 - 0000268 ___RH () C:\ProgramData\Flange Saw
2013-10-25 00:23 - 2014-10-12 18:06 - 0000412 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-05-24 22:59 - 2014-08-20 18:36 - 0000020 ____H () C:\ProgramData\PKP_DLex.DAT

Some content of TEMP:
====================
C:\Users\alee\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdoifg5.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\i420vfw.dll
C:\Windows\System32\BDSandBoxUISkin32.dll
C:\Windows\System32\eEBUtil.dll
C:\Windows\System32\eEBUtil2.DLL
C:\Windows\System32\igd10umd32.dll
C:\Windows\System32\igdumd32.dll
C:\Windows\System32\nvumdshim.dll
C:\Windows\System32\XRiteDevice.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 02:26

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 24 February 2015 - 12:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/567574 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 25 February 2015 - 09:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please remove this updater program using the Add/Remove Programs applet.
Software Version Updater (HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S2 hasplms; C:\Windows\system32\hasplms.exe  -run [X]
S3 ALSysIO; \??\C:\Users\alee\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#4 teebe

teebe
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 25 February 2015 - 12:37 PM

Below logs of cleaning.

It boots up quicker but let me avail other functions

Thank you

 

 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by alee at 2015-02-25 23:38:24 Run:3
Running from C:\Users\alee\Desktop
Loaded Profiles: alee (Available profiles: alee & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S2 hasplms; C:\Windows\system32\hasplms.exe  -run [X]
S3 ALSysIO; \??\C:\Users\alee\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value not found.
"HKU\S-1-5-21-2915537779-2898195281-3898161190-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Blackberry Device Manager => Service deleted successfully.
hasplms => Service deleted successfully.
ALSysIO => Service deleted successfully.
catchme => Service deleted successfully.
nvvad_WaveExtensible => Service deleted successfully.
RimUsb => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 23:38:24 ====

 

 

# AdwCleaner v4.111 - Logfile created 25/02/2015 at 23:52:37
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : alee - ALEE-PC
# Running from : C:\Users\alee\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Found : C:\Program Files\Hola
Folder Found : C:\ProgramData\dhicjoiphajlikpjgkgebcaanohbilgc
Folder Found : C:\ProgramData\dhicjoiphajlikpjgkgebcaanohbilgc
Folder Found : C:\ProgramData\dhicjoiphajlikpjgkgebcaanohbilgc
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Folder Found : C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe
Folder Found : C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Folder Found : C:\Users\alee\AppData\Roaming\Check Point Software Technologies LTD
Folder Found : C:\Users\alee\Documents\Updater

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;authsmtp.media-power.it;localhost;127.0.0.1
Key Found : HKCU\Software\Google\Chrome\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Key Found : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 en-US)


-\\ Google Chrome v40.0.2214.115

[C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Opera v27.0.1689.76


-\\ Chrome Canary v43.0.2314.0

[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAzztCzzyD0F0F0Azzzz0DtN0D0Tzu0CyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=683911590&ir=
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************

AdwCleaner[R12].txt - [5266 bytes] - [06/01/2015 01:06:17]
AdwCleaner[R13].txt - [4747 bytes] - [06/01/2015 10:33:08]
AdwCleaner[R14].txt - [3822 bytes] - [25/02/2015 23:52:37]
AdwCleaner[S10].txt - [4931 bytes] - [06/01/2015 10:52:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R14].txt - [3942 bytes] ##########
 

 

# AdwCleaner v4.111 - Logfile created 26/02/2015 at 00:00:03
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : alee - ALEE-PC
# Running from : C:\Users\alee\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SecTaskMan
[x] Not Deleted : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Deleted : C:\Program Files\Hola
[x] Not Deleted : C:\Users\alee\AppData\Roaming\Check Point Software Technologies LTD
[x] Not Deleted : C:\Users\alee\Documents\Updater
Folder Deleted : C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Folder Deleted : C:\ProgramData\dhicjoiphajlikpjgkgebcaanohbilgc
Folder Deleted : C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe
Folder Deleted : C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;authsmtp.media-power.it;localhost;127.0.0.1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 en-US)


-\\ Google Chrome v40.0.2214.115

[C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAzztCzzyD0F0F0Azzzz0DtN0D0Tzu0CyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=683911590&ir=
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Opera v27.0.1689.76

[C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAzztCzzyD0F0F0Azzzz0DtN0D0Tzu0CyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=683911590&ir=
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chrome Canary v43.0.2314.0

[C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAzztCzzyD0F0F0Azzzz0DtN0D0Tzu0CyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=683911590&ir=
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\alee\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R12].txt - [5266 bytes] - [06/01/2015 01:06:17]
AdwCleaner[R13].txt - [4747 bytes] - [06/01/2015 10:33:08]
AdwCleaner[R14].txt - [4038 bytes] - [25/02/2015 23:52:37]
AdwCleaner[S10].txt - [4931 bytes] - [06/01/2015 10:52:05]
AdwCleaner[S11].txt - [5691 bytes] - [26/02/2015 00:00:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [5751  bytes] ##########
 

 

# AdwCleaner v4.111 - Logfile created 26/02/2015 at 00:15:01
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : alee - ALEE-PC
# Running from : C:\Users\alee\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Found : C:\Users\alee\AppData\Roaming\Check Point Software Technologies LTD
Folder Found : C:\Users\alee\Documents\Updater

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 en-US)


-\\ Google Chrome v40.0.2214.115


-\\ Opera v27.0.1689.76


-\\ Chrome Canary v43.0.2314.0

*************************

AdwCleaner[R12].txt - [5266 bytes] - [06/01/2015 01:06:17]
AdwCleaner[R13].txt - [4747 bytes] - [06/01/2015 10:33:08]
AdwCleaner[R14].txt - [4038 bytes] - [25/02/2015 23:52:37]
AdwCleaner[R15].txt - [1098 bytes] - [26/02/2015 00:15:01]
AdwCleaner[S10].txt - [4931 bytes] - [06/01/2015 10:52:05]
AdwCleaner[S11].txt - [5848 bytes] - [26/02/2015 00:00:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R15].txt - [1278 bytes] ##########
 

 

# AdwCleaner v4.111 - Logfile created 26/02/2015 at 00:21:39
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : alee - ALEE-PC
# Running from : C:\Users\alee\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Deleted : C:\Users\alee\AppData\Roaming\Check Point Software Technologies LTD
Folder Deleted : C:\Users\alee\Documents\Updater

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 en-US)


-\\ Google Chrome v40.0.2214.115


-\\ Opera v27.0.1689.76


-\\ Chrome Canary v43.0.2314.0


*************************

AdwCleaner[R12].txt - [5266 bytes] - [06/01/2015 01:06:17]
AdwCleaner[R13].txt - [4747 bytes] - [06/01/2015 10:33:08]
AdwCleaner[R14].txt - [4038 bytes] - [25/02/2015 23:52:37]
AdwCleaner[R15].txt - [1358 bytes] - [26/02/2015 00:15:01]
AdwCleaner[S10].txt - [4931 bytes] - [06/01/2015 10:52:05]
AdwCleaner[S11].txt - [5848 bytes] - [26/02/2015 00:00:03]
AdwCleaner[S12].txt - [1290 bytes] - [26/02/2015 00:21:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S12].txt - [1350  bytes] ##########
 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 25 February 2015 - 01:57 PM

Looking good.


Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#6 teebe

teebe
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 25 February 2015 - 06:29 PM

Updates on the run, as far boot on kernel phase looks slight shorter while user mode does not changed, a better eval later.

Here's checkup.txt:

 

 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9016)   
 Panda Cloud Cleaner   
 Java 8 Update 31  
 JaVaWa Device Manager 3.7  
 JaVaWa GMTK 3.8   
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Mozilla Firefox (36.0)
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````  
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 26 February 2015 - 08:45 AM


Remove this program using the Add/Remove Programs.

Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)

I found that it's slowing down the boot process by checking for new drivers everytime you boot.

I removed it.

If I reinstall the application if a year or so I will scan and when completed I will again remove it.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 04 March 2015 - 09:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users