Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EpicUnitScan.Info Need help to remove.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Investmore

Investmore

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 19 February 2015 - 12:57 PM

Running a new install of Windows 7 Ultimate and immediately installed malwarebytes. Then I continued installing the rest of my software. Once I installed Chrome, malwarebytes started popping up an outbound blocked message coming from Chrome and trying to connect to epicunitscan.info. Found a forum recommending Combofix. Downloaded and ran before I read the site that said not to. Oops. Anyways, the malware is still there and was looking for any help to get rid of this thing. I have a feeling that it is syncing with my google so I will probably have to do the fix on multiple devices. Ill go ahead and post the Combofix log since I have it from this one. Thanks in advance!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Investmore

Investmore
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 19 February 2015 - 01:34 PM

FRST Logs...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by James (administrator) on JAMES-PC on 19-02-2015 13:22:50
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available profiles: James)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\...\Run: [GoogleChromeAutoLaunch_6B06BCEFC97BCF192292AD16DB5D7A73] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/?gws_rd=ssl
CHR StartupUrls: Default -> "https://www.google.com/?gws_rd=ssl", "hxxp://vosteran.com/?f=7&a=vst_ggbc_15_05_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyEyD0D0BzzyB0A0B0F0DtN0D0Tzu0StCtCtByDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0EyCyCzzyDtDtCtGzyzyyE0AtGzzyDtAtBtGtAzz0F0EtGyCyByE0CzzyCtB0FyDyCyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0EtA0AyEtBzzzytG0F0EtAyDtGyEtBtBtAtGzzyE0ByEtG0F0Czz0AyByDtDzztD0D0BtD2Q&cr=1617624882&ir="
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Forge of Empires) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-19]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]
CHR Extension: (Adblock Plus) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-19]
CHR Extension: (Pushbullet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-02-19]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]
CHR Extension: (Chromebleed) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-02-19]
CHR Extension: (Google Sheets) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-02-19]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-07-09] (DisplayLink Corp.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-10-09] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-10-09] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-10-09] (BitDefender LLC)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.6.56275.0.sys [46384 2014-07-10] ()
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 13:22 - 2015-02-19 13:23 - 00009946 _____ () C:\Users\James\Downloads\FRST.txt
2015-02-19 13:22 - 2015-02-19 13:22 - 02086912 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2015-02-19 13:22 - 2015-02-19 13:22 - 00000000 ____D () C:\FRST
2015-02-19 12:23 - 2015-02-19 12:23 - 00012303 _____ () C:\ComboFix.txt
2015-02-19 12:17 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-19 12:17 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-19 12:17 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-19 12:10 - 2015-02-19 12:10 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-02-19 12:10 - 2015-02-19 12:10 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-02-19 12:10 - 2015-02-19 12:10 - 00001313 _____ () C:\Windows\TSSysprep.log
2015-02-19 12:09 - 2015-02-19 12:18 - 00624539 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 12:08 - 2015-02-19 12:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-02-19 12:05 - 2015-02-19 09:14 - 00000000 ____D () C:\Windows\Panther
2015-02-19 11:53 - 2015-02-19 11:53 - 00368240 _____ (RegNow.com) C:\Users\James\Downloads\Download_SpyHunter-Installer.exe
2015-02-19 11:52 - 2015-02-19 12:23 - 00000000 ____D () C:\Qoobox
2015-02-19 11:52 - 2015-02-19 12:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-19 11:51 - 2015-02-19 11:54 - 05611903 ____R (Swearware) C:\Users\James\Downloads\ComboFix.exe
2015-02-19 11:32 - 2015-02-19 11:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-19 11:32 - 2015-02-19 11:32 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-19 11:32 - 2015-02-19 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-19 11:32 - 2015-02-19 11:32 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-19 11:31 - 2015-02-19 11:31 - 10995632 _____ (SurfRight B.V.) C:\Users\James\Downloads\HitmanPro_x64.exe
2015-02-19 11:13 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-02-19 11:13 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-02-19 11:13 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-02-19 11:06 - 2009-10-09 22:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2015-02-19 11:06 - 2009-10-09 21:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-02-19 11:03 - 2015-02-19 11:03 - 00000000 ____D () C:\Users\James\Desktop\Security
2015-02-19 10:57 - 2015-02-19 10:57 - 09826585 _____ () C:\Users\James\Downloads\AbstractsDark.themepack
2015-02-19 10:56 - 2015-02-19 10:56 - 00000000 ____D () C:\Users\James\Desktop\James
2015-02-19 10:56 - 2015-02-19 10:56 - 00000000 ____D () C:\ProgramData\BitDefender
2015-02-19 10:52 - 2015-02-19 10:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-02-19 10:52 - 2015-02-19 10:52 - 00000000 ____D () C:\Users\James\AppData\Roaming\LavasoftStatistics
2015-02-19 10:52 - 2015-02-19 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-19 10:52 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-02-19 10:51 - 2015-02-19 10:51 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-19 10:50 - 2015-02-19 10:50 - 01924232 _____ () C:\Users\James\Downloads\Adaware_Installer.exe
2015-02-19 10:50 - 2015-02-19 10:50 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-19 10:50 - 2015-02-19 10:50 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-19 10:32 - 2015-02-19 11:22 - 00009236 _____ () C:\Windows\PFRO.log
2015-02-19 10:20 - 2015-02-19 12:25 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 10:20 - 2015-02-19 12:14 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-19 10:20 - 2015-02-19 10:20 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-19 10:20 - 2015-02-19 10:20 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-19 10:20 - 2015-02-19 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-19 10:12 - 2015-02-19 12:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 10:12 - 2015-02-19 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-19 10:12 - 2015-02-19 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-19 10:12 - 2015-02-19 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-19 10:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-19 10:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-19 10:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-19 10:10 - 2015-02-19 10:20 - 00000000 ____D () C:\Users\James\AppData\Local\Google
2015-02-19 10:10 - 2015-02-19 10:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-19 10:09 - 2015-02-19 10:19 - 00000000 ____D () C:\Users\James\AppData\Local\Deployment
2015-02-19 10:09 - 2015-02-19 10:09 - 00000000 ____D () C:\Users\James\AppData\Local\Apps\2.0
2015-02-19 10:05 - 2015-02-19 10:05 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-02-19 10:03 - 2015-02-19 10:03 - 00057560 _____ () C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\Users\James\AppData\Roaming\WinRAR
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-19 09:46 - 2015-02-19 09:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-19 09:46 - 2015-02-19 09:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-19 09:32 - 2014-12-23 00:41 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-19 09:32 - 2010-09-14 01:45 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2015-02-19 09:32 - 2010-09-14 01:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2015-02-19 09:30 - 2015-02-19 09:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2015-02-19 09:30 - 2015-02-19 09:30 - 00000000 ____D () C:\Program Files\DellTPad
2015-02-19 09:30 - 2014-07-09 09:56 - 00435504 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmd.sys
2015-02-19 09:30 - 2014-07-09 09:56 - 00018736 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmdldr.sys
2015-02-19 09:28 - 2015-02-19 09:29 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2015-02-19 09:26 - 2015-02-19 09:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-19 09:26 - 2015-01-29 17:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-19 09:26 - 2010-03-03 23:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2015-02-19 09:25 - 2015-02-03 22:04 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-19 09:25 - 2015-02-03 22:01 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-19 09:25 - 2015-01-27 18:23 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-19 09:25 - 2014-12-03 21:31 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-19 09:25 - 2014-09-14 19:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-19 09:25 - 2012-09-06 12:38 - 00295792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-02-19 09:25 - 2011-08-30 00:21 - 14164480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-19 09:25 - 2011-08-29 23:28 - 12868096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-02-19 09:25 - 2011-04-09 01:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-19 09:25 - 2011-04-09 01:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-19 09:25 - 2011-04-09 01:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-19 09:25 - 2011-01-26 01:53 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-02-19 09:25 - 2011-01-26 01:53 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-02-19 09:25 - 2011-01-26 01:31 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2015-02-19 09:25 - 2010-12-21 01:15 - 01498112 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-19 09:25 - 2010-12-21 01:15 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2015-02-19 09:25 - 2010-12-21 01:15 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-02-19 09:25 - 2010-12-21 01:13 - 02003968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-02-19 09:25 - 2010-12-21 01:13 - 01880576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-19 09:25 - 2010-12-21 01:11 - 12369408 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-19 09:25 - 2010-12-21 01:10 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 01228288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2015-02-19 09:25 - 2010-12-21 00:36 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-02-19 09:25 - 2010-12-21 00:36 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-19 09:25 - 2010-12-21 00:35 - 10989056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-19 09:25 - 2010-12-21 00:34 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-02-19 09:25 - 2010-11-04 01:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-19 09:25 - 2010-11-04 01:31 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-19 09:25 - 2010-11-04 00:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-19 09:25 - 2010-11-04 00:48 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-19 09:25 - 2010-11-02 00:18 - 00662528 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-02-19 09:25 - 2010-11-02 00:18 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-02-19 09:25 - 2010-11-02 00:18 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 01837568 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 01540608 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-02-19 09:25 - 2010-11-01 23:41 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-02-19 09:25 - 2010-11-01 23:41 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-02-19 09:25 - 2010-11-01 23:41 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-02-19 09:25 - 2010-06-26 00:31 - 01863680 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-02-19 09:25 - 2010-06-26 00:14 - 01495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-02-19 09:25 - 2010-05-23 05:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-02-19 09:25 - 2010-05-23 05:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-19 09:25 - 2010-05-23 05:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2015-02-19 09:25 - 2010-05-23 03:37 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-02-19 09:25 - 2010-05-23 03:35 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-19 09:25 - 2010-05-23 03:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-02-19 09:25 - 2010-05-23 03:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-19 09:25 - 2010-03-24 01:59 - 01736608 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-19 09:25 - 2010-03-24 01:37 - 01289528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-02-19 09:25 - 2010-01-19 04:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-02-19 09:25 - 2010-01-19 04:00 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-02-19 09:25 - 2010-01-19 04:00 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-02-19 09:25 - 2010-01-19 04:00 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-02-19 09:25 - 2010-01-18 18:29 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-02-19 09:25 - 2010-01-18 18:29 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-02-19 09:25 - 2010-01-18 18:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-02-19 09:25 - 2010-01-18 18:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-02-19 09:25 - 2010-01-18 18:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-02-19 09:25 - 2010-01-18 18:28 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-02-19 09:25 - 2010-01-18 18:28 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-02-19 09:25 - 2010-01-18 18:28 - 00277504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-02-19 09:25 - 2009-12-11 05:29 - 00153160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-19 09:25 - 2009-12-11 04:24 - 01446912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-19 09:25 - 2009-12-11 02:39 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-19 09:25 - 2009-12-11 02:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-19 09:25 - 2009-10-31 01:34 - 02870272 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-02-19 09:25 - 2009-10-31 00:45 - 02614272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-02-19 09:25 - 2009-10-28 01:24 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-02-19 09:24 - 2011-04-09 01:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-02-19 09:24 - 2011-04-09 00:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-02-19 09:18 - 2015-02-19 09:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-19 09:18 - 2015-02-19 09:18 - 00000000 ____D () C:\Intel
2015-02-19 09:15 - 2015-02-19 09:15 - 00001447 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-19 09:15 - 2015-02-19 09:15 - 00001413 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-19 09:15 - 2015-02-19 09:15 - 00000000 ____D () C:\Users\James\AppData\Local\VirtualStore
2015-02-19 09:15 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-19 09:15 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-19 09:15 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-19 09:15 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-02-19 09:15 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-02-19 09:15 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-19 09:15 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-19 09:14 - 2015-02-19 09:15 - 00000000 ____D () C:\Users\James
2015-02-19 09:14 - 2015-02-19 09:14 - 00000020 ___SH () C:\Users\James\ntuser.ini
2015-02-19 09:14 - 2015-02-19 09:14 - 00000000 ____D () C:\Recovery
2015-02-19 09:14 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-19 09:14 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-19 09:14 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-19 09:14 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-27 00:23 - 2015-01-27 00:23 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 12:23 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-02-19 12:21 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-19 12:20 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-19 12:19 - 2009-07-13 23:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-19 12:19 - 2009-07-13 23:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-19 12:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-19 12:14 - 2009-07-13 23:51 - 00018500 _____ () C:\Windows\setupact.log
2015-02-19 12:10 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-19 12:10 - 2009-07-13 23:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2015-02-19 12:10 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-19 12:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-02-19 12:07 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\CSC
2015-02-19 12:05 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-02-19 12:05 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-02-19 10:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2015-02-19 10:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-19 09:49 - 2009-07-13 23:45 - 00265552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-19 09:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-19 09:14 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-19 12:06
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by James at 2015-02-19 13:23:16
Running from C:\Users\James\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.210 - ALPS ELECTRIC CO., LTD.)
DisplayLink Core Software (HKLM\...\{89E40591-0404-4769-88E7-F649C95AE151}) (Version: 7.6.56275.0 - DisplayLink Corp.)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
19-02-2015 09:14:37 Windows Update
19-02-2015 09:17:48 Windows Update
19-02-2015 09:25:54 Windows Update
19-02-2015 10:50:18 AA11
19-02-2015 11:06:10 Windows Update
19-02-2015 11:12:39 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {39E1B44A-FA9C-4228-8457-DE8D23961B8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)
Task: {7FB88733-795A-4B8B-86D7-2493F8FA0D03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-02-19 10:56 - 2015-02-19 10:56 - 00784712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-02-19 10:56 - 2015-02-19 10:56 - 00573544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-02-19 10:56 - 2015-02-19 10:56 - 02657264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-02-19 10:56 - 2015-02-19 10:56 - 01331648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2015-02-19 10:20 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-19 10:20 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-19 10:20 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1 - 10.10.10.241
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2107360565-3288374744-1642272945-500 - Administrator - Disabled)
Guest (S-1-5-21-2107360565-3288374744-1642272945-501 - Limited - Disabled)
James (S-1-5-21-2107360565-3288374744-1642272945-1000 - Administrator - Enabled) => C:\Users\James
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (02/19/2015 00:21:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2015 00:20:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2015 09:49:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%16405
 
Error: (02/19/2015 09:31:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2562937).
 
Error: (02/19/2015 09:31:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2467023).
 
Error: (02/19/2015 09:31:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB977074).
 
Error: (02/19/2015 09:31:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB976422).
 
Error: (02/19/2015 09:29:21 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The DisplayLinkManager service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/19/2015 09:20:02 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (02/19/2015 00:06:29 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
 
Microsoft Office Sessions:
=========================
 


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 24 February 2015 - 10:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "https://www.google.com/?gws_rd=ssl", "hxxp://vosteran.com/?f=7&a=vst_ggbc_15_05_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyEyD0D0BzzyB0A0B0F0DtN0D0Tzu0StCtCtByDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0EyCyCzzyDtDtCtGzyzyyE0AtGzzyDtAtBtGtAzz0F0EtGyCyByE0CzzyCtB0FyDyCyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0EtA0AyEtBzzzytG0F0EtAyDtGyEtBtBtAtGzzyE0ByEtG0F0Czz0AyByDtDzztD0D0BtD2Q&cr=1617624882&ir="

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#4 Investmore

Investmore
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 24 February 2015 - 03:26 PM

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by James (administrator) on JAMES-PC on 24-02-2015 14:59:16
Running from C:\Users\James\Desktop\FRST
Loaded Profiles: James (Available profiles: James)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Brother Industries, Ltd.) C:\Users\James\AppData\Local\Temp\{DB22BA35-7BE9-486C-BDD8-0D0AF82D27F9}\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}\BrLogRx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\RunOnce: [BrUrl] => rundll32 url.dll,FileProtocolHandler http://www.brother.com/rd/productreserch/usa/
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\...\Run: [GoogleChromeAutoLaunch_6B06BCEFC97BCF192292AD16DB5D7A73] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/?gws_rd=ssl
CHR StartupUrls: Default -> "https://www.google.com/?gws_rd=ssl", "hxxp://vosteran.com/?f=7&a=vst_ggbc_15_05_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyEyD0D0BzzyB0A0B0F0DtN0D0Tzu0StCtCtByDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0EyCyCzzyDtDtCtGzyzyyE0AtGzzyDtAtBtGtAzz0F0EtGyCyByE0CzzyCtB0FyDyCyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0EtA0AyEtBzzzytG0F0EtAyDtGyEtBtBtAtGzzyE0ByEtG0F0Czz0AyByDtDzztD0D0BtD2Q&cr=1617624882&ir="
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Forge of Empires) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-19]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]
CHR Extension: (Adblock Plus) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-19]
CHR Extension: (Pushbullet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-02-19]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]
CHR Extension: (Chromebleed) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-02-19]
CHR Extension: (Google Sheets) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-02-19]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-07-09] (DisplayLink Corp.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-10-09] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-10-09] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-10-09] (BitDefender LLC)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.6.56275.0.sys [46384 2014-07-10] ()
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-24 14:49 - 2015-02-24 14:59 - 00000000 ____D () C:\Users\James\Desktop\FRST
2015-02-24 14:40 - 2015-02-24 14:40 - 00000260 _____ () C:\Windows\Brpfx04a.ini
2015-02-24 14:40 - 2015-02-24 14:40 - 00000064 _____ () C:\Windows\brpcfx.ini
2015-02-24 14:40 - 2015-02-24 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-02-24 14:39 - 2015-02-24 14:39 - 00002944 _____ () C:\Windows\BRPARAM.INI
2015-02-24 14:36 - 2015-02-24 14:36 - 00000066 _____ () C:\Windows\Brfaxrx.ini
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\ProgramData\ControlCenter4
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\Program Files (x86)\Brother
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\Brother
2015-02-24 14:36 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2015-02-24 14:36 - 2012-07-31 02:39 - 01439744 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi209d.dll
2015-02-24 14:36 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2015-02-24 14:36 - 2012-07-05 06:32 - 00084480 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrNetSti.dll
2015-02-24 14:36 - 2012-06-05 01:59 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2015-02-24 14:36 - 2012-03-18 23:09 - 00316928 _____ (brother) C:\Windows\system32\NSSRH64.dll
2015-02-24 14:36 - 2010-09-23 03:14 - 00058880 _____ (Brother Industries,Ltd.) C:\Windows\system32\BrWiaNCp.dll
2015-02-24 14:36 - 2010-09-23 03:13 - 00051712 _____ (Brother Industries,Ltd) C:\Windows\system32\Brnsplg.dll
2015-02-24 14:36 - 2010-05-20 00:33 - 00103792 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBI100.EXE
2015-02-24 14:36 - 2010-04-01 05:27 - 00278528 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
2015-02-24 14:36 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2015-02-24 14:36 - 2010-03-15 18:04 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2015-02-24 14:36 - 2010-03-15 11:20 - 00050176 _____ (Brother Industries Ltd.) C:\Windows\SysWOW64\BRPRTINK.DLL
2015-02-24 14:36 - 2010-02-04 21:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2015-02-24 14:36 - 2009-12-08 16:19 - 00290304 ____N (Brother Industries, Ltd.) C:\Windows\system32\BrfxDA5c.dll
2015-02-24 14:36 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2015-02-24 14:36 - 2005-01-17 02:10 - 00045056 _____ () C:\Windows\SysWOW64\BRTCPCON.DLL
2015-02-24 14:36 - 2004-08-09 02:00 - 00000114 _____ () C:\Windows\SysWOW64\BRLMW03A.INI
2015-02-24 14:36 - 2004-08-09 01:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2015-02-24 14:36 - 2003-11-28 18:57 - 00000000 _____ () C:\Windows\brdfxspd.dat
2015-02-24 14:35 - 2015-02-24 14:39 - 00000000 ____D () C:\ProgramData\Brother
2015-02-24 14:35 - 2015-02-24 14:35 - 00000000 ____D () C:\Users\James\AppData\Roaming\InstallShield
2015-02-24 14:34 - 2015-02-24 14:34 - 02087424 _____ (Farbar) C:\Users\James\Downloads\FRST64 (1).exe
2015-02-24 14:34 - 2015-02-24 14:34 - 00000000 ____D () C:\Users\James\Downloads\wlan_wiz
2015-02-24 14:34 - 2015-02-24 14:34 - 00000000 ____D () C:\Users\James\Downloads\install
2015-02-24 14:32 - 2015-02-24 14:34 - 133383648 _____ (A.I.SOFT,INC.) C:\Users\James\Downloads\MFC-J6710DW-inst-F1-usa.EXE
2015-02-24 14:24 - 2015-02-24 14:24 - 00000000 ____D () C:\Users\James\AppData\Roaming\Lavasoft
2015-02-19 14:02 - 2015-02-19 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-19 14:01 - 2015-02-19 14:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-02-19 14:00 - 2015-02-19 14:00 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-19 14:00 - 2015-02-19 14:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-02-19 13:58 - 2015-02-19 13:58 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-19 13:58 - 2015-02-19 13:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-02-19 13:57 - 2015-02-19 14:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-19 13:57 - 2015-02-19 14:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-19 13:57 - 2015-02-19 13:57 - 00000000 ____D () C:\Users\James\AppData\Local\Microsoft Help
2015-02-19 13:56 - 2015-02-19 13:56 - 00000000 __RHD () C:\MSOCache
2015-02-19 13:46 - 2015-02-19 13:49 - 00000000 ____D () C:\AdwCleaner
2015-02-19 13:46 - 2015-02-19 13:46 - 00002002 _____ () C:\Users\James\Desktop\Rkill.txt
2015-02-19 13:44 - 2015-02-19 13:44 - 02126848 _____ () C:\Users\James\Downloads\AdwCleaner.exe
2015-02-19 13:43 - 2015-02-19 13:43 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.exe
2015-02-19 13:32 - 2015-02-19 13:32 - 01122449 _____ (Thisisu) C:\Users\James\Downloads\JRT (1).exe
2015-02-19 13:31 - 2015-02-19 13:31 - 00000629 _____ () C:\Users\James\Desktop\JRT.txt
2015-02-19 13:27 - 2015-02-19 13:27 - 01388274 _____ (Thisisu) C:\Users\James\Downloads\JRT.exe
2015-02-19 13:23 - 2015-02-19 13:23 - 00018950 _____ () C:\Users\James\Downloads\Addition.txt
2015-02-19 13:22 - 2015-02-24 14:59 - 00000000 ____D () C:\FRST
2015-02-19 13:22 - 2015-02-19 13:23 - 00035720 _____ () C:\Users\James\Downloads\FRST.txt
2015-02-19 12:23 - 2015-02-19 12:23 - 00012303 _____ () C:\ComboFix.txt
2015-02-19 12:17 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-19 12:17 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-19 12:17 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-19 12:10 - 2015-02-19 12:10 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-02-19 12:10 - 2015-02-19 12:10 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-02-19 12:10 - 2015-02-19 12:10 - 00001313 _____ () C:\Windows\TSSysprep.log
2015-02-19 12:09 - 2015-02-24 14:58 - 00789473 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 12:08 - 2015-02-19 12:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-02-19 12:05 - 2015-02-19 09:14 - 00000000 ____D () C:\Windows\Panther
2015-02-19 11:53 - 2015-02-19 11:53 - 00368240 _____ (RegNow.com) C:\Users\James\Downloads\Download_SpyHunter-Installer.exe
2015-02-19 11:52 - 2015-02-19 12:23 - 00000000 ____D () C:\Qoobox
2015-02-19 11:52 - 2015-02-19 12:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-19 11:51 - 2015-02-19 11:54 - 05611903 ____R (Swearware) C:\Users\James\Downloads\ComboFix.exe
2015-02-19 11:32 - 2015-02-19 11:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-19 11:32 - 2015-02-19 11:32 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-19 11:32 - 2015-02-19 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-19 11:32 - 2015-02-19 11:32 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-19 11:31 - 2015-02-19 11:31 - 10995632 _____ (SurfRight B.V.) C:\Users\James\Downloads\HitmanPro_x64.exe
2015-02-19 11:13 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-02-19 11:13 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-02-19 11:13 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-02-19 11:06 - 2009-10-09 22:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2015-02-19 11:06 - 2009-10-09 21:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-02-19 11:03 - 2015-02-19 11:03 - 00000000 ____D () C:\Users\James\Desktop\Security
2015-02-19 10:57 - 2015-02-19 10:57 - 09826585 _____ () C:\Users\James\Downloads\AbstractsDark.themepack
2015-02-19 10:56 - 2015-02-19 10:56 - 00000000 ____D () C:\Users\James\Desktop\James
2015-02-19 10:56 - 2015-02-19 10:56 - 00000000 ____D () C:\ProgramData\BitDefender
2015-02-19 10:52 - 2015-02-19 10:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-02-19 10:52 - 2015-02-19 10:52 - 00000000 ____D () C:\Users\James\AppData\Roaming\LavasoftStatistics
2015-02-19 10:52 - 2015-02-19 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-19 10:52 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-02-19 10:51 - 2015-02-19 10:51 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-19 10:50 - 2015-02-19 10:50 - 01924232 _____ () C:\Users\James\Downloads\Adaware_Installer.exe
2015-02-19 10:50 - 2015-02-19 10:50 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-19 10:50 - 2015-02-19 10:50 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-19 10:32 - 2015-02-19 13:50 - 00009788 _____ () C:\Windows\PFRO.log
2015-02-19 10:20 - 2015-02-24 14:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-19 10:20 - 2015-02-24 14:25 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 10:20 - 2015-02-19 10:20 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-19 10:20 - 2015-02-19 10:20 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-19 10:20 - 2015-02-19 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-19 10:12 - 2015-02-24 14:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 10:12 - 2015-02-19 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-19 10:12 - 2015-02-19 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-19 10:12 - 2015-02-19 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-19 10:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-19 10:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-19 10:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-19 10:10 - 2015-02-19 10:20 - 00000000 ____D () C:\Users\James\AppData\Local\Google
2015-02-19 10:10 - 2015-02-19 10:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-19 10:09 - 2015-02-19 10:19 - 00000000 ____D () C:\Users\James\AppData\Local\Deployment
2015-02-19 10:09 - 2015-02-19 10:09 - 00000000 ____D () C:\Users\James\AppData\Local\Apps\2.0
2015-02-19 10:05 - 2015-02-19 10:05 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-02-19 10:03 - 2015-02-19 10:03 - 00057560 _____ () C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\Users\James\AppData\Roaming\WinRAR
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-19 09:46 - 2015-02-19 09:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-19 09:46 - 2015-02-19 09:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-19 09:32 - 2014-12-23 00:41 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-19 09:32 - 2010-09-14 01:45 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2015-02-19 09:32 - 2010-09-14 01:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2015-02-19 09:30 - 2015-02-19 09:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2015-02-19 09:30 - 2015-02-19 09:30 - 00000000 ____D () C:\Program Files\DellTPad
2015-02-19 09:30 - 2014-07-09 09:56 - 00435504 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmd.sys
2015-02-19 09:30 - 2014-07-09 09:56 - 00018736 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmdldr.sys
2015-02-19 09:28 - 2015-02-19 09:29 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2015-02-19 09:26 - 2015-02-19 09:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-19 09:26 - 2015-01-29 17:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-19 09:26 - 2010-03-03 23:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2015-02-19 09:25 - 2015-02-03 22:04 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-19 09:25 - 2015-02-03 22:01 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-19 09:25 - 2015-01-27 18:23 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-19 09:25 - 2014-12-03 21:31 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-19 09:25 - 2014-09-14 19:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-19 09:25 - 2012-09-06 12:38 - 00295792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-02-19 09:25 - 2011-08-30 00:21 - 14164480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-19 09:25 - 2011-08-29 23:28 - 12868096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-02-19 09:25 - 2011-04-09 01:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-19 09:25 - 2011-04-09 01:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-19 09:25 - 2011-04-09 01:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-19 09:25 - 2011-01-26 01:53 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-02-19 09:25 - 2011-01-26 01:53 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-02-19 09:25 - 2011-01-26 01:31 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2015-02-19 09:25 - 2010-12-21 01:15 - 01498112 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-19 09:25 - 2010-12-21 01:15 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2015-02-19 09:25 - 2010-12-21 01:15 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-02-19 09:25 - 2010-12-21 01:13 - 02003968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-02-19 09:25 - 2010-12-21 01:13 - 01880576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-19 09:25 - 2010-12-21 01:11 - 12369408 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-19 09:25 - 2010-12-21 01:10 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 01228288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2015-02-19 09:25 - 2010-12-21 00:36 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-02-19 09:25 - 2010-12-21 00:36 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-19 09:25 - 2010-12-21 00:35 - 10989056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-19 09:25 - 2010-12-21 00:34 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-02-19 09:25 - 2010-11-04 01:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-19 09:25 - 2010-11-04 01:31 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-19 09:25 - 2010-11-04 00:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-19 09:25 - 2010-11-04 00:48 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-19 09:25 - 2010-11-02 00:18 - 00662528 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-02-19 09:25 - 2010-11-02 00:18 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-02-19 09:25 - 2010-11-02 00:18 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 01837568 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 01540608 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-02-19 09:25 - 2010-11-01 23:41 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-02-19 09:25 - 2010-11-01 23:41 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-02-19 09:25 - 2010-11-01 23:41 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-02-19 09:25 - 2010-06-26 00:31 - 01863680 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-02-19 09:25 - 2010-06-26 00:14 - 01495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-02-19 09:25 - 2010-05-23 05:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-02-19 09:25 - 2010-05-23 05:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-19 09:25 - 2010-05-23 05:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2015-02-19 09:25 - 2010-05-23 03:37 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-02-19 09:25 - 2010-05-23 03:35 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-19 09:25 - 2010-05-23 03:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-02-19 09:25 - 2010-05-23 03:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-19 09:25 - 2010-03-24 01:59 - 01736608 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-19 09:25 - 2010-03-24 01:37 - 01289528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-02-19 09:25 - 2010-01-19 04:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-02-19 09:25 - 2010-01-19 04:00 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-02-19 09:25 - 2010-01-19 04:00 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-02-19 09:25 - 2010-01-19 04:00 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-02-19 09:25 - 2010-01-18 18:29 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-02-19 09:25 - 2010-01-18 18:29 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-02-19 09:25 - 2010-01-18 18:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-02-19 09:25 - 2010-01-18 18:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-02-19 09:25 - 2010-01-18 18:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-02-19 09:25 - 2010-01-18 18:28 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-02-19 09:25 - 2010-01-18 18:28 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-02-19 09:25 - 2010-01-18 18:28 - 00277504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-02-19 09:25 - 2009-12-11 05:29 - 00153160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-19 09:25 - 2009-12-11 04:24 - 01446912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-19 09:25 - 2009-12-11 02:39 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-19 09:25 - 2009-12-11 02:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-19 09:25 - 2009-10-31 01:34 - 02870272 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-02-19 09:25 - 2009-10-31 00:45 - 02614272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-02-19 09:25 - 2009-10-28 01:24 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-02-19 09:24 - 2011-04-09 01:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-02-19 09:24 - 2011-04-09 00:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-02-19 09:18 - 2015-02-19 09:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-19 09:18 - 2015-02-19 09:18 - 00000000 ____D () C:\Intel
2015-02-19 09:15 - 2015-02-19 09:15 - 00001447 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-19 09:15 - 2015-02-19 09:15 - 00001413 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-19 09:15 - 2015-02-19 09:15 - 00000000 ____D () C:\Users\James\AppData\Local\VirtualStore
2015-02-19 09:15 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-19 09:15 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-19 09:15 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-19 09:15 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-02-19 09:15 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-02-19 09:15 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-19 09:15 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-19 09:14 - 2015-02-19 09:15 - 00000000 ____D () C:\Users\James
2015-02-19 09:14 - 2015-02-19 09:14 - 00000020 ___SH () C:\Users\James\ntuser.ini
2015-02-19 09:14 - 2015-02-19 09:14 - 00000000 ____D () C:\Recovery
2015-02-19 09:14 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-19 09:14 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-19 09:14 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-19 09:14 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-27 00:23 - 2015-01-27 00:23 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-24 14:27 - 2009-07-13 23:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:27 - 2009-07-13 23:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:26 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 14:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 14:22 - 2009-07-13 23:51 - 00019462 _____ () C:\Windows\setupact.log
2015-02-23 11:23 - 2009-07-13 23:45 - 00412264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-19 14:07 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\ShellNew
2015-02-19 14:01 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-19 13:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-19 13:57 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-19 12:23 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-02-19 12:21 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-19 12:10 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-19 12:10 - 2009-07-13 23:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2015-02-19 12:10 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-19 12:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-02-19 12:07 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\CSC
2015-02-19 12:05 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-02-19 12:05 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-02-19 10:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2015-02-19 10:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-19 09:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-19 09:14 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
 
Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-19 12:06
 
==================== End Of Log ============================
 
AdwCleaner.txt
 
# AdwCleaner v4.111 - Logfile created 24/02/2015 at 15:19:46
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Google Chrome v40.0.2214.115
 
 
*************************
 
AdwCleaner[R0].txt - [784 bytes] - [19/02/2015 13:46:59]
AdwCleaner[R1].txt - [904 bytes] - [24/02/2015 15:17:33]
AdwCleaner[S0].txt - [851 bytes] - [19/02/2015 13:49:14]
AdwCleaner[S1].txt - [834 bytes] - [24/02/2015 15:19:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [892  bytes] ##########
 
 
So far so good! Thanks for the help!!!


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 25 February 2015 - 08:30 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

p.s.
If you still have the Fixlog.txt that was created when you have executed my fix I would like to see the content.
Please post it.

#6 Investmore

Investmore
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 25 February 2015 - 01:42 PM

Checkup.txt

 

 Results of screen317's Security Check version 0.99.97  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Ad-Aware Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.5.202.7299\AdAwareService.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.5.202.7299\AdAwareTray.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 8% 
````````````````````End of Log`````````````````````` 
 
Fixlog... FRST? This is what I could find from that. Not sure if its what you're looking for.
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by James (administrator) on JAMES-PC on 24-02-2015 14:59:16
Running from C:\Users\James\Desktop\FRST
Loaded Profiles: James (Available profiles: James)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Brother Industries, Ltd.) C:\Users\James\AppData\Local\Temp\{DB22BA35-7BE9-486C-BDD8-0D0AF82D27F9}\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}\BrLogRx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\RunOnce: [BrUrl] => rundll32 url.dll,FileProtocolHandler http://www.brother.com/rd/productreserch/usa/
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\...\Run: [GoogleChromeAutoLaunch_6B06BCEFC97BCF192292AD16DB5D7A73] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2107360565-3288374744-1642272945-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/?gws_rd=ssl
CHR StartupUrls: Default -> "https://www.google.com/?gws_rd=ssl", "hxxp://vosteran.com/?f=7&a=vst_ggbc_15_05_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyEyD0D0BzzyB0A0B0F0DtN0D0Tzu0StCtCtByDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0EyCyCzzyDtDtCtGzyzyyE0AtGzzyDtAtBtGtAzz0F0EtGyCyByE0CzzyCtB0FyDyCyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0EtA0AyEtBzzzytG0F0EtAyDtGyEtBtBtAtGzzyE0ByEtG0F0Czz0AyByDtDzztD0D0BtD2Q&cr=1617624882&ir="
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Forge of Empires) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-19]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]
CHR Extension: (Adblock Plus) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-19]
CHR Extension: (Pushbullet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-02-19]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]
CHR Extension: (Chromebleed) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-02-19]
CHR Extension: (Google Sheets) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-02-19]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-07-09] (DisplayLink Corp.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-10-09] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-10-09] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-10-09] (BitDefender LLC)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.6.56275.0.sys [46384 2014-07-10] ()
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-24 14:49 - 2015-02-24 14:59 - 00000000 ____D () C:\Users\James\Desktop\FRST
2015-02-24 14:40 - 2015-02-24 14:40 - 00000260 _____ () C:\Windows\Brpfx04a.ini
2015-02-24 14:40 - 2015-02-24 14:40 - 00000064 _____ () C:\Windows\brpcfx.ini
2015-02-24 14:40 - 2015-02-24 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-02-24 14:39 - 2015-02-24 14:39 - 00002944 _____ () C:\Windows\BRPARAM.INI
2015-02-24 14:36 - 2015-02-24 14:36 - 00000066 _____ () C:\Windows\Brfaxrx.ini
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\ProgramData\ControlCenter4
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\Program Files (x86)\Brother
2015-02-24 14:36 - 2015-02-24 14:36 - 00000000 ____D () C:\Brother
2015-02-24 14:36 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2015-02-24 14:36 - 2012-07-31 02:39 - 01439744 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi209d.dll
2015-02-24 14:36 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2015-02-24 14:36 - 2012-07-05 06:32 - 00084480 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrNetSti.dll
2015-02-24 14:36 - 2012-06-05 01:59 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2015-02-24 14:36 - 2012-03-18 23:09 - 00316928 _____ (brother) C:\Windows\system32\NSSRH64.dll
2015-02-24 14:36 - 2010-09-23 03:14 - 00058880 _____ (Brother Industries,Ltd.) C:\Windows\system32\BrWiaNCp.dll
2015-02-24 14:36 - 2010-09-23 03:13 - 00051712 _____ (Brother Industries,Ltd) C:\Windows\system32\Brnsplg.dll
2015-02-24 14:36 - 2010-05-20 00:33 - 00103792 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBI100.EXE
2015-02-24 14:36 - 2010-04-01 05:27 - 00278528 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
2015-02-24 14:36 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2015-02-24 14:36 - 2010-03-15 18:04 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2015-02-24 14:36 - 2010-03-15 11:20 - 00050176 _____ (Brother Industries Ltd.) C:\Windows\SysWOW64\BRPRTINK.DLL
2015-02-24 14:36 - 2010-02-04 21:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2015-02-24 14:36 - 2009-12-08 16:19 - 00290304 ____N (Brother Industries, Ltd.) C:\Windows\system32\BrfxDA5c.dll
2015-02-24 14:36 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2015-02-24 14:36 - 2005-01-17 02:10 - 00045056 _____ () C:\Windows\SysWOW64\BRTCPCON.DLL
2015-02-24 14:36 - 2004-08-09 02:00 - 00000114 _____ () C:\Windows\SysWOW64\BRLMW03A.INI
2015-02-24 14:36 - 2004-08-09 01:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2015-02-24 14:36 - 2003-11-28 18:57 - 00000000 _____ () C:\Windows\brdfxspd.dat
2015-02-24 14:35 - 2015-02-24 14:39 - 00000000 ____D () C:\ProgramData\Brother
2015-02-24 14:35 - 2015-02-24 14:35 - 00000000 ____D () C:\Users\James\AppData\Roaming\InstallShield
2015-02-24 14:34 - 2015-02-24 14:34 - 02087424 _____ (Farbar) C:\Users\James\Downloads\FRST64 (1).exe
2015-02-24 14:34 - 2015-02-24 14:34 - 00000000 ____D () C:\Users\James\Downloads\wlan_wiz
2015-02-24 14:34 - 2015-02-24 14:34 - 00000000 ____D () C:\Users\James\Downloads\install
2015-02-24 14:32 - 2015-02-24 14:34 - 133383648 _____ (A.I.SOFT,INC.) C:\Users\James\Downloads\MFC-J6710DW-inst-F1-usa.EXE
2015-02-24 14:24 - 2015-02-24 14:24 - 00000000 ____D () C:\Users\James\AppData\Roaming\Lavasoft
2015-02-19 14:02 - 2015-02-19 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-19 14:01 - 2015-02-19 14:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-02-19 14:00 - 2015-02-19 14:00 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-19 14:00 - 2015-02-19 14:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-02-19 13:58 - 2015-02-19 13:58 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-19 13:58 - 2015-02-19 13:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-02-19 13:57 - 2015-02-19 14:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-19 13:57 - 2015-02-19 14:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-19 13:57 - 2015-02-19 13:57 - 00000000 ____D () C:\Users\James\AppData\Local\Microsoft Help
2015-02-19 13:56 - 2015-02-19 13:56 - 00000000 __RHD () C:\MSOCache
2015-02-19 13:46 - 2015-02-19 13:49 - 00000000 ____D () C:\AdwCleaner
2015-02-19 13:46 - 2015-02-19 13:46 - 00002002 _____ () C:\Users\James\Desktop\Rkill.txt
2015-02-19 13:44 - 2015-02-19 13:44 - 02126848 _____ () C:\Users\James\Downloads\AdwCleaner.exe
2015-02-19 13:43 - 2015-02-19 13:43 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.exe
2015-02-19 13:32 - 2015-02-19 13:32 - 01122449 _____ (Thisisu) C:\Users\James\Downloads\JRT (1).exe
2015-02-19 13:31 - 2015-02-19 13:31 - 00000629 _____ () C:\Users\James\Desktop\JRT.txt
2015-02-19 13:27 - 2015-02-19 13:27 - 01388274 _____ (Thisisu) C:\Users\James\Downloads\JRT.exe
2015-02-19 13:23 - 2015-02-19 13:23 - 00018950 _____ () C:\Users\James\Downloads\Addition.txt
2015-02-19 13:22 - 2015-02-24 14:59 - 00000000 ____D () C:\FRST
2015-02-19 13:22 - 2015-02-19 13:23 - 00035720 _____ () C:\Users\James\Downloads\FRST.txt
2015-02-19 12:23 - 2015-02-19 12:23 - 00012303 _____ () C:\ComboFix.txt
2015-02-19 12:17 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-19 12:17 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-19 12:17 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-19 12:17 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-19 12:10 - 2015-02-19 12:10 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-02-19 12:10 - 2015-02-19 12:10 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-02-19 12:10 - 2015-02-19 12:10 - 00001313 _____ () C:\Windows\TSSysprep.log
2015-02-19 12:09 - 2015-02-24 14:58 - 00789473 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 12:08 - 2015-02-19 12:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-02-19 12:05 - 2015-02-19 09:14 - 00000000 ____D () C:\Windows\Panther
2015-02-19 11:53 - 2015-02-19 11:53 - 00368240 _____ (RegNow.com) C:\Users\James\Downloads\Download_SpyHunter-Installer.exe
2015-02-19 11:52 - 2015-02-19 12:23 - 00000000 ____D () C:\Qoobox
2015-02-19 11:52 - 2015-02-19 12:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-19 11:51 - 2015-02-19 11:54 - 05611903 ____R (Swearware) C:\Users\James\Downloads\ComboFix.exe
2015-02-19 11:32 - 2015-02-19 11:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-19 11:32 - 2015-02-19 11:32 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-19 11:32 - 2015-02-19 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-19 11:32 - 2015-02-19 11:32 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-19 11:31 - 2015-02-19 11:31 - 10995632 _____ (SurfRight B.V.) C:\Users\James\Downloads\HitmanPro_x64.exe
2015-02-19 11:13 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-02-19 11:13 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-02-19 11:13 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-02-19 11:13 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-02-19 11:06 - 2009-10-09 22:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2015-02-19 11:06 - 2009-10-09 21:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-02-19 11:03 - 2015-02-19 11:03 - 00000000 ____D () C:\Users\James\Desktop\Security
2015-02-19 10:57 - 2015-02-19 10:57 - 09826585 _____ () C:\Users\James\Downloads\AbstractsDark.themepack
2015-02-19 10:56 - 2015-02-19 10:56 - 00000000 ____D () C:\Users\James\Desktop\James
2015-02-19 10:56 - 2015-02-19 10:56 - 00000000 ____D () C:\ProgramData\BitDefender
2015-02-19 10:52 - 2015-02-19 10:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-02-19 10:52 - 2015-02-19 10:52 - 00000000 ____D () C:\Users\James\AppData\Roaming\LavasoftStatistics
2015-02-19 10:52 - 2015-02-19 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-19 10:52 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-02-19 10:52 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-02-19 10:51 - 2015-02-19 10:51 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-19 10:50 - 2015-02-19 10:50 - 01924232 _____ () C:\Users\James\Downloads\Adaware_Installer.exe
2015-02-19 10:50 - 2015-02-19 10:50 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-19 10:50 - 2015-02-19 10:50 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-19 10:32 - 2015-02-19 13:50 - 00009788 _____ () C:\Windows\PFRO.log
2015-02-19 10:20 - 2015-02-24 14:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-19 10:20 - 2015-02-24 14:25 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 10:20 - 2015-02-19 10:20 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-19 10:20 - 2015-02-19 10:20 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-19 10:20 - 2015-02-19 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-19 10:12 - 2015-02-24 14:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 10:12 - 2015-02-19 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-19 10:12 - 2015-02-19 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-19 10:12 - 2015-02-19 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-19 10:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-19 10:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-19 10:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-19 10:10 - 2015-02-19 10:20 - 00000000 ____D () C:\Users\James\AppData\Local\Google
2015-02-19 10:10 - 2015-02-19 10:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-19 10:09 - 2015-02-19 10:19 - 00000000 ____D () C:\Users\James\AppData\Local\Deployment
2015-02-19 10:09 - 2015-02-19 10:09 - 00000000 ____D () C:\Users\James\AppData\Local\Apps\2.0
2015-02-19 10:05 - 2015-02-19 10:05 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-02-19 10:03 - 2015-02-19 10:03 - 00057560 _____ () C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\Users\James\AppData\Roaming\WinRAR
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 10:02 - 2015-02-19 10:02 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-19 09:46 - 2015-02-19 09:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-19 09:46 - 2015-02-19 09:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-19 09:32 - 2014-12-23 00:41 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-19 09:32 - 2010-09-14 01:45 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2015-02-19 09:32 - 2010-09-14 01:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2015-02-19 09:30 - 2015-02-19 09:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2015-02-19 09:30 - 2015-02-19 09:30 - 00000000 ____D () C:\Program Files\DellTPad
2015-02-19 09:30 - 2014-07-09 09:56 - 00435504 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmd.sys
2015-02-19 09:30 - 2014-07-09 09:56 - 00018736 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmdldr.sys
2015-02-19 09:28 - 2015-02-19 09:29 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2015-02-19 09:26 - 2015-02-19 09:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-19 09:26 - 2015-01-29 17:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-19 09:26 - 2010-03-03 23:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2015-02-19 09:25 - 2015-02-03 22:04 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-19 09:25 - 2015-02-03 22:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-19 09:25 - 2015-02-03 22:01 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-19 09:25 - 2015-01-27 18:23 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-19 09:25 - 2014-12-03 21:31 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-19 09:25 - 2014-09-14 19:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-19 09:25 - 2012-09-06 12:38 - 00295792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-02-19 09:25 - 2011-08-30 00:21 - 14164480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-19 09:25 - 2011-08-29 23:28 - 12868096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-02-19 09:25 - 2011-04-09 01:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-19 09:25 - 2011-04-09 01:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-19 09:25 - 2011-04-09 01:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-19 09:25 - 2011-01-26 01:53 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-02-19 09:25 - 2011-01-26 01:53 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-02-19 09:25 - 2011-01-26 01:31 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2015-02-19 09:25 - 2010-12-21 01:16 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2015-02-19 09:25 - 2010-12-21 01:15 - 01498112 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-19 09:25 - 2010-12-21 01:15 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2015-02-19 09:25 - 2010-12-21 01:15 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-02-19 09:25 - 2010-12-21 01:13 - 02003968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-02-19 09:25 - 2010-12-21 01:13 - 01880576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-19 09:25 - 2010-12-21 01:11 - 12369408 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-19 09:25 - 2010-12-21 01:10 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 01228288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2015-02-19 09:25 - 2010-12-21 00:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2015-02-19 09:25 - 2010-12-21 00:36 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-02-19 09:25 - 2010-12-21 00:36 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-19 09:25 - 2010-12-21 00:35 - 10989056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-19 09:25 - 2010-12-21 00:34 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-02-19 09:25 - 2010-11-04 01:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-19 09:25 - 2010-11-04 01:31 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-19 09:25 - 2010-11-04 00:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-19 09:25 - 2010-11-04 00:48 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-19 09:25 - 2010-11-02 00:18 - 00662528 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-02-19 09:25 - 2010-11-02 00:18 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-02-19 09:25 - 2010-11-02 00:18 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 01837568 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 01540608 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-02-19 09:25 - 2010-11-02 00:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-02-19 09:25 - 2010-11-01 23:41 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-02-19 09:25 - 2010-11-01 23:41 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-02-19 09:25 - 2010-11-01 23:41 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-02-19 09:25 - 2010-11-01 23:35 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-02-19 09:25 - 2010-06-26 00:31 - 01863680 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-02-19 09:25 - 2010-06-26 00:14 - 01495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-02-19 09:25 - 2010-05-23 05:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-02-19 09:25 - 2010-05-23 05:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-19 09:25 - 2010-05-23 05:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2015-02-19 09:25 - 2010-05-23 03:37 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-02-19 09:25 - 2010-05-23 03:35 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-19 09:25 - 2010-05-23 03:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-02-19 09:25 - 2010-05-23 03:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-19 09:25 - 2010-03-24 01:59 - 01736608 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-19 09:25 - 2010-03-24 01:37 - 01289528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-02-19 09:25 - 2010-01-19 04:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-02-19 09:25 - 2010-01-19 04:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-02-19 09:25 - 2010-01-19 04:00 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-02-19 09:25 - 2010-01-19 04:00 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-02-19 09:25 - 2010-01-19 04:00 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-02-19 09:25 - 2010-01-18 18:29 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-02-19 09:25 - 2010-01-18 18:29 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-02-19 09:25 - 2010-01-18 18:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-02-19 09:25 - 2010-01-18 18:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-02-19 09:25 - 2010-01-18 18:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-02-19 09:25 - 2010-01-18 18:28 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-02-19 09:25 - 2010-01-18 18:28 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-02-19 09:25 - 2010-01-18 18:28 - 00277504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-02-19 09:25 - 2009-12-11 05:29 - 00153160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-19 09:25 - 2009-12-11 04:24 - 01446912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-19 09:25 - 2009-12-11 02:39 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-19 09:25 - 2009-12-11 02:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-19 09:25 - 2009-10-31 01:34 - 02870272 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-02-19 09:25 - 2009-10-31 00:45 - 02614272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-02-19 09:25 - 2009-10-28 01:24 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-02-19 09:24 - 2011-04-09 01:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-02-19 09:24 - 2011-04-09 00:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-02-19 09:18 - 2015-02-19 09:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-19 09:18 - 2015-02-19 09:18 - 00000000 ____D () C:\Intel
2015-02-19 09:15 - 2015-02-19 09:15 - 00001447 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-19 09:15 - 2015-02-19 09:15 - 00001413 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-19 09:15 - 2015-02-19 09:15 - 00000000 ____D () C:\Users\James\AppData\Local\VirtualStore
2015-02-19 09:15 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-19 09:15 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-19 09:15 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-19 09:15 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-02-19 09:15 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-02-19 09:15 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-19 09:15 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-19 09:14 - 2015-02-19 09:15 - 00000000 ____D () C:\Users\James
2015-02-19 09:14 - 2015-02-19 09:14 - 00000020 ___SH () C:\Users\James\ntuser.ini
2015-02-19 09:14 - 2015-02-19 09:14 - 00000000 ____D () C:\Recovery
2015-02-19 09:14 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-19 09:14 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-19 09:14 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-19 09:14 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-27 00:23 - 2015-01-27 00:23 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-24 14:27 - 2009-07-13 23:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:27 - 2009-07-13 23:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:26 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 14:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 14:22 - 2009-07-13 23:51 - 00019462 _____ () C:\Windows\setupact.log
2015-02-23 11:23 - 2009-07-13 23:45 - 00412264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-19 14:07 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\ShellNew
2015-02-19 14:01 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-19 13:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-19 13:57 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-19 12:23 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-02-19 12:21 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-19 12:10 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-19 12:10 - 2009-07-13 23:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2015-02-19 12:10 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-19 12:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-02-19 12:07 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\CSC
2015-02-19 12:05 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-02-19 12:05 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-02-19 10:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2015-02-19 10:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-19 09:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-19 09:14 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
 
Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-19 12:06
 
==================== End Of Log ============================
 
Still running good. Have not seen any blocked outbounds from Malwarbytes.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 25 February 2015 - 02:04 PM

Windows 7 x64 (UAC is enabled)
Out of date service pack!!

For your added security I suggest that your get the Windows 7 Service pack.

Navigate to this Microsoft page and follow the update instructions.
http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 Investmore

Investmore
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 27 February 2015 - 11:55 AM

Service pack install always fails... Also tried to install Directx and it is failing as well...



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 27 February 2015 - 02:30 PM

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#10 Investmore

Investmore
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 04 March 2015 - 10:22 AM

FSS.

 

Farbar Service Scanner Version: 17-01-2015
Ran by James (administrator) on 04-03-2015 at 10:21:25
Running from "C:\Users\James\Downloads"
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 

 

**** End of log ****


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 04 March 2015 - 02:24 PM

Make sure you make a restore point as suggested below.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Click Next at the Welcome Screen, Click Next on Step 1 Screen
  • Click Next on Step 2 Screen, Click Do it on Step 3 Screen, After is has completed click Next
  • On Step 4 Under System Restore Click Create, Then under registry back-up Click Backup When you have completed this click Next
  • Click on Repairs
  • Click Open repairs - Icon in the bottom right corner
  • Click the Unselect All button then select just the item(s) below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    14 - Removed Temp Files
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    How is it now?


#12 Investmore

Investmore
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 05 March 2015 - 02:11 PM

SP1 update still not working. Here is the log from Windows repair.

 

Log:
Tweaking.com - Windows Repair v2.11.2
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Ultimate
OS Architecture: 64-bit
OS Version: 6.1.7600
OS Service Pack: 
Computer Name: JAMES-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: 
Current Profile SID: S-1-5-21-2107360565-3288374744-1642272945-1000
Current Profile Classes: S-1-5-21-2107360565-3288374744-1642272945-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\James\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:35:10
 
Process Count: 53
Commit Total: 2.76 GB
Commit Limit: 15.60 GB
Commit Peak: 2.95 GB
Handle Count: 17769
Kernel Total: 808.23 MB
Kernel Paged: 660.61 MB
Kernel Non Paged: 147.63 MB
System Cache: 3.98 GB
Thread Count: 862
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.80 GB
Memory Used: 2.90 GB(37.224%)
Memory Avail.: 4.90 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.80 GB
Memory Used: 2.32 GB(29.7812%)
Memory Avail.: 5.48 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (3/5/2015 1:50:26 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 1
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (3/5/2015 1:50:29 PM)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under Current User Account
   Done (3/5/2015 1:50:33 PM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/5/2015 1:50:33 PM)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
 
Decompressing & Updating Windows Permission File services.txt
Done,  0.65 seconds.
 
   Running Repair Under System Account
   Done (3/5/2015 1:55:07 PM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (3/5/2015 1:55:07 PM)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under System Account
   Done (3/5/2015 1:56:30 PM)
 
03 - Reset Service Permissions
   Start (3/5/2015 1:56:30 PM)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under System Account
   Done (3/5/2015 1:56:44 PM)
 
04 - Register System Files
   Start (3/5/2015 1:56:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/5/2015 1:57:22 PM)
 
05 - Repair WMI
   Start (3/5/2015 1:57:22 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   No Antivirus Products Reported.
 
   Exporting AntiSpyware Info...
   Ad-Aware Antivirus Exported.
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   Ad-Aware Firewall Exported.
 
   Running Repair Under Current User Account
   Done (3/5/2015 2:03:27 PM)
 
10 - Remove Policies Set By Infections
   Start (3/5/2015 2:03:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/5/2015 2:03:30 PM)
 
14 - Remove Temp Files
   Start (3/5/2015 2:03:30 PM)
   Running Repair Under System Account
   Done (3/5/2015 2:03:32 PM)
 
17 - Repair Windows Updates
   Start (3/5/2015 2:03:32 PM)
   Running Repair Under Current User Account
 
Decompressing & Updating Windows Permission File services.txt
Done,  0.16 seconds.
 
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (3/5/2015 2:05:04 PM)
 
21 - Repair MSI (Windows Installer)
   Start (3/5/2015 2:05:04 PM)
   Running Repair Under Current User Account
 
Decompressing & Updating Windows Permission File services.txt
Done,  0.16 seconds.
 
   Running Repair Under System Account
   Done (3/5/2015 2:05:20 PM)
 
26 - Restore Important Windows Services
   Start (3/5/2015 2:05:20 PM)
   Running Repair Under Current User Account
 
Decompressing & Updating Windows Permission File services.txt
Done,  0.16 seconds.
 
   Running Repair Under System Account
   Done (3/5/2015 2:05:31 PM)
 
27 - Set Windows Services To Default Startup
   Start (3/5/2015 2:05:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/5/2015 2:05:56 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (3/5/2015 2:05:56 PM)
   Total Repair Time: 00:15:32
 
 
...YOU MUST RESTART YOUR SYSTEM...


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 06 March 2015 - 08:31 AM

Restart the computer normally and run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxe:
  • List last 10 Event Viewer log
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 12 March 2015 - 12:46 PM

Are you still with me?

#15 Investmore

Investmore
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 16 March 2015 - 07:12 AM

Yes, sorry. I broke down and installed Windows 10 yesterday. Its up and running properly now. Thanks so much for all of your help!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users