Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warning: Your Flash Player May Be Out of Date


  • This topic is locked This topic is locked
12 replies to this topic

#1 cn_habs

cn_habs

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 20 February 2015 - 12:14 AM

Earlier tonight, something described below started appearing out of nowhere:

http://malwaretips.com/blogs/warning-your-flash-player-may-be-out-of-date-virus/

 

I ran NIS and Malwarebytes yet nothing was found and no new software can be seen from the list of new installations under control panel. This is the first malware that I got in years... Could I have gotten it from Voobly which I play game on or uTorrent? I never had issues with either software in the past.

 

As a result, I can barely browse anything online now so can anyone please help?

 

Thank you very much in advance.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Jason (administrator) on JASON-PC on 20-02-2015 00:11:05
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available profiles: Jason)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-06-20] (Lenovo Group Limited)
HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154112 2013-03-20] (troubadix)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.120.5.218 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\gib0smr9.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: questrade.com/QuestradeIQEdgeDetector -> C:\Program Files (x86)\Questrade IQ Edge\npQuestradeIQEdgeDetector.dll (Questrade Inc)
FF Extension: AdBlock for Firefox - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\gib0smr9.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-19]
FF Extension: Adblock Plus - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\gib0smr9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-19]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2015-02-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-12-16]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-06-20] (Lenovo Group Limited)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-16] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-19] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20150219.002\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel® Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20150219.003\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20150219.003\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [42224 2013-11-15] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 00:07 - 2015-02-20 00:11 - 00016707 _____ () C:\Users\Jason\Desktop\FRST.txt
2015-02-20 00:07 - 2015-02-20 00:01 - 02086912 _____ (Farbar) C:\Users\Jason\Desktop\FRST64.exe
2015-02-20 00:01 - 2015-02-20 00:11 - 00000000 ____D () C:\FRST
2015-02-20 00:01 - 2015-02-20 00:01 - 02086912 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2015-02-19 23:37 - 2015-02-19 23:37 - 00000552 _____ () C:\Windows\PFRO.log
2015-02-19 23:37 - 2015-02-19 23:37 - 00000056 _____ () C:\Windows\setupact.log
2015-02-19 23:37 - 2015-02-19 23:37 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-19 23:33 - 2015-02-19 23:40 - 00046135 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 23:30 - 2015-02-19 23:30 - 00000682 _____ () C:\Users\Jason\Documents\JRT.txt
2015-02-19 23:30 - 2015-02-19 23:30 - 00000682 _____ () C:\Users\Jason\Desktop\JRT.txt
2015-02-19 23:19 - 2015-02-19 23:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jason\Downloads\revosetup.exe
2015-02-19 23:19 - 2015-02-19 23:19 - 00001271 _____ () C:\Users\Jason\Desktop\Revo Uninstaller.lnk
2015-02-19 23:19 - 2015-02-19 23:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-19 23:17 - 2015-02-19 23:17 - 01388274 _____ (Thisisu) C:\Users\Jason\Downloads\JRT.exe
2015-02-19 23:16 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-19 23:16 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-19 23:16 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-19 23:15 - 2015-02-19 23:39 - 00000000 ____D () C:\Qoobox
2015-02-19 23:14 - 2015-02-19 23:38 - 00000000 ____D () C:\Windows\erdnt
2015-02-19 23:14 - 2015-02-19 23:14 - 05611903 ____R (Swearware) C:\Users\Jason\Downloads\ComboFix.exe
2015-02-19 22:55 - 2015-02-19 22:55 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Mozilla
2015-02-19 22:55 - 2015-02-19 22:55 - 00000000 ____D () C:\Users\Jason\AppData\Local\Mozilla
2015-02-19 22:54 - 2015-02-19 22:54 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-19 22:54 - 2015-02-19 22:54 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-19 22:54 - 2015-02-19 22:54 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-19 22:54 - 2015-02-19 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-19 22:54 - 2015-02-19 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-19 22:53 - 2015-02-19 22:53 - 00243440 _____ () C:\Users\Jason\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-19 20:40 - 2015-02-19 20:40 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Macromedia
2015-02-19 20:37 - 2015-02-19 20:37 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-19 20:37 - 2015-02-19 20:37 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-19 20:36 - 2015-02-19 20:40 - 00000000 ____D () C:\Users\Jason\AppData\Local\Adobe
2015-02-19 20:18 - 2015-02-19 20:18 - 00000000 _____ () C:\autoexec.bat
2015-02-19 20:17 - 2015-02-19 20:17 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-02-19 20:17 - 2015-02-19 20:17 - 00000000 ____D () C:\sh4ldr
2015-02-19 20:16 - 2015-02-19 20:16 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-19 20:16 - 2015-02-19 20:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-19 20:15 - 2015-02-19 20:15 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Jason\Downloads\SpyHunter-Installer.exe
2015-02-19 19:50 - 2015-02-19 20:11 - 00000000 ____D () C:\AdwCleaner
2015-02-19 19:19 - 2015-02-19 19:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jason\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 18:26 - 2015-02-17 18:26 - 05325208 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup502.exe
2015-02-15 23:47 - 2015-02-15 23:47 - 00865502 _____ () C:\Users\Jason\Downloads\ID 728761 Transcript & Completion Notice(s).zip
2015-02-15 15:31 - 2015-02-15 15:45 - 00000000 ____D () C:\Users\Jason\Downloads\Brotherhood of Blades [2014]WEBRip x264 AAC-ViCKY
2015-02-12 20:20 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 20:20 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:20 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 20:20 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 17:45 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 17:45 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 17:45 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 17:45 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 17:45 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 17:45 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 17:45 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 17:45 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 17:45 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 17:45 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 17:45 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 17:45 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 17:45 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 17:45 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 17:45 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 17:45 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 17:45 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 17:45 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 17:45 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 17:45 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 17:45 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 17:45 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 17:45 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 17:45 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 17:45 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 17:45 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 17:45 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 17:45 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 17:45 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 17:45 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 17:45 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 17:45 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 17:45 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 17:45 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 17:45 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 17:45 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 17:45 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 17:45 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 17:45 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 17:45 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 17:45 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 17:45 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 17:45 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 17:45 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 17:45 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 17:45 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 17:45 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 17:45 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 17:45 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 17:45 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 17:45 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 17:45 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 17:45 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 17:45 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 17:44 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 17:44 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 17:44 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 17:44 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 17:44 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 17:44 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 17:44 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 17:44 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 17:44 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 17:44 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 17:44 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 17:44 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 17:44 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 17:44 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 17:44 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 17:44 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 17:44 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 17:44 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 17:44 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 17:44 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 17:44 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 17:44 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 17:44 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 17:44 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 17:44 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 17:44 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 17:44 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 17:44 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 17:43 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 17:43 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 17:43 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 17:43 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 17:43 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 17:43 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 17:43 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 17:43 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 17:43 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 17:43 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-31 16:06 - 2015-01-31 16:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-31 16:06 - 2015-01-31 16:06 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-31 16:06 - 2015-01-31 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-31 16:06 - 2015-01-31 16:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-01-31 16:04 - 2015-02-11 23:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-31 16:04 - 2015-02-01 13:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-31 16:04 - 2015-01-31 16:04 - 00000000 ____D () C:\Users\Jason\AppData\Local\Microsoft Help
2015-01-31 16:04 - 2015-01-31 16:04 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-31 16:03 - 2015-01-31 16:03 - 00000000 ___RD () C:\MSOCache
2015-01-31 15:09 - 2015-01-31 15:09 - 00000000 __SHD () C:\Users\Jason\AppData\Local\EmieUserList
2015-01-31 15:09 - 2015-01-31 15:09 - 00000000 __SHD () C:\Users\Jason\AppData\Local\EmieSiteList
2015-01-31 15:09 - 2015-01-31 15:09 - 00000000 __SHD () C:\Users\Jason\AppData\Local\EmieBrowserModeList
2015-01-27 22:09 - 2015-01-27 22:09 - 00001668 _____ () C:\Users\Jason\Downloads\cibc transactions.csv
2015-01-23 19:29 - 2015-02-05 20:36 - 00000000 ____D () C:\Users\Jason\AppData\Local\CrashDumps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 00:06 - 2015-01-17 16:12 - 00000000 ____D () C:\Users\Jason\Downloads\VD
2015-02-20 00:06 - 2014-12-17 09:01 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\vlc
2015-02-19 23:44 - 2009-07-13 23:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-19 23:44 - 2009-07-13 23:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-19 23:41 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-19 23:39 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-02-19 23:37 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-19 23:37 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-19 23:31 - 2014-12-17 09:00 - 00000000 ___RD () C:\Users\Jason\Dropbox
2015-02-19 23:31 - 2014-12-17 08:57 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Dropbox
2015-02-19 22:59 - 2014-12-16 19:00 - 00000000 ____D () C:\Users\Public\Documents\Registry
2015-02-19 22:23 - 2014-12-16 18:50 - 00000000 ____D () C:\Program Files (x86)\Voobly
2015-02-19 22:23 - 2014-12-16 17:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 20:48 - 2014-12-16 17:45 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-19 20:46 - 2014-12-16 17:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Google
2015-02-19 19:40 - 2014-12-16 17:45 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2015-02-19 19:19 - 2014-12-16 17:56 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-19 19:19 - 2014-12-16 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-19 19:19 - 2014-12-16 17:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-19 00:09 - 2014-12-17 10:37 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Questrade
2015-02-19 00:09 - 2014-12-17 08:35 - 00000000 ____D () C:\Users\Jason\Documents\Questrade IQ Edge
2015-02-17 18:27 - 2014-12-16 17:56 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\uTorrent
2015-02-17 18:27 - 2014-12-16 17:46 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-17 18:26 - 2014-12-16 18:11 - 00002025 _____ () C:\Users\Jason\Desktop\FileHippo App Manager.lnk
2015-02-17 18:26 - 2014-12-16 17:45 - 00002055 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-02-13 22:28 - 2014-12-17 09:00 - 00001025 _____ () C:\Users\Jason\Desktop\Dropbox.lnk
2015-02-13 22:28 - 2014-12-17 09:00 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 07:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 07:32 - 2014-12-17 11:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 07:32 - 2014-12-17 11:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 07:32 - 2009-07-13 23:45 - 00346024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 07:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 23:03 - 2014-09-03 06:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 23:01 - 2014-12-17 09:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 22:58 - 2014-12-17 09:17 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 18:59 - 2014-12-30 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly
2015-02-03 11:02 - 2015-01-11 23:43 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Foxit Software
2015-02-01 13:13 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-01-31 16:56 - 2014-12-16 18:09 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-31 16:56 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2015-01-31 16:53 - 2014-12-16 17:40 - 00086936 _____ () C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 16:45 - 2014-09-02 17:18 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-31 16:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-31 16:04 - 2011-04-12 03:28 - 00000000 ____D () C:\Windows\ShellNew
2015-01-25 21:17 - 2014-12-16 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Questrade IQ Edge
2015-01-25 21:17 - 2014-12-16 17:47 - 00000000 ____D () C:\Program Files (x86)\Questrade IQ Edge
2015-01-25 19:09 - 2015-01-20 08:33 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 19:08 - 2015-01-20 08:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 19:08 - 2015-01-20 08:33 - 00000000 ____D () C:\Program Files (x86)\Java

==================== Files in the root of some directories =======

2014-12-17 09:53 - 2014-12-17 10:00 - 0021769 _____ () C:\Users\Jason\AppData\Local\WiDiSetupLog.20141217.095329.wdl
2014-09-03 06:25 - 2014-09-03 06:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 05:35

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 25 February 2015 - 12:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/567678 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 cn_habs

cn_habs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 25 February 2015 - 01:34 AM

Update: I may have managed to get rid of the popup for now by running adwcleaner on my parents' desktop where the infection may have first come from. My father did recall clicking on the popup the day before I realized something was wrong. 
I then ran adwcleaner on 2 other laptops(including mine) in the household with wifi switched off where several files were deleted upon reboot.
However, I do want to make sure everything is over so could you please still take a look at the the log of my laptop that was generated a couple of minutes ago?
Thanks a lot in advance.
By the way, I don't have the W7 DVD.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2015
Ran by Jason (administrator) on JASON-PC on 25-02-2015 01:25:10
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available profiles: Jason)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Dropbox, Inc.) C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-06-20] (Lenovo Group Limited)
HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154112 2013-03-20] (troubadix)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\...\Run: [GoogleChromeAutoLaunch_EBF55E2D20B0831DD9C62517F8BC1054] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.120.5.218 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\gib0smr9.default
FF DefaultSearchEngine: Google
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: questrade.com/QuestradeIQEdgeDetector -> C:\Program Files (x86)\Questrade IQ Edge\npQuestradeIQEdgeDetector.dll (Questrade Inc)
FF Extension: AdBlock for Firefox - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\gib0smr9.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-19]
FF Extension: Adblock Plus - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\gib0smr9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-19]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-304.ibm.com/shop/americas/webapp/wcs/stores/servlet/default/CategoryDisplay?categoryId=2576396&storeId=1083759332&catalogId=-124&langId=124
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN28785480661846727&ctid=CT3287822&SearchSource=48"
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-21]
CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-21]
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-21]
CHR Extension: (Adblock Plus) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-21]
CHR Extension: (Adblock for Youtube™) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-21]
CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-21]
CHR Extension: (Kaspersky Protection) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-21]
CHR Extension: (Google Sheets) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-21]
CHR Extension: (AdBlock) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-21]
CHR Extension: (Norton Identity Safe) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-21]
CHR Extension: (Adblock for Pirate Bay) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2015-02-21]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-21]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-02-21]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-02-21]
CHR Extension: (Outlook.com) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-02-21]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-21]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-12-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-06-20] (Lenovo Group Limited)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-19] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel® Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [47112 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [843448 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [42224 2013-11-15] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-25 01:25 - 2015-02-25 01:25 - 00000000 ____D () C:\Users\Jason\Desktop\FRST-OlderVersion
2015-02-24 23:21 - 2015-02-24 23:22 - 39144641 _____ () C:\Users\Jason\Downloads\person.of.interest.416.hdtv-lol.mp4.part2.rar
2015-02-24 23:20 - 2015-02-24 23:24 - 208666624 _____ () C:\Users\Jason\Downloads\person.of.interest.416.hdtv-lol.mp4.part1.rar
2015-02-23 23:30 - 2015-02-23 23:34 - 208666624 _____ () C:\Users\Jason\Downloads\better.call.saul.104.hdtv-lol.mp4.part1.rar
2015-02-23 23:30 - 2015-02-23 23:31 - 49310679 _____ () C:\Users\Jason\Downloads\better.call.saul.104.hdtv-lol.mp4.part2.rar
2015-02-23 00:24 - 2015-02-23 00:24 - 00044646 _____ () C:\Users\Jason\Downloads\PWL-2013-After-Tax-Return-Calculator-(downloadable).xlsx
2015-02-21 20:50 - 2015-02-21 20:56 - 208666624 _____ () C:\Users\Jason\Downloads\Vikings.S03E01.HDTV.x264-KILLERS.mp4.part2.rar
2015-02-21 20:49 - 2015-02-21 20:56 - 208666624 _____ () C:\Users\Jason\Downloads\Vikings.S03E01.HDTV.x264-KILLERS.mp4.part1.rar
2015-02-21 19:09 - 2015-02-24 23:18 - 00000448 _____ () C:\Windows\setupact.log
2015-02-21 19:09 - 2015-02-21 19:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-21 18:30 - 2015-02-21 18:30 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-21 18:30 - 2015-02-21 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-21 18:29 - 2015-02-25 00:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 18:29 - 2015-02-24 18:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 18:29 - 2015-02-21 18:29 - 00880208 _____ (Google Inc.) C:\Users\Jason\Downloads\ChromeSetup.exe
2015-02-21 18:29 - 2015-02-21 18:29 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-21 18:29 - 2015-02-21 18:29 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-21 18:02 - 2015-02-21 18:02 - 00000625 _____ () C:\Users\Jason\Desktop\JRT.txt
2015-02-21 17:56 - 2015-02-21 17:59 - 31203047 _____ () C:\Users\Jason\Downloads\Vikings.S03E01.HDTV.x264-KILLERS.mp4.part3.rar
2015-02-21 16:32 - 2015-02-21 16:32 - 05611903 _____ (Swearware) C:\Users\Jason\Downloads\ComboFix.exe
2015-02-21 16:24 - 2015-02-21 16:27 - 208666624 _____ () C:\Users\Jason\Downloads\blue.bloods.516.hdtv-lol.mp4.part1.rar
2015-02-21 14:08 - 2015-02-21 14:11 - 45328378 _____ () C:\Users\Jason\Downloads\blue.bloods.516.hdtv-lol.mp4.part2.rar
2015-02-21 13:58 - 2015-02-21 13:58 - 02126848 _____ () C:\Users\Jason\Downloads\adwcleaner_4.111.exe
2015-02-21 13:54 - 2015-02-21 13:59 - 134925790 _____ () C:\Users\Jason\Downloads\Banshee.S03E07.HDTV.x264-KILLERS.mp4.part3.rar
2015-02-21 13:43 - 2015-02-21 13:54 - 208666624 _____ () C:\Users\Jason\Downloads\Banshee.S03E07.HDTV.x264-KILLERS.mp4.part1.rar
2015-02-21 13:43 - 2015-02-21 13:49 - 208666624 _____ () C:\Users\Jason\Downloads\Banshee.S03E07.HDTV.x264-KILLERS.mp4.part2.rar
2015-02-21 13:43 - 2015-02-21 13:43 - 00002337 _____ () C:\Users\Jason\Desktop\Safe Money.lnk
2015-02-21 13:43 - 2015-02-21 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-21 13:43 - 2015-02-21 13:42 - 00002139 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-02-21 13:42 - 2015-02-25 00:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-21 13:42 - 2015-02-21 13:42 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-02-21 13:42 - 2015-02-21 13:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-21 13:42 - 2014-12-13 18:21 - 00843448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-21 13:42 - 2014-11-28 18:19 - 00151240 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-21 13:42 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-21 13:42 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-02-21 13:37 - 2015-02-21 13:42 - 196619584 _____ (Kaspersky Lab) C:\Users\Jason\Downloads\kis15.0.2.361en_7411.exe
2015-02-20 00:11 - 2015-02-20 00:11 - 00022211 _____ () C:\Users\Jason\Desktop\Addition.txt
2015-02-20 00:07 - 2015-02-25 01:25 - 02087424 _____ (Farbar) C:\Users\Jason\Desktop\FRST64.exe
2015-02-20 00:07 - 2015-02-25 01:25 - 00024021 _____ () C:\Users\Jason\Desktop\FRST.txt
2015-02-20 00:01 - 2015-02-25 01:25 - 00000000 ____D () C:\FRST
2015-02-20 00:01 - 2015-02-20 00:01 - 02086912 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2015-02-19 23:33 - 2015-02-24 22:18 - 00265765 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 23:30 - 2015-02-19 23:30 - 00000682 _____ () C:\Users\Jason\Documents\JRT.txt
2015-02-19 23:19 - 2015-02-19 23:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jason\Downloads\revosetup.exe
2015-02-19 23:19 - 2015-02-19 23:19 - 00001271 _____ () C:\Users\Jason\Desktop\Revo Uninstaller.lnk
2015-02-19 23:19 - 2015-02-19 23:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-19 23:17 - 2015-02-19 23:17 - 01388274 _____ (Thisisu) C:\Users\Jason\Downloads\JRT.exe
2015-02-19 23:16 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-19 23:16 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-19 23:16 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-19 23:15 - 2015-02-19 23:39 - 00000000 ____D () C:\Qoobox
2015-02-19 23:14 - 2015-02-19 23:38 - 00000000 ____D () C:\Windows\erdnt
2015-02-19 22:55 - 2015-02-19 22:55 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Mozilla
2015-02-19 22:55 - 2015-02-19 22:55 - 00000000 ____D () C:\Users\Jason\AppData\Local\Mozilla
2015-02-19 22:54 - 2015-02-21 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-19 22:54 - 2015-02-19 22:54 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-19 22:53 - 2015-02-19 22:53 - 00243440 _____ () C:\Users\Jason\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-19 20:40 - 2015-02-19 20:40 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Macromedia
2015-02-19 20:37 - 2015-02-19 20:37 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-19 20:37 - 2015-02-19 20:37 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-19 20:36 - 2015-02-19 20:40 - 00000000 ____D () C:\Users\Jason\AppData\Local\Adobe
2015-02-19 20:18 - 2015-02-19 20:18 - 00000000 _____ () C:\autoexec.bat
2015-02-19 20:17 - 2015-02-19 20:17 - 00000000 ____D () C:\sh4ldr
2015-02-19 20:16 - 2015-02-19 20:16 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-19 20:16 - 2015-02-19 20:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-19 19:50 - 2015-02-21 17:30 - 00000000 ____D () C:\AdwCleaner
2015-02-19 19:19 - 2015-02-19 19:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jason\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 18:26 - 2015-02-17 18:26 - 05325208 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup502.exe
2015-02-15 23:47 - 2015-02-15 23:47 - 00865502 _____ () C:\Users\Jason\Downloads\ID 728761 Transcript & Completion Notice(s).zip
2015-02-15 15:31 - 2015-02-15 15:45 - 00000000 ____D () C:\Users\Jason\Downloads\Brotherhood of Blades [2014]WEBRip x264 AAC-ViCKY
2015-02-12 20:20 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 20:20 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:20 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 20:20 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 17:45 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 17:45 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 17:45 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 17:45 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 17:45 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 17:45 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 17:45 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 17:45 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 17:45 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 17:45 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 17:45 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 17:45 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 17:45 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 17:45 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 17:45 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 17:45 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 17:45 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 17:45 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 17:45 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 17:45 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 17:45 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 17:45 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 17:45 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 17:45 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 17:45 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 17:45 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 17:45 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 17:45 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 17:45 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 17:45 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 17:45 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 17:45 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 17:45 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 17:45 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 17:45 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 17:45 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 17:45 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 17:45 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 17:45 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 17:45 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 17:45 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 17:45 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 17:45 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 17:45 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 17:45 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 17:45 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 17:45 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 17:45 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 17:45 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 17:45 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 17:45 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 17:45 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 17:45 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 17:45 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 17:44 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 17:44 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 17:44 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 17:44 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 17:44 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 17:44 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 17:44 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 17:44 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 17:44 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 17:44 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 17:44 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 17:44 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 17:44 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 17:44 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 17:44 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 17:44 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 17:44 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 17:44 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 17:44 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 17:44 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 17:44 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 17:44 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 17:44 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 17:44 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 17:44 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 17:44 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 17:44 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 17:44 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 17:43 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 17:43 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 17:43 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 17:43 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 17:43 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 17:43 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 17:43 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 17:43 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 17:43 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 17:43 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-31 16:06 - 2015-01-31 16:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-31 16:06 - 2015-01-31 16:06 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-31 16:06 - 2015-01-31 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-31 16:06 - 2015-01-31 16:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-01-31 16:04 - 2015-02-11 23:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-31 16:04 - 2015-02-01 13:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-31 16:04 - 2015-01-31 16:04 - 00000000 ____D () C:\Users\Jason\AppData\Local\Microsoft Help
2015-01-31 16:04 - 2015-01-31 16:04 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-31 16:03 - 2015-01-31 16:03 - 00000000 __RHD () C:\MSOCache
2015-01-31 15:09 - 2015-01-31 15:09 - 00000000 __SHD () C:\Users\Jason\AppData\Local\EmieUserList
2015-01-31 15:09 - 2015-01-31 15:09 - 00000000 __SHD () C:\Users\Jason\AppData\Local\EmieSiteList
2015-01-31 15:09 - 2015-01-31 15:09 - 00000000 __SHD () C:\Users\Jason\AppData\Local\EmieBrowserModeList
2015-01-27 22:09 - 2015-01-27 22:09 - 00001668 _____ () C:\Users\Jason\Downloads\cibc transactions.csv
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-25 00:14 - 2014-12-17 09:01 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\vlc
2015-02-24 20:12 - 2014-12-17 10:37 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Questrade
2015-02-24 20:12 - 2014-12-17 08:35 - 00000000 ____D () C:\Users\Jason\Documents\Questrade IQ Edge
2015-02-23 23:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-23 00:18 - 2009-07-13 23:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 00:18 - 2009-07-13 23:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 20:00 - 2015-01-17 16:12 - 00000000 ____D () C:\Users\Jason\Downloads\VD
2015-02-22 16:57 - 2014-12-16 18:50 - 00000000 ____D () C:\Program Files (x86)\Voobly
2015-02-22 15:50 - 2014-12-16 17:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 18:30 - 2014-12-16 17:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Google
2015-02-21 18:30 - 2014-12-16 17:45 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-21 17:59 - 2015-01-23 19:29 - 00000000 ____D () C:\Users\Jason\AppData\Local\CrashDumps
2015-02-21 16:32 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-21 16:20 - 2014-12-17 09:00 - 00000000 ___RD () C:\Users\Jason\Dropbox
2015-02-21 16:20 - 2014-12-17 08:57 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Dropbox
2015-02-21 16:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 14:57 - 2014-12-16 19:00 - 00000000 ____D () C:\Users\Public\Documents\Registry
2015-02-21 13:35 - 2014-12-16 17:46 - 00000000 ____D () C:\ProgramData\Norton
2015-02-19 23:39 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-02-19 23:37 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-19 19:40 - 2014-12-16 17:45 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2015-02-19 19:19 - 2014-12-16 17:56 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-19 19:19 - 2014-12-16 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-19 19:19 - 2014-12-16 17:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-17 18:27 - 2014-12-16 17:56 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\uTorrent
2015-02-17 18:27 - 2014-12-16 17:46 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-17 18:26 - 2014-12-16 18:11 - 00002025 _____ () C:\Users\Jason\Desktop\FileHippo App Manager.lnk
2015-02-17 18:26 - 2014-12-16 17:45 - 00002055 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-02-13 22:28 - 2014-12-17 09:00 - 00001025 _____ () C:\Users\Jason\Desktop\Dropbox.lnk
2015-02-13 22:28 - 2014-12-17 09:00 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 07:32 - 2014-12-17 11:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 07:32 - 2014-12-17 11:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 07:32 - 2009-07-13 23:45 - 00346024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 07:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 23:03 - 2014-09-03 06:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 23:01 - 2014-12-17 09:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 22:58 - 2014-12-17 09:17 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 18:59 - 2014-12-30 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly
2015-02-03 11:02 - 2015-01-11 23:43 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Foxit Software
2015-02-01 13:13 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-01-31 16:56 - 2014-12-16 18:09 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-31 16:56 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2015-01-31 16:53 - 2014-12-16 17:40 - 00086936 _____ () C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 16:45 - 2014-09-02 17:18 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-31 16:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-31 16:04 - 2011-04-12 03:28 - 00000000 ____D () C:\Windows\ShellNew
 
==================== Files in the root of some directories =======
 
2014-12-17 09:53 - 2014-12-17 10:00 - 0021769 _____ () C:\Users\Jason\AppData\Local\WiDiSetupLog.20141217.095329.wdl
2014-09-03 06:25 - 2014-09-03 06:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6nfuvp.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-23 23:48
 
==================== End Of Log ============================

Edited by cn_habs, 25 February 2015 - 01:37 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,877 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 AM

Posted 25 February 2015 - 09:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKU\S-1-5-21-250440067-3197768662-3254137653-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN28785480661846727&ctid=CT3287822&SearchSource=48"
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 cn_habs

cn_habs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 25 February 2015 - 09:37 PM

Thanks for the quick response. I followed the instructions but can no longer open Chrome upon reboot but everything else seems fine. Do I need to do something similar for the household desktop that my parents use too?

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Jason at 2015-02-25 21:30:55 Run:1
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available profiles: Jason)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

start

CloseProcesses:

HKU\S-1-5-21-250440067-3197768662-3254137653-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN28785480661846727&ctid=CT3287822&SearchSource=48"
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]]

End
*****************

Processes closed successfully.
"HKU\S-1-5-21-250440067-3197768662-3254137653-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
catchme => Service deleted successfully.
esgiguard => Service deleted successfully.
klkbdflt2 => Error deleting Service
usb3Hub => Service deleted successfully.

The system needed a reboot.

==== End of Fixlog 21:30:55 ====



#6 cn_habs

cn_habs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 25 February 2015 - 11:25 PM

So I had to uninstall and reinstall Chrome. Here's the new log if it changes anything. Thanks again.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Jason (administrator) on JASON-PC on 25-02-2015 23:22:50
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available profiles: Jason)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Dropbox, Inc.) C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [555736 2014-09-18] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-06-20] (Lenovo Group Limited)
HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154112 2013-03-20] (troubadix)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-250440067-3197768662-3254137653-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.120.5.218 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\gib0smr9.default
FF DefaultSearchEngine: Google
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: questrade.com/QuestradeIQEdgeDetector -> C:\Program Files (x86)\Questrade IQ Edge\npQuestradeIQEdgeDetector.dll (Questrade Inc)
FF Extension: AdBlock for Firefox - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\gib0smr9.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-19]
FF Extension: Adblock Plus - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\gib0smr9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-19]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-304.ibm.com/shop/americas/webapp/wcs/stores/servlet/default/CategoryDisplay?categoryId=2576396&storeId=1083759332&catalogId=-124&langId=124
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN28785480661846727&ctid=CT3287822&SearchSource=48"
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-25]
CHR Extension: (Adblock Plus) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-25]
CHR Extension: (Adblock for Youtube™) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-25]
CHR Extension: (AdBlock) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-25]
CHR Extension: (Norton Identity Safe) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-25]
CHR Extension: (Adblock for Pirate Bay) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2015-02-25]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-02-25]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-02-25]
CHR Extension: (Outlook.com) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-02-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-12-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-06-20] (Lenovo Group Limited)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-19] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel® Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [47112 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [843448 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [42224 2013-11-15] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-25 23:02 - 2015-02-25 23:08 - 208666624 _____ () C:\Users\Jason\Downloads\The.100.S02E14.HDTV.x264-KILLERS.mp4.part1.rar
2015-02-25 23:02 - 2015-02-25 23:07 - 147200369 _____ () C:\Users\Jason\Downloads\The.100.S02E14.HDTV.x264-KILLERS.mp4.part2.rar
2015-02-25 22:03 - 2015-02-25 22:05 - 00010915 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 22:03 - 2015-02-25 22:03 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-25 22:03 - 2015-02-25 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-25 21:23 - 2015-02-25 21:23 - 00852604 _____ () C:\Users\Jason\Downloads\SecurityCheck.exe
2015-02-25 21:04 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:04 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 01:25 - 2015-02-25 21:29 - 00000000 ____D () C:\Users\Jason\Desktop\FRST-OlderVersion
2015-02-24 23:21 - 2015-02-24 23:22 - 39144641 _____ () C:\Users\Jason\Downloads\person.of.interest.416.hdtv-lol.mp4.part2.rar
2015-02-24 23:20 - 2015-02-24 23:24 - 208666624 _____ () C:\Users\Jason\Downloads\person.of.interest.416.hdtv-lol.mp4.part1.rar
2015-02-23 23:30 - 2015-02-23 23:34 - 208666624 _____ () C:\Users\Jason\Downloads\better.call.saul.104.hdtv-lol.mp4.part1.rar
2015-02-23 23:30 - 2015-02-23 23:31 - 49310679 _____ () C:\Users\Jason\Downloads\better.call.saul.104.hdtv-lol.mp4.part2.rar
2015-02-23 00:24 - 2015-02-23 00:24 - 00044646 _____ () C:\Users\Jason\Downloads\PWL-2013-After-Tax-Return-Calculator-(downloadable).xlsx
2015-02-21 20:50 - 2015-02-21 20:56 - 208666624 _____ () C:\Users\Jason\Downloads\Vikings.S03E01.HDTV.x264-KILLERS.mp4.part2.rar
2015-02-21 20:49 - 2015-02-21 20:56 - 208666624 _____ () C:\Users\Jason\Downloads\Vikings.S03E01.HDTV.x264-KILLERS.mp4.part1.rar
2015-02-21 18:29 - 2015-02-25 22:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 18:29 - 2015-02-25 22:02 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 18:29 - 2015-02-21 18:29 - 00880208 _____ (Google Inc.) C:\Users\Jason\Downloads\ChromeSetup.exe
2015-02-21 18:29 - 2015-02-21 18:29 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-21 18:29 - 2015-02-21 18:29 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-21 18:02 - 2015-02-21 18:02 - 00000625 _____ () C:\Users\Jason\Desktop\JRT.txt
2015-02-21 17:56 - 2015-02-21 17:59 - 31203047 _____ () C:\Users\Jason\Downloads\Vikings.S03E01.HDTV.x264-KILLERS.mp4.part3.rar
2015-02-21 16:32 - 2015-02-21 16:32 - 05611903 _____ (Swearware) C:\Users\Jason\Downloads\ComboFix.exe
2015-02-21 16:24 - 2015-02-21 16:27 - 208666624 _____ () C:\Users\Jason\Downloads\blue.bloods.516.hdtv-lol.mp4.part1.rar
2015-02-21 14:08 - 2015-02-21 14:11 - 45328378 _____ () C:\Users\Jason\Downloads\blue.bloods.516.hdtv-lol.mp4.part2.rar
2015-02-21 13:58 - 2015-02-21 13:58 - 02126848 _____ () C:\Users\Jason\Downloads\adwcleaner_4.111.exe
2015-02-21 13:54 - 2015-02-21 13:59 - 134925790 _____ () C:\Users\Jason\Downloads\Banshee.S03E07.HDTV.x264-KILLERS.mp4.part3.rar
2015-02-21 13:43 - 2015-02-21 13:54 - 208666624 _____ () C:\Users\Jason\Downloads\Banshee.S03E07.HDTV.x264-KILLERS.mp4.part1.rar
2015-02-21 13:43 - 2015-02-21 13:49 - 208666624 _____ () C:\Users\Jason\Downloads\Banshee.S03E07.HDTV.x264-KILLERS.mp4.part2.rar
2015-02-21 13:43 - 2015-02-21 13:43 - 00002337 _____ () C:\Users\Jason\Desktop\Safe Money.lnk
2015-02-21 13:43 - 2015-02-21 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-21 13:43 - 2015-02-21 13:42 - 00002139 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-02-21 13:42 - 2015-02-25 22:02 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-21 13:42 - 2015-02-21 13:42 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-02-21 13:42 - 2015-02-21 13:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-21 13:42 - 2014-12-13 18:21 - 00843448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-21 13:42 - 2014-11-28 18:19 - 00151240 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-21 13:42 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-21 13:42 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-02-21 13:37 - 2015-02-21 13:42 - 196619584 _____ (Kaspersky Lab) C:\Users\Jason\Downloads\kis15.0.2.361en_7411.exe
2015-02-20 00:11 - 2015-02-20 00:11 - 00022211 _____ () C:\Users\Jason\Desktop\Addition.txt
2015-02-20 00:07 - 2015-02-25 23:22 - 00020549 _____ () C:\Users\Jason\Desktop\FRST.txt
2015-02-20 00:07 - 2015-02-25 21:29 - 02087936 _____ (Farbar) C:\Users\Jason\Desktop\FRST64.exe
2015-02-20 00:01 - 2015-02-25 23:22 - 00000000 ____D () C:\FRST
2015-02-20 00:01 - 2015-02-20 00:01 - 02086912 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2015-02-19 23:30 - 2015-02-19 23:30 - 00000682 _____ () C:\Users\Jason\Documents\JRT.txt
2015-02-19 23:19 - 2015-02-19 23:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jason\Downloads\revosetup.exe
2015-02-19 23:19 - 2015-02-19 23:19 - 00001271 _____ () C:\Users\Jason\Desktop\Revo Uninstaller.lnk
2015-02-19 23:19 - 2015-02-19 23:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-19 23:17 - 2015-02-19 23:17 - 01388274 _____ (Thisisu) C:\Users\Jason\Downloads\JRT.exe
2015-02-19 23:16 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-19 23:16 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-19 23:16 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-19 23:16 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-19 23:15 - 2015-02-19 23:39 - 00000000 ____D () C:\Qoobox
2015-02-19 23:14 - 2015-02-19 23:38 - 00000000 ____D () C:\Windows\erdnt
2015-02-19 22:55 - 2015-02-19 22:55 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Mozilla
2015-02-19 22:55 - 2015-02-19 22:55 - 00000000 ____D () C:\Users\Jason\AppData\Local\Mozilla
2015-02-19 22:54 - 2015-02-25 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-19 22:54 - 2015-02-19 22:54 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-19 22:53 - 2015-02-19 22:53 - 00243440 _____ () C:\Users\Jason\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-19 20:40 - 2015-02-19 20:40 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Macromedia
2015-02-19 20:37 - 2015-02-19 20:37 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-19 20:37 - 2015-02-19 20:37 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-19 20:36 - 2015-02-19 20:40 - 00000000 ____D () C:\Users\Jason\AppData\Local\Adobe
2015-02-19 20:18 - 2015-02-19 20:18 - 00000000 _____ () C:\autoexec.bat
2015-02-19 20:17 - 2015-02-19 20:17 - 00000000 ____D () C:\sh4ldr
2015-02-19 20:16 - 2015-02-19 20:16 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-19 20:16 - 2015-02-19 20:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-19 19:50 - 2015-02-21 17:30 - 00000000 ____D () C:\AdwCleaner
2015-02-19 19:19 - 2015-02-19 19:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jason\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 18:26 - 2015-02-17 18:26 - 05325208 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup502.exe
2015-02-15 23:47 - 2015-02-15 23:47 - 00865502 _____ () C:\Users\Jason\Downloads\ID 728761 Transcript & Completion Notice(s).zip
2015-02-15 15:31 - 2015-02-15 15:45 - 00000000 ____D () C:\Users\Jason\Downloads\Brotherhood of Blades [2014]WEBRip x264 AAC-ViCKY
2015-02-12 20:20 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 20:20 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:20 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 20:20 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 17:45 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 17:45 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 17:45 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 17:45 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 17:45 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 17:45 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 17:45 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 17:45 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 17:45 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 17:45 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 17:45 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 17:45 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 17:45 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 17:45 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 17:45 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 17:45 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 17:45 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 17:45 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 17:45 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 17:45 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 17:45 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 17:45 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 17:45 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 17:45 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 17:45 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 17:45 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 17:45 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 17:45 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 17:45 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 17:45 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 17:45 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 17:45 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 17:45 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 17:45 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 17:45 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 17:45 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 17:45 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 17:45 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 17:45 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 17:45 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 17:45 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 17:45 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 17:45 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 17:45 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 17:45 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 17:45 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 17:45 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 17:45 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 17:45 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 17:45 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 17:45 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 17:45 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 17:45 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 17:45 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 17:45 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 17:45 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 17:45 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 17:44 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 17:44 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 17:44 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 17:44 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 17:44 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 17:44 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 17:44 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 17:44 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 17:44 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 17:44 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 17:44 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 17:44 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 17:44 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 17:44 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 17:44 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 17:44 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 17:44 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 17:44 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 17:44 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 17:44 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 17:44 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 17:44 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 17:44 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 17:44 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 17:44 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 17:44 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 17:44 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 17:44 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 17:43 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 17:43 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 17:43 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 17:43 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 17:43 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 17:43 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 17:43 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 17:43 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 17:43 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 17:43 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-31 16:06 - 2015-01-31 16:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-31 16:06 - 2015-01-31 16:06 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-31 16:06 - 2015-01-31 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-31 16:06 - 2015-01-31 16:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-01-31 16:04 - 2015-02-11 23:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-31 16:04 - 2015-02-01 13:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-31 16:04 - 2015-01-31 16:04 - 00000000 ____D () C:\Users\Jason\AppData\Local\Microsoft Help
2015-01-31 16:04 - 2015-01-31 16:04 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-31 16:03 - 2015-01-31 16:03 - 00000000 __RHD () C:\MSOCache
2015-01-31 15:09 - 2015-01-31 15:09 - 00000000 __SHD () C:\Users\Jason\AppData\Local\EmieUserList
2015-01-31 15:09 - 2015-01-31 15:09 - 00000000 __SHD () C:\Users\Jason\AppData\Local\EmieSiteList
2015-01-31 15:09 - 2015-01-31 15:09 - 00000000 __SHD () C:\Users\Jason\AppData\Local\EmieBrowserModeList
2015-01-27 22:09 - 2015-01-27 22:09 - 00001668 _____ () C:\Users\Jason\Downloads\cibc transactions.csv
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-25 23:22 - 2014-12-17 09:01 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\vlc
2015-02-25 23:06 - 2014-12-16 17:56 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\uTorrent
2015-02-25 22:08 - 2009-07-13 23:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 22:08 - 2009-07-13 23:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 22:07 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 22:02 - 2015-01-23 19:29 - 00000000 ____D () C:\Users\Jason\AppData\Local\CrashDumps
2015-02-25 22:02 - 2014-12-17 09:00 - 00000000 ___RD () C:\Users\Jason\Dropbox
2015-02-25 22:02 - 2014-12-17 08:57 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Dropbox
2015-02-25 22:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 20:12 - 2014-12-17 10:37 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Questrade
2015-02-24 20:12 - 2014-12-17 08:35 - 00000000 ____D () C:\Users\Jason\Documents\Questrade IQ Edge
2015-02-23 23:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-22 20:00 - 2015-01-17 16:12 - 00000000 ____D () C:\Users\Jason\Downloads\VD
2015-02-22 16:57 - 2014-12-16 18:50 - 00000000 ____D () C:\Program Files (x86)\Voobly
2015-02-22 15:50 - 2014-12-16 17:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 18:30 - 2014-12-16 17:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Google
2015-02-21 18:30 - 2014-12-16 17:45 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-21 14:57 - 2014-12-16 19:00 - 00000000 ____D () C:\Users\Public\Documents\Registry
2015-02-21 13:35 - 2014-12-16 17:46 - 00000000 ____D () C:\ProgramData\Norton
2015-02-19 23:39 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-02-19 23:37 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-19 19:40 - 2014-12-16 17:45 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2015-02-19 19:19 - 2014-12-16 17:56 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-19 19:19 - 2014-12-16 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-19 19:19 - 2014-12-16 17:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-17 18:27 - 2014-12-16 17:46 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-17 18:26 - 2014-12-16 18:11 - 00002025 _____ () C:\Users\Jason\Desktop\FileHippo App Manager.lnk
2015-02-17 18:26 - 2014-12-16 17:45 - 00002055 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-02-13 22:28 - 2014-12-17 09:00 - 00001025 _____ () C:\Users\Jason\Desktop\Dropbox.lnk
2015-02-13 22:28 - 2014-12-17 09:00 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 07:32 - 2014-12-17 11:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 07:32 - 2014-12-17 11:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 07:32 - 2009-07-13 23:45 - 00346024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 07:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 23:03 - 2014-09-03 06:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 23:01 - 2014-12-17 09:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 22:58 - 2014-12-17 09:17 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 18:59 - 2014-12-30 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly
2015-02-03 11:02 - 2015-01-11 23:43 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Foxit Software
2015-02-01 13:13 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-01-31 16:56 - 2014-12-16 18:09 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2015-01-31 16:56 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2015-01-31 16:53 - 2014-12-16 17:40 - 00086936 _____ () C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 16:45 - 2014-09-02 17:18 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-31 16:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-31 16:04 - 2011-04-12 03:28 - 00000000 ____D () C:\Windows\ShellNew
 
==================== Files in the root of some directories =======
 
2014-12-17 09:53 - 2014-12-17 10:00 - 0021769 _____ () C:\Users\Jason\AppData\Local\WiDiSetupLog.20141217.095329.wdl
2014-09-03 06:25 - 2014-09-03 06:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppsm0di.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-23 23:48
 
==================== End Of Log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,877 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 AM

Posted 26 February 2015 - 08:58 AM



Do I need to do something similar for the household desktop that my parents use too?
Start a new topic for that computer.
Rung the Farbar and the AdwCleaner tools.
Post the logs.

Let me have the URL so that I can expedite the reply.
===


Fis these items again.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN28785480661846727&ctid=CT3287822&SearchSource=48"
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

#8 cn_habs

cn_habs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 27 February 2015 - 12:32 AM

I followed the instructions again but Chrome is no longer working or I simply can't open it. Is there any solution? Thanks again.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Jason at 2015-02-27 00:28:28 Run:2
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available profiles: Jason)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN28785480661846727&ctid=CT3287822&SearchSource=48"
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

End
*****************

Processes closed successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Chrome StartupUrls deleted successfully.
klkbdflt2 => Error deleting Service

The system needed a reboot.

==== End of Fixlog 00:28:29 ====



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,877 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 AM

Posted 27 February 2015 - 08:50 AM

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Reinstall Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is it now?

#10 cn_habs

cn_habs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 27 February 2015 - 07:12 PM

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Reinstall Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is it now?

 

Before I do that, my laptop should be clean now correct?

Is it possible that another computer within the home network got my laptop to be infected to begin with? What's the security software you'd recommend? I had NIS and Malwarebytes Premium which both failed me big time. Thanks.


Edited by cn_habs, 27 February 2015 - 07:13 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,877 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 AM

Posted 28 February 2015 - 09:57 AM

I had NIS and Malwarebytes Premium which both failed me big time.

Both are good and must be kept up to date.

Your problem can with PUP (Potentially Unwanted Program) installed without your consent.
These programs are set when you install free programs.
When you accept to install these programs add restrictions to the registry that allows the installation bypassing NiS etc.

When installing new programs it's advisable to run MBAM and AdwCleaner to clean anything that may have been installed without your consent.

===

Before I do that, my laptop should be clean now correct?
Reinstall Chrome and after a restart let me know if you still have issues.

#12 cn_habs

cn_habs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 02 March 2015 - 06:59 PM

 

I had NIS and Malwarebytes Premium which both failed me big time.

Both are good and must be kept up to date.

Your problem can with PUP (Potentially Unwanted Program) installed without your consent.
These programs are set when you install free programs.
When you accept to install these programs add restrictions to the registry that allows the installation bypassing NiS etc.

When installing new programs it's advisable to run MBAM and AdwCleaner to clean anything that may have been installed without your consent.

===

Before I do that, my laptop should be clean now correct?
Reinstall Chrome and after a restart let me know if you still have issues.

 

 

Cool thanks a lot. I very much appreciate all your help.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,877 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 AM

Posted 08 March 2015 - 09:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users